From 3ddf215d5006fa4a5132f31b2493a740127357de Mon Sep 17 00:00:00 2001 From: Thomas Leplus Date: Sun, 31 Mar 2024 22:55:10 -0600 Subject: [PATCH] Pinning actions to a full length commit SHA --- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/linter.yml | 4 ++-- .github/workflows/osv-scanner.yml | 4 ++-- .github/workflows/scorecards.yml | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 39fd5b1..e3496e7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,6 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d419474..0dfa155 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -49,7 +49,7 @@ jobs: # Checkout the code base # ########################## - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: # Full git history is needed to get a proper list of changed # files within `super-linter` @@ -59,7 +59,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: github/super-linter@v5 + uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0 env: VALIDATE_ALL_CODEBASE: true DEFAULT_BRANCH: main diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml index fc327e8..65e6b24 100644 --- a/.github/workflows/osv-scanner.yml +++ b/.github/workflows/osv-scanner.yml @@ -15,9 +15,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: 'stable' check-latest: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2112f90..da9bd59 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,22 +32,22 @@ jobs: id-token: write steps: - name: "Checkout code" - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@v2 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v3 # v3 with: sarif_file: results.sarif