Skip to content

Commit 5367c56

Browse files
Pin third party actions to commit SHA (#415)
Co-authored-by: Marco von Raumer <marco.von.raumer@digitecgalaxus.ch>
1 parent 37e947a commit 5367c56

File tree

8 files changed

+55
-42
lines changed

8 files changed

+55
-42
lines changed

.github/workflows/autofix.yml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,23 +14,25 @@ jobs:
1414
runs-on: ubuntu-latest
1515
steps:
1616
- name: Checkout
17-
uses: actions/checkout@v3
17+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
1818

1919
- name: Install Node.js
20-
uses: actions/setup-node@v3
20+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
2121
with:
2222
node-version: 22
2323

2424
- name: Install Rust
25-
uses: dtolnay/rust-toolchain@stable
25+
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # master
2626
with:
27+
toolchain: stable
2728
targets: wasm32-wasip1
29+
components: clippy, rustfmt
2830
- name: Enable caching
29-
uses: Swatinem/rust-cache@v2
31+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
3032
with:
3133
workspaces: packages/yak-swc
3234

33-
- uses: pnpm/action-setup@v4
35+
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
3436
name: Install pnpm
3537
with:
3638
version: 10.15.0
@@ -41,7 +43,7 @@ jobs:
4143
run: |
4244
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
4345
44-
- uses: actions/cache@v3
46+
- uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3
4547
name: Setup pnpm cache
4648
with:
4749
path: ${{ env.STORE_PATH }}

.github/workflows/changeset.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,17 +14,17 @@ jobs:
1414
runs-on: ubuntu-latest
1515
steps:
1616
- name: Checkout code
17-
uses: actions/checkout@v3
17+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
1818
with:
1919
fetch-depth: 0
2020

2121
- name: Setup Node.js
22-
uses: actions/setup-node@v3
22+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
2323
with:
2424
node-version: 22
2525

2626
- name: Install pnpm
27-
uses: pnpm/action-setup@v4
27+
uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
2828
with:
2929
version: 10.15.0
3030
run_install: true

.github/workflows/codspeed.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,26 +25,28 @@ jobs:
2525
runs-on: ubuntu-latest
2626
steps:
2727
- name: Checkout
28-
uses: actions/checkout@v3
28+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
2929

3030
- name: Install Node.js
31-
uses: actions/setup-node@v3
31+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
3232
with:
3333
node-version: 22
3434

35-
- uses: pnpm/action-setup@v4
35+
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
3636
name: Install pnpm
3737
with:
3838
version: 10.15.0
3939
run_install: false
4040

4141
- name: Install Rust
42-
uses: dtolnay/rust-toolchain@stable
42+
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # master
4343
with:
44+
toolchain: stable
4445
targets: wasm32-wasip1
46+
components: clippy, rustfmt
4547

4648
- name: Enable caching
47-
uses: Swatinem/rust-cache@v2
49+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
4850
with:
4951
workspaces: packages/yak-swc
5052

@@ -57,7 +59,7 @@ jobs:
5759
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
5860
5961
- name: Setup pnpm cache
60-
uses: actions/cache@v3
62+
uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3
6163
with:
6264
path: ${{ env.STORE_PATH }}
6365
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
@@ -74,7 +76,7 @@ jobs:
7476
run: cd packages/benchmarks && pnpm run codspeed
7577

7678
- name: Run benchmarks
77-
uses: CodSpeedHQ/action@v3
79+
uses: CodSpeedHQ/action@76578c2a7ddd928664caa737f0e962e3085d4e7c # v3
7880
with:
7981
working-directory: "packages/benchmarks"
8082
run: NODE_ENV=production node --enable-source-maps ./codspeed/dist/index.bench.mjs

.github/workflows/docs.yml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -30,18 +30,18 @@ jobs:
3030
PR_NUMBER: ${{ github.event.inputs.pr_number }}
3131
steps:
3232
- name: Checkout
33-
uses: actions/checkout@v3
33+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
3434
with:
3535
ref: ${{ github.event.inputs.pr_number && format('refs/pull/{0}/head', github.event.inputs.pr_number) || github.ref }}
3636

3737
- name: Install pnpm
38-
uses: pnpm/action-setup@v4
38+
uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
3939
with:
4040
version: 10.15.0
4141
run_install: false
4242

4343
- name: Install Node.js
44-
uses: actions/setup-node@v3
44+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
4545
with:
4646
node-version: 22
4747
cache: "pnpm"
@@ -50,15 +50,17 @@ jobs:
5050
run: pnpm install
5151

5252
- name: Install Rust
53-
uses: dtolnay/rust-toolchain@stable
53+
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # master
5454
with:
55+
toolchain: stable
5556
targets: wasm32-wasip1
57+
components: clippy, rustfmt
5658

5759
- name: Install wasm-pack
5860
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
5961

6062
- name: Enable caching
61-
uses: Swatinem/rust-cache@v2
63+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
6264
with:
6365
workspaces: packages/yak-swc
6466

.github/workflows/example.yml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,18 +33,18 @@ jobs:
3333

3434
steps:
3535
- name: Checkout
36-
uses: actions/checkout@v3
36+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
3737
with:
3838
ref: ${{ github.event.inputs.pr_number && format('refs/pull/{0}/head', github.event.inputs.pr_number) || github.ref }}
3939

40-
- uses: pnpm/action-setup@v4
40+
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
4141
name: Install pnpm
4242
with:
4343
version: 10.15.0
4444
run_install: false
4545

4646
- name: Install Node.js
47-
uses: actions/setup-node@v3
47+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
4848
with:
4949
node-version: 22
5050
cache: "pnpm"
@@ -59,12 +59,14 @@ jobs:
5959
run: pnpm --filter next-yak-example lint
6060

6161
- name: Install Rust
62-
uses: dtolnay/rust-toolchain@stable
62+
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # master
6363
with:
64+
toolchain: stable
6465
targets: wasm32-wasip1
66+
components: clippy, rustfmt
6567

6668
- name: Enable caching
67-
uses: Swatinem/rust-cache@v2
69+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
6870
with:
6971
workspaces: packages/yak-swc
7072

.github/workflows/release.yml

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -18,27 +18,29 @@ jobs:
1818
runs-on: ubuntu-latest
1919
steps:
2020
- name: Checkout code
21-
uses: actions/checkout@v3
21+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
2222
with:
2323
fetch-depth: 0
2424

2525
- name: Install Node.js
26-
uses: actions/setup-node@v3
26+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
2727
with:
2828
node-version: 22
2929

30-
- uses: pnpm/action-setup@v4
30+
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
3131
name: Install pnpm
3232
with:
3333
version: 10.15.0
3434
run_install: false
3535

3636
- name: Install Rust
37-
uses: dtolnay/rust-toolchain@stable
37+
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # master
3838
with:
39+
toolchain: stable
3940
targets: wasm32-wasip1
41+
components: clippy, rustfmt
4042
- name: Enable caching
41-
uses: Swatinem/rust-cache@v2
43+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
4244
with:
4345
workspaces: packages/yak-swc
4446

@@ -47,7 +49,7 @@ jobs:
4749
run: |
4850
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
4951
50-
- uses: actions/cache@v3
52+
- uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3
5153
name: Setup pnpm cache
5254
with:
5355
path: ${{ env.STORE_PATH }}
@@ -60,7 +62,7 @@ jobs:
6062

6163
- name: Create Release Pull Request or Publish to npm
6264
id: changesets
63-
uses: changesets/action@v1
65+
uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1
6466
with:
6567
publish: pnpm release
6668
title: Release new version

.github/workflows/swc.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,14 @@ jobs:
1818
runs-on: ubuntu-latest
1919
steps:
2020
- name: Checkout sources
21-
uses: actions/checkout@v4
21+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
2222
- name: Install stable toolchain
23-
uses: dtolnay/rust-toolchain@stable
23+
uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 # master
24+
with:
25+
toolchain: stable
26+
components: clippy, rustfmt
2427
- name: Enable caching
25-
uses: Swatinem/rust-cache@v2
28+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
2629
with:
2730
workspaces: packages/yak-swc
2831
- name: Run cargo check

.github/workflows/tests.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -26,29 +26,29 @@ jobs:
2626

2727
steps:
2828
- name: Checkout
29-
uses: actions/checkout@v3
29+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
3030

3131
- name: Install Node.js
32-
uses: actions/setup-node@v3
32+
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
3333
with:
3434
node-version: 22
3535

36-
- uses: pnpm/action-setup@v4
36+
- uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4
3737
name: Install pnpm
3838
with:
3939
version: 10.15.0
4040
run_install: false
4141

4242
- name: Install Rust
43-
uses: actions-rs/toolchain@v1
43+
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1
4444
with:
4545
toolchain: stable
4646
profile: minimal
4747
override: true
4848
- name: Add wasm32-wasip1 target
4949
run: rustup target add wasm32-wasip1
5050
- name: Enable caching
51-
uses: Swatinem/rust-cache@v2
51+
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
5252
with:
5353
workspaces: packages/yak-swc
5454
- name: Build with SWC
@@ -59,7 +59,7 @@ jobs:
5959
run: |
6060
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
6161
62-
- uses: actions/cache@v3
62+
- uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3
6363
name: Setup pnpm cache
6464
with:
6565
path: ${{ env.STORE_PATH }}

0 commit comments

Comments
 (0)