From 9ae6e02e94ecebbd4f5980a240a4e499b7aedfa5 Mon Sep 17 00:00:00 2001 From: Ulises Gascon Date: Tue, 9 Sep 2025 21:24:27 +0200 Subject: [PATCH] feat: pin dependencies in workflows --- .github/workflows/npm_release.yml | 30 +++++++++++++++--------------- .github/workflows/pull_request.yml | 22 +++++++++++----------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/.github/workflows/npm_release.yml b/.github/workflows/npm_release.yml index 43a4c76b7..8bd69df09 100644 --- a/.github/workflows/npm_release.yml +++ b/.github/workflows/npm_release.yml @@ -21,21 +21,21 @@ jobs: npm_version: ${{ steps.npm_version_output.outputs.NPM_VERSION }} npm_tag: ${{ steps.npm_version_output.outputs.NPM_TAG }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 submodules: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 22 registry-url: "https://registry.npmjs.org" - - uses: actions/setup-java@v3 + - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1 with: distribution: "temurin" java-version: "21" cache: gradle - name: Setup Android SDK - uses: android-actions/setup-android@v2 + uses: android-actions/setup-android@7c5672355aaa8fde5f97a91aa9a99616d1ace6bc # v2.0.10 - name: Homebrew dependencies run: | brew install wget @@ -73,12 +73,12 @@ jobs: - name: Build npm package run: ./gradlew -PgitCommitVersion=${{ github.sha }} -PnoCCache --stacktrace - name: Upload npm package artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: npm-package path: dist/nativescript-android-${{steps.npm_version_output.outputs.NPM_VERSION}}.tgz - name: Upload debug symbols - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: debug-symbols path: test-app/runtime/build/intermediates/merged_native_libs/release/mergeReleaseNativeLibs/out/lib/* @@ -88,20 +88,20 @@ jobs: runs-on: macos-13 needs: build steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: submodules: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 22 registry-url: "https://registry.npmjs.org" - - uses: actions/setup-java@v3 + - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1 with: distribution: "temurin" java-version: "21" cache: gradle - name: Setup Android SDK - uses: android-actions/setup-android@v2 + uses: android-actions/setup-android@7c5672355aaa8fde5f97a91aa9a99616d1ace6bc # v2.0.10 - name: Homebrew dependencies run: | brew install wget @@ -123,7 +123,7 @@ jobs: - name: SBG tests run: ./gradlew runSbgTests --stacktrace - name: Run unit tests - uses: ReactiveCircus/android-emulator-runner@v2 + uses: ReactiveCircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # v2.34.0 with: api-level: ${{env.ANDROID_API}} # this is needed on API 30+ @@ -142,7 +142,7 @@ jobs: NPM_VERSION: ${{needs.build.outputs.npm_version}} NPM_TAG: ${{needs.build.outputs.npm_tag}} steps: - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 22 registry-url: "https://registry.npmjs.org" @@ -168,10 +168,10 @@ jobs: env: NPM_VERSION: ${{needs.build.outputs.npm_version}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 22 - name: Setup @@ -189,7 +189,7 @@ jobs: run: zip -r debug-symbols.zip . - name: Partial Changelog run: npx conventional-changelog -p angular -r2 > body.md - - uses: ncipollo/release-action@v1 + - uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0 with: artifacts: "dist/nativescript-android-*.tgz,dist/debug-symbols/debug-symbols.zip" bodyFile: "body.md" diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index de0f75728..e0da1ca9d 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -18,21 +18,21 @@ jobs: npm_version: ${{ steps.npm_version_output.outputs.NPM_VERSION }} npm_tag: ${{ steps.npm_version_output.outputs.NPM_TAG }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 submodules: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 22 registry-url: "https://registry.npmjs.org" - - uses: actions/setup-java@v3 + - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1 with: distribution: "temurin" java-version: "21" cache: gradle - name: Setup Android SDK - uses: android-actions/setup-android@v2 + uses: android-actions/setup-android@7c5672355aaa8fde5f97a91aa9a99616d1ace6bc # v2.0.10 - name: Homebrew dependencies run: | brew install wget @@ -70,12 +70,12 @@ jobs: - name: Build npm package run: ./gradlew -PgitCommitVersion=${{ github.sha }} -PnoCCache --stacktrace - name: Upload npm package artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: npm-package path: dist/nativescript-android-${{steps.npm_version_output.outputs.NPM_VERSION}}.tgz - name: Upload debug symbols - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: debug-symbols path: test-app/runtime/build/intermediates/merged_native_libs/release/mergeReleaseNativeLibs/out/lib/* @@ -84,20 +84,20 @@ jobs: runs-on: macos-13 needs: build steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: submodules: true - - uses: actions/setup-node@v3 + - uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: 22 registry-url: "https://registry.npmjs.org" - - uses: actions/setup-java@v3 + - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1 with: distribution: "temurin" java-version: "21" cache: gradle - name: Setup Android SDK - uses: android-actions/setup-android@v2 + uses: android-actions/setup-android@7c5672355aaa8fde5f97a91aa9a99616d1ace6bc # v2.0.10 - name: Homebrew dependencies run: | brew install wget @@ -119,7 +119,7 @@ jobs: - name: SBG tests run: ./gradlew runSbgTests --stacktrace - name: Run unit tests - uses: ReactiveCircus/android-emulator-runner@v2 + uses: ReactiveCircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # v2.34.0 with: api-level: ${{env.ANDROID_API}} # this is needed on API 30+