Skip to content

Pin dependencies #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
renovate merged 1 commit into from
Jul 8, 2025
Merged

Pin dependencies #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/ai-assistance.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
if: github.actor != 'ospo-renovate[bot]'
runs-on: [ubuntu-latest]
steps:
- uses: SAP/ai-assisted-github-actions/pr-summary@v3
- uses: SAP/ai-assisted-github-actions/pr-summary@8b4e4ef555450551045d43896ef25396ed387c4a # v3
Copy link

@github-actions github-actions bot Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider using specific semantic version tags instead of commit hashes for dependencies like pr-summary and pr-review. This makes the code more readable and allows developers to easily understand which version is being used, improving maintainability and auditability. Use version tags like v3 here unless there are critical reasons to pin to a specific commit.

- uses: SAP/ai-assisted-github-actions/pr-summary@v3 
- uses: SAP/ai-assisted-github-actions/pr-review@v3

with:
aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
model: gpt-4o
Expand All @@ -22,7 +22,7 @@ jobs:
if: github.actor != 'ospo-renovate[bot]'
runs-on: [ubuntu-latest]
steps:
- uses: SAP/ai-assisted-github-actions/pr-review@v3
- uses: SAP/ai-assisted-github-actions/pr-review@8b4e4ef555450551045d43896ef25396ed387c4a # v3
with:
aicore-service-key: ${{ secrets.AICORE_SERVICE_KEY }}
model: gpt-4o
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-cleanup.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
name: Clean up
runs-on: [ubuntu-latest]
steps:
- uses: actions/github-script@v7
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
Copy link

@github-actions github-actions bot Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to other action updates, replace commit hash with a semantic version to increase the readability and maintainability of the workflow file.

- uses: actions/github-script@v7

with:
script: |
github.rest.git.deleteRef({
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
if: ${{ !startsWith(github.head_ref || github.ref_name, 'release/') }}
steps:
- name: Checkout source branch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
Copy link

@github-actions github-actions bot Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's cleaner to use a semantic version tag in actions/checkout and actions/setup-node instead of specific commit hashes. This approach improves readability and helps in understanding the versioning seamlessly.

- uses: actions/checkout@v4
- uses: actions/setup-node@v4

with:
ref: ${{ env.SOURCE_BRANCH }}
path: source-folder
Expand All @@ -28,7 +28,7 @@ jobs:
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"

- name: Setup Node (PR Summary)
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version-file: source-folder/pr-summary/.node-version
cache: npm
Expand All @@ -41,7 +41,7 @@ jobs:
npm prune --omit=dev

- name: Setup Node (PR Review)
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version-file: source-folder/pr-review/.node-version
cache: npm
Expand All @@ -64,7 +64,7 @@ jobs:
fi

- name: Checkout release branch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ env.RELEASE_BRANCH }}
path: release-folder
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
if: ${{ github.ref_name != 'main' }}
steps:
- name: Checkout release branch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ env.RELEASE_BRANCH }}
- name: Run the AI-assisted action (PR Summary)
Expand All @@ -122,7 +122,7 @@ jobs:
if: ${{ github.ref_name == 'main' }}
steps:
- name: Checkout release branch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ env.RELEASE_BRANCH }}
- name: Create tags for new version
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/code-quality.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ jobs:
path: [pr-summary, pr-review]
steps:
- name: Checkout source branch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
Copy link

@github-actions github-actions bot Jul 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the specific commit hash with a semantic version tag for both actions/checkout and actions/setup-node. Using tagged versions instead of commit hashes makes it easier for developers to understand the codebase, manage upgrades, and solve issues related to specific versions.

- uses: actions/checkout@v4
- uses: actions/setup-node@v4

- name: Setup Node
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 18
cache: npm
Expand All @@ -41,9 +41,9 @@ jobs:
path: [pr-summary, pr-review]
steps:
- name: Checkout source branch
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Node
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 18
cache: npm
Expand Down