Skip to content

Commit 92cc05b

Browse files
committed
ci: use renovate Github Action tag version pinning
Renovate supports use hashed version pinning for individual Github actions while still following SemVer-based tags. All workflow actions external to the Angular organization now leverage this support to ensure both that stable versions of the actions are used and that the actions are pinned to a hashed version of the tag.
1 parent de14293 commit 92cc05b

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

.github/workflows/dev-infra.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
labels:
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/checkout@v2
15+
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
1616
- uses: angular/dev-infra/github-actions/commit-message-based-labels@5b35e20aeb147b713c31ba5c269cf2128c746d46
1717
with:
1818
angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }}

.github/workflows/scorecard.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,12 +23,12 @@ jobs:
2323

2424
steps:
2525
- name: 'Checkout code'
26-
uses: actions/checkout@230611dbd0eb52da1e1f4f7bc8bb0c3a339fc8b7
26+
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
2727
with:
2828
persist-credentials: false
2929

3030
- name: 'Run analysis'
31-
uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1
31+
uses: ossf/scorecard-action@b614d455ee90608b5e36e3299cd50d457eb37d5f # renovate: tag=v1.0.3
3232
with:
3333
results_file: results.sarif
3434
results_format: sarif
@@ -37,14 +37,14 @@ jobs:
3737

3838
# Upload the results as artifacts.
3939
- name: 'Upload artifact'
40-
uses: actions/upload-artifact@2244c8200304ec9588bf9399eac622d9fadc28c4
40+
uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # renovate: tag=v2.3.1
4141
with:
4242
name: SARIF file
4343
path: results.sarif
4444
retention-days: 5
4545

4646
# Upload the results to GitHub's code scanning dashboard.
4747
- name: 'Upload to code-scanning'
48-
uses: github/codeql-action/upload-sarif@ef024e702cce6eafa15d4cdf8b22536ed02bcd55
48+
uses: github/codeql-action/upload-sarif@474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 # renovate: tag=v1.1.0
4949
with:
5050
sarif_file: results.sarif

0 commit comments

Comments
 (0)