DX-516: Pin actions to SHA

scraswell · scraswell · commit 9f39d00c1de5 · 2025-04-01T18:25:51.000-03:00
diff --git a/.github/workflows/build-sample-apps.yml b/.github/workflows/build-sample-apps.yml
@@ -21,15 +21,15 @@ jobs:
       comment-id: ${{ steps.create-comment.outputs.comment-id }}
     steps:
       - name: Find Comment
-        uses: peter-evans/find-comment@v3
+        uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
         id: existing-comment
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
           body-includes: <!-- sample app builds -->
 
       - name: Create or update comment
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
         id: create-comment
         with:
           comment-id: ${{ steps.existing-comment.outputs.comment-id }}
diff --git a/.github/workflows/deploy-sdk.yml b/.github/workflows/deploy-sdk.yml
@@ -22,7 +22,7 @@ jobs:
       - uses: actions/checkout@v4
       # If using sd on macos, "brew install" works great. for Linux, this is the recommended way.
       - name: Install sd CLI to use later in the workflow
-        uses: kenji-miyake/setup-sd@v2
+        uses: kenji-miyake/setup-sd@08c14e27d65a1c215342ef00c81583ae67f4c5ef # v2.0.0
 
       # Setup Android SDK as it's needed to generate the SDK size report.
       - name: Setup Android SDK
@@ -48,7 +48,7 @@ jobs:
       # 2. Updates metadata files. Such as updating the version number in package.json and adding entries to CHANGELOG.md file.
       # 3. Create git tag and push it to github.
       - name: Deploy git tag via semantic-release
-        uses: cycjimmy/semantic-release-action@v4
+        uses: cycjimmy/semantic-release-action@0a51e81a6baff2acad3ee88f4121c589c73d0f0e # v4.2.0
         id: semantic-release
         with:
           dry_run: false
@@ -62,7 +62,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Notify team of git tag being created
-        uses: slackapi/slack-github-action@v2.0.0
+        uses: slackapi/slack-github-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CC4B:17C27B:F88E98:1EEBC0A:67EC59D1 and timestamp 2025-04-01 21:25:37 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2.0.0
         if: steps.semantic-release.outputs.new_release_published == 'true' # only run if a git tag was made.
         with:
           webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }}
@@ -101,15 +101,15 @@ jobs:
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
 
       - name: Send Velocity Deployment
-        uses: codeclimate/velocity-deploy-action@v1.0.0
+        uses: codeclimate/velocity-deploy-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CC60:2AEB7E:F728B1:1ECAC7B:67EC59D2 and timestamp 2025-04-01 21:25:38 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v1.0.0
         if: steps.semantic-release.outputs.new_release_published == 'true' # only run if a git tag was made.
         with:
           token: ${{ secrets.VELOCITY_DEPLOYMENT_TOKEN }}
           version: ${{ steps.semantic-release.outputs.new_release_version }}
           environment: production
 
       - name: Notify team of failure
-        uses: slackapi/slack-github-action@v2.0.0
+        uses: slackapi/slack-github-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CC76:1659EB:F5CC21:1E97DB0:67EC59D3 and timestamp 2025-04-01 21:25:39 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2.0.0
         if: ${{ failure() }} # only run this if any previous step failed
         with:
           webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }}
@@ -169,7 +169,7 @@ jobs:
           SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }}
 
       - name: Notify team of successful deployment
-        uses: slackapi/slack-github-action@v2.0.0
+        uses: slackapi/slack-github-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CC8C:10531D:FD1F18:1F81642:67EC59D3 and timestamp 2025-04-01 21:25:39 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2.0.0
         if: ${{ success() }}
         with:
           webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }}
@@ -208,7 +208,7 @@ jobs:
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
 
       - name: Notify team of failure
-        uses: slackapi/slack-github-action@v2.0.0
+        uses: slackapi/slack-github-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CC9F:26D8FF:1567712:2A97B53:67EC59D4 and timestamp 2025-04-01 21:25:40 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2.0.0
         if: ${{ failure() }} # only run this if any previous step failed
         with:
           webhook: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -17,7 +17,7 @@ jobs:
       run: ./gradlew :${{ matrix.module }}:lintDebug
 
     - name: Parse lint results (${{ matrix.module }})
-      uses: yutailang0119/action-android-lint@v4.0.0
+      uses: yutailang0119/action-android-lint@bd0b5a7d2cc453d16080b90e2a975d4af4aa9588 # v4.0.0
       with:
         report-path: ${{ matrix.module }}/build/reports/lint-results-debug.xml
       if: ${{ always() }} # if running tests fails, we still want to parse the test results 
diff --git a/.github/workflows/manual-deployment.yml b/.github/workflows/manual-deployment.yml
@@ -36,7 +36,7 @@ jobs:
           SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }}
 
       - name: Notify team of successful deployment
-        uses: slackapi/slack-github-action@v2.0.0
+        uses: slackapi/slack-github-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD7A:259E16:14D4764:297C1B8:67EC59DE and timestamp 2025-04-01 21:25:50 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2.0.0
         if: ${{ success() }}
         with:
           payload: |
@@ -69,7 +69,7 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFY_RELEASES_WEBHOOK_URL }}
           SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
       - name: Notify team of failure
-        uses: slackapi/slack-github-action@v2.0.0
+        uses: slackapi/slack-github-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD7E:C5F06:15885CD:2ADC028:67EC59DE and timestamp 2025-04-01 21:25:50 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2.0.0
         if: ${{ failure() }}
         with:
           payload: |
diff --git a/.github/workflows/pr-helper.yml b/.github/workflows/pr-helper.yml
@@ -10,4 +10,4 @@ jobs:
     permissions:
       pull-requests: write # to comment on PRs
     steps:    
-    - uses: levibostian/action-conventional-pr-linter@v4
+    - uses: levibostian/action-conventional-pr-linter@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD83:17C27B:F8BD1F:1EF18FC:67EC59DF and timestamp 2025-04-01 21:25:51 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v4
diff --git a/.github/workflows/reusable_build_sample_apps.yml b/.github/workflows/reusable_build_sample_apps.yml
@@ -80,10 +80,10 @@ jobs:
       # CLI to replace strings in files. The CLI recommends using `cargo install` which is slow. This Action is fast because it downloads pre-built binaries.
       # If using sd on macos, "brew install" works great. for Linux, this is the recommended way.
       - name: Install sd CLI to use later in the workflow
-        uses: kenji-miyake/setup-sd@v2
+        uses: kenji-miyake/setup-sd@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD59:163AE4:14B5D7E:2944614:67EC59DB and timestamp 2025-04-01 21:25:47 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2
 
       - name: Install tools from Gemfile (ruby language) used for building our apps with
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD61:C5F06:1587B6E:2ADAC07:67EC59DB and timestamp 2025-04-01 21:25:47 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v1
         with:
           ruby-version: '3.0'
           bundler-cache: true # cache tools to make builds faster in future
@@ -137,7 +137,7 @@ jobs:
 
       - name: Deploy build via Fastlane
         if: ${{ ! (inputs.use_latest_sdk_version == true && matrix.sample-app == 'kotlin_compose') }}
-        uses: maierj/fastlane-action@v3.1.0
+        uses: maierj/fastlane-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD68:1F2304:1066136:20A3749:67EC59DC and timestamp 2025-04-01 21:25:48 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v3.1.0
         with:
           lane: ${{ inputs.use_latest_sdk_version == true && 'android build_sample_app_for_sdk_release' || 'android build' }}
           subdirectory: "samples/${{ matrix.sample-app }}"
@@ -176,7 +176,7 @@ jobs:
 
       - name: Update sample builds PR comment with build information
         if: ${{ github.event_name == 'pull_request' }}
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD6E:163AE4:14B6307:29450EF:67EC59DC and timestamp 2025-04-01 21:25:49 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v4
         with:
           comment-id: ${{ needs.update-pr-comment.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}
@@ -187,7 +187,7 @@ jobs:
 
       - name: Update sample builds PR comment with build failure message
         if: ${{ failure() }}
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD74:1DDD0E:14CC374:296AB57:67EC59DD and timestamp 2025-04-01 21:25:49 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v4
         with:
           comment-id: ${{ needs.update-pr-comment.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}
diff --git a/.github/workflows/sdk-binary-size.yml b/.github/workflows/sdk-binary-size.yml
@@ -49,15 +49,15 @@ jobs:
           IS_DEVELOPMENT: 'true'
 
       - name: Find old comment to update comment for
-        uses: peter-evans/find-comment@v3
+        uses: peter-evans/find-comment@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD44:1659EB:F5E221:1E9A95F:67EC59DA and timestamp 2025-04-01 21:25:46 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v3
         id: find-previous-comment
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
           body-includes: SDK Binary Size Comparison
 
       - name: Add or Update PR Comment with SDK Size Comparison Report
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD50:296AAC:15A7601:2B134EA:67EC59DA and timestamp 2025-04-01 21:25:46 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v4
         with:
           comment-id: ${{ steps.find-previous-comment.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}
diff --git a/.github/workflows/snapshot-release.yml b/.github/workflows/snapshot-release.yml
@@ -37,15 +37,15 @@ jobs:
           SNAPSHOT: true
 
       - name: Find old comment to update comment for
-        uses: peter-evans/find-comment@v3
+        uses: peter-evans/find-comment@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CCB3:22D562:FE6269:1FA02AE:67EC59D4 and timestamp 2025-04-01 21:25:40 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v3
         id: find-previous-comment
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
           body-includes: Build available to test
 
       - name: Inform pull request on build of SDK available to test 
-        uses: peter-evans/create-or-update-comment@v4
+        uses: peter-evans/create-or-update-comment@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CCC0:23B698:14D94F0:2986010:67EC59D5 and timestamp 2025-04-01 21:25:41 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v4
         with:
           comment-id: ${{ steps.find-previous-comment.outputs.comment-id }}
           issue-number: ${{ github.event.pull_request.number }}
@@ -103,10 +103,10 @@ jobs:
 
       # If using sd on macos, "brew install" works great. for Linux, this is the recommended way.
       - name: Install sd CLI to use later in the workflow
-        uses: kenji-miyake/setup-sd@v2
+        uses: kenji-miyake/setup-sd@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CCD1:244897:146D15D:28B38B7:67EC59D6 and timestamp 2025-04-01 21:25:42 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2
 
       - name: Install tools from Gemfile (ruby language) used for building our apps with
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CCE3:1F34F1:1524D90:2A170A1:67EC59D6 and timestamp 2025-04-01 21:25:42 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v1
         with:
           ruby-version: '3.0'
           bundler-cache: true
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -17,15 +17,15 @@ jobs:
       - name: Run unit tests (${{ matrix.module }})
         run: ./gradlew :${{ matrix.module }}:runJacocoTestReport
       - name: Upload code coverage report
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CCF6:1F34F1:152500D:2A1753E:67EC59D7 and timestamp 2025-04-01 21:25:43 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v5
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_UPLOAD_TOKEN }}
         with:
           fail_ci_if_error: true
           verbose: true
           files: ./${{ matrix.module }}/build/reports/jacoco/test/jacocoTestReport.xml,./${{ matrix.module }}/build/reports/jacoco/runJacocoTestReport/runJacocoTestReport.xml
       - name: Publish test results (${{ matrix.module }})
-        uses: mikepenz/action-junit-report@v5
+        uses: mikepenz/action-junit-report@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD08:2AEB7E:F73A74:1ECCFD3:67EC59D7 and timestamp 2025-04-01 21:25:43 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v5
         with:
           report_paths: '**/build/test-results/test*/TEST-*.xml'
           fail_on_failure: true
@@ -71,7 +71,7 @@ jobs:
       # Create AVD and generate snapshot for caching
       - name: Create AVD and generate snapshot
         if: steps.avd-cache.outputs.cache-hit != 'true'
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD18:13B624:15BDC03:2B46C87:67EC59D8 and timestamp 2025-04-01 21:25:44 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2
         with:
           api-level: ${{ matrix.api-level }}
           arch: x86_64
@@ -84,7 +84,7 @@ jobs:
 
       # Run the actual tests
       - name: Run instrumentation tests
-        uses: reactivecircus/android-emulator-runner@v2
+        uses: reactivecircus/android-emulator-runner@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD27:10531D:FD31E8:1F83C17:67EC59D9 and timestamp 2025-04-01 21:25:45 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v2
         with:
           api-level: ${{ matrix.api-level }}
           arch: x86_64
@@ -97,7 +97,7 @@ jobs:
           script: ./gradlew :samples:${{ matrix.sample }}:connectedDebugAndroidTest --no-daemon --stacktrace -PuseKsp=true
 
       - name: Publish test results
-        uses: mikepenz/action-junit-report@v5
+        uses: mikepenz/action-junit-report@{"message":"API rate limit exceeded for user ID 5253417. If you reach out to GitHub Support for help, please include the request ID CD37:23B698:14DA241:2987ADA:67EC59D9 and timestamp 2025-04-01 21:25:45 UTC.","documentation_url":"https://docs.github.com/rest/overview/rate-limits-for-the-rest-api","status":"403"} # v5
         if: always()
         with:
           report_paths: 'samples/${{ matrix.sample }}/build/outputs/androidTest-results/connected/TEST-*.xml'
