diff --git a/.github/workflows/check-eol-newrelease.yml b/.github/workflows/check-eol-newrelease.yml index e7db3b67..eaf0b325 100644 --- a/.github/workflows/check-eol-newrelease.yml +++ b/.github/workflows/check-eol-newrelease.yml @@ -15,10 +15,10 @@ jobs: if: github.repository == 'line/line-bot-sdk-php' steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run EoL & NewRelease check - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const checkEolAndNewReleases = require('.github/scripts/check-eol-newrelease.cjs'); diff --git a/.github/workflows/close-issue.yml b/.github/workflows/close-issue.yml index 97dd36c8..121ece08 100644 --- a/.github/workflows/close-issue.yml +++ b/.github/workflows/close-issue.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write if: github.repository == 'line/line-bot-sdk-php' steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: days-before-issue-stale: 14 days-before-issue-close: 0 diff --git a/.github/workflows/generate-code.yml b/.github/workflows/generate-code.yml index 566126fd..b525dbc0 100644 --- a/.github/workflows/generate-code.yml +++ b/.github/workflows/generate-code.yml @@ -17,22 +17,22 @@ jobs: pull-requests: write steps: # Setup - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive - name: Update submodules run: git submodule update --remote --recursive - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 id: setup_node_id with: node-version: 18 - - uses: shivammathur/setup-php@v2 + - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0 with: php-version: 8.2 # Install openapi-generator-cli - run: echo "OPENAPI_GENERATOR_VERSION=7.11.0" >> $GITHUB_ENV - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 id: openapi-generator-cache env: cache-name: openapi-generator-cache diff --git a/.github/workflows/php-checks.yml b/.github/workflows/php-checks.yml index 641ccf99..0b86676d 100644 --- a/.github/workflows/php-checks.yml +++ b/.github/workflows/php-checks.yml @@ -27,17 +27,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive - name: Set up PHP ${{ matrix.php }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # 2.32.0 with: php-version: ${{ matrix.php }} - name: Install openapi-generator-cli run: echo "OPENAPI_GENERATOR_VERSION=7.11.0" >> $GITHUB_ENV - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 id: openapi-generator-cache env: cache-name: openapi-generator-cache @@ -62,7 +62,7 @@ jobs: run: | echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ${{ steps.composer-cache.outputs.dir }} key: ${{ runner.os }}-php-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }} @@ -70,7 +70,7 @@ jobs: ${{ runner.os }}-php-${{ matrix.php }}- - name: Install dependencies with Composer - uses: ramsey/composer-install@v2 + uses: ramsey/composer-install@a2636af0004d1c0499ffca16ac0b4cc94df70565 # 3.1.0 - name: Check copyrights if: matrix.analysis @@ -91,3 +91,14 @@ jobs: - name: Run unit tests if: matrix.analysis run: ./vendor/bin/phpunit --test-suffix=Test.php --testdox + + pinact: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Run pinact + uses: suzuki-shunsuke/pinact-action@a6896d13d22e2bf108a78b0c52d3f867c1f41b34 # v0.2.1 + with: + skip_push: "true" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4827ee0d..186a8a19 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,16 +25,16 @@ jobs: issues: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 with: path: 'docs' - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 - name: Create GitHub Issue on Failure if: failure() diff --git a/line-openapi b/line-openapi index cc542e3c..86780cb9 160000 --- a/line-openapi +++ b/line-openapi @@ -1 +1 @@ -Subproject commit cc542e3cf99e2f0be68507ef5d5fde47d9fae5f9 +Subproject commit 86780cb9695b5098879e6019a2d3a9a28148da12 diff --git a/renovate.json5 b/renovate.json5 index eeaf62a1..61d1b50b 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -2,6 +2,7 @@ $schema: 'https://docs.renovatebot.com/renovate-schema.json', extends: [ 'config:recommended', + 'helpers:pinGitHubActionDigestsToSemver' ], timezone: 'Asia/Tokyo', ignorePaths: [