Skip to content

Commit 7604bf9

Browse files
nashifnashif
committed
ci: pin more actions across various workflows
Pin actions to a specific sha to avoid supply chain attacks. Signed-off-by: Anas Nashif <[email protected]>
1 parent 5aaf347 commit 7604bf9

File tree

3 files changed

+6
-6
lines changed

3 files changed

+6
-6
lines changed

.github/workflows/doc-publish-pr.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
3333
- name: Check PR number
3434
id: check-pr
35-
uses: carpentries/actions/[email protected]
35+
uses: carpentries/actions/check-valid-pr@e27aa6c531dadd357d2aa4c9a21e90849e23e963 # v0.14.0
3636
with:
3737
pr: ${{ env.PR_NUM }}
3838
sha: ${{ github.event.workflow_run.head_sha }}
@@ -51,7 +51,7 @@ jobs:
5151
fi
5252
5353
- name: Configure AWS Credentials
54-
uses: aws-actions/configure-aws-credentials@v4
54+
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
5555
with:
5656
aws-access-key-id: ${{ vars.AWS_BUILDS_ZEPHYR_PR_ACCESS_KEY_ID }}
5757
aws-secret-access-key: ${{ secrets.AWS_BUILDS_ZEPHYR_PR_SECRET_ACCESS_KEY }}

.github/workflows/doc-publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737
fi
3838
3939
- name: Configure AWS Credentials
40-
uses: aws-actions/configure-aws-credentials@v4
40+
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
4141
with:
4242
aws-access-key-id: ${{ vars.AWS_DOCS_ACCESS_KEY_ID }}
4343
aws-secret-access-key: ${{ secrets.AWS_DOCS_SECRET_ACCESS_KEY }}

.github/workflows/release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
echo "TRIMMED_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
2222
2323
- name: REUSE Compliance Check
24-
uses: fsfe/reuse-action@v1
24+
uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0
2525
with:
2626
args: spdx -o zephyr-${{ steps.get_version.outputs.VERSION }}.spdx
2727

@@ -38,7 +38,7 @@ jobs:
3838
3939
- name: Create Release
4040
id: create_release
41-
uses: actions/create-release@v1
41+
uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
4242
env:
4343
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4444
with:
@@ -50,7 +50,7 @@ jobs:
5050

5151
- name: Upload Release Assets
5252
id: upload-release-asset
53-
uses: actions/upload-release-asset@v1
53+
uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
5454
env:
5555
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5656
with:

0 commit comments

Comments
 (0)