Skip to content

Commit c95b962

Browse files
paulbalandanpaulbalandan
committed
chore: pin workflow actions to immutable SHAs
1 parent aa1852c commit c95b962

20 files changed

+78
-78
lines changed

.github/workflows/deploy-apidocs.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,21 +29,21 @@ jobs:
2929
git config --global user.name "${GITHUB_ACTOR}"
3030
3131
- name: Checkout source
32-
uses: actions/checkout@v6
32+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3333
with:
3434
path: source
3535
persist-credentials: false
3636

3737
- name: Checkout target
38-
uses: actions/checkout@v6
38+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3939
with:
4040
repository: codeigniter4/api
4141
token: ${{ secrets.ACCESS_TOKEN }}
4242
path: api
4343
persist-credentials: false
4444

4545
- name: Setup PHP
46-
uses: shivammathur/setup-php@v2
46+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
4747
with:
4848
php-version: '8.2'
4949
tools: phive

.github/workflows/deploy-distributables.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616

1717
steps:
1818
- name: Checkout
19-
uses: actions/checkout@v6
19+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020
with:
2121
fetch-depth: 0 # fetch all tags
2222
persist-credentials: false
@@ -50,13 +50,13 @@ jobs:
5050
git config --global user.name "${GITHUB_ACTOR}"
5151
5252
- name: Checkout source
53-
uses: actions/checkout@v6
53+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5454
with:
5555
path: source
5656
persist-credentials: false
5757

5858
- name: Checkout target
59-
uses: actions/checkout@v6
59+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6060
with:
6161
repository: codeigniter4/framework
6262
token: ${{ secrets.ACCESS_TOKEN }}
@@ -72,7 +72,7 @@ jobs:
7272
run: ./source/.github/scripts/deploy-framework ${GITHUB_WORKSPACE}/source ${GITHUB_WORKSPACE}/framework ${GITHUB_REF##*/}
7373

7474
- name: Release
75-
uses: actions/github-script@v8
75+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
7676
with:
7777
github-token: ${{secrets.ACCESS_TOKEN}}
7878
script: |
@@ -104,13 +104,13 @@ jobs:
104104
git config --global user.name "${GITHUB_ACTOR}"
105105
106106
- name: Checkout source
107-
uses: actions/checkout@v6
107+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
108108
with:
109109
path: source
110110
persist-credentials: false
111111

112112
- name: Checkout target
113-
uses: actions/checkout@v6
113+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
114114
with:
115115
repository: codeigniter4/appstarter
116116
token: ${{ secrets.ACCESS_TOKEN }}
@@ -126,7 +126,7 @@ jobs:
126126
run: ./source/.github/scripts/deploy-appstarter ${GITHUB_WORKSPACE}/source ${GITHUB_WORKSPACE}/appstarter ${GITHUB_REF##*/}
127127

128128
- name: Release
129-
uses: actions/github-script@v8
129+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
130130
with:
131131
github-token: ${{secrets.ACCESS_TOKEN}}
132132
script: |
@@ -158,21 +158,21 @@ jobs:
158158
git config --global user.name "${GITHUB_ACTOR}"
159159
160160
- name: Checkout source
161-
uses: actions/checkout@v6
161+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
162162
with:
163163
path: source
164164
persist-credentials: false
165165

166166
- name: Checkout target
167-
uses: actions/checkout@v6
167+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
168168
with:
169169
repository: codeigniter4/userguide
170170
token: ${{ secrets.ACCESS_TOKEN }}
171171
path: userguide
172172
persist-credentials: false
173173

174174
- name: Setup Python
175-
uses: actions/setup-python@v6
175+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
176176
with:
177177
python-version: '3.12'
178178

@@ -190,7 +190,7 @@ jobs:
190190
run: ./source/.github/scripts/deploy-userguide ${GITHUB_WORKSPACE}/source ${GITHUB_WORKSPACE}/userguide ${GITHUB_REF##*/}
191191

192192
- name: Release
193-
uses: actions/github-script@v8
193+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
194194
with:
195195
github-token: ${{secrets.ACCESS_TOKEN}}
196196
script: |

.github/workflows/deploy-userguide-latest.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,18 +25,18 @@ jobs:
2525
runs-on: ubuntu-24.04
2626
steps:
2727
- name: Checkout
28-
uses: actions/checkout@v6
28+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2929
with:
3030
persist-credentials: false
3131

3232
- name: Setup PHP
33-
uses: shivammathur/setup-php@v2
33+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
3434
with:
3535
php-version: '8.2'
3636
coverage: none
3737

3838
- name: Setup Python
39-
uses: actions/setup-python@v6
39+
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
4040
with:
4141
python-version: '3.12'
4242

@@ -59,7 +59,7 @@ jobs:
5959
6060
# Create an artifact of the html output
6161
- name: Upload artifact
62-
uses: actions/upload-artifact@v7
62+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
6363
with:
6464
name: HTML Documentation
6565
path: user_guide_src/build/html/

.github/workflows/label-add-conflict-all-pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
runs-on: ubuntu-24.04
1818
steps:
1919
- name: Checkout
20-
uses: actions/checkout@v6
20+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121

2222
- name: Get PR List
2323
id: PR-list

.github/workflows/label-signing.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,10 @@ jobs:
1919
runs-on: ubuntu-24.04
2020
steps:
2121
- name: Checkout
22-
uses: actions/checkout@v6
22+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2323

2424
- name: Check signed commits in PR
25-
uses: 1Password/check-signed-commits-action@v1
25+
uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1.2.0
2626
with:
2727
comment: |
2828
You must GPG-sign your work, certifying that you either wrote the work or otherwise have the right to pass it on to an open-source project. See Developer's Certificate of Origin. See [signing][1].

.github/workflows/reusable-coveralls.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,25 +18,25 @@ jobs:
1818
steps:
1919
- name: Checkout base branch for PR
2020
if: github.event_name == 'pull_request'
21-
uses: actions/checkout@v6
21+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222
with:
2323
ref: ${{ github.base_ref }}
2424
persist-credentials: false
2525

2626
- name: Checkout
27-
uses: actions/checkout@v6
27+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2828
with:
2929
persist-credentials: false
3030

3131
- name: Setup PHP
32-
uses: shivammathur/setup-php@v2
32+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
3333
with:
3434
php-version: ${{ inputs.php-version }}
3535
tools: composer
3636
coverage: xdebug
3737

3838
- name: Download coverage files
39-
uses: actions/download-artifact@v8
39+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
4040
with:
4141
path: build/cov
4242

@@ -50,7 +50,7 @@ jobs:
5050
echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
5151
5252
- name: Cache dependencies
53-
uses: actions/cache@v5
53+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
5454
with:
5555
path: ${{ steps.composer-cache.outputs.COMPOSER_CACHE_FILES_DIR }}
5656
key: ${{ github.job }}-php-${{ inputs.php-version }}-${{ hashFiles('**/composer.*') }}
@@ -59,7 +59,7 @@ jobs:
5959
${{ github.job }}-
6060
6161
- name: Cache PHPUnit's static analysis cache
62-
uses: actions/cache@v5
62+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
6363
with:
6464
path: build/.phpunit.cache/code-coverage
6565
key: phpunit-code-coverage-${{ hashFiles('**/phpunit.*') }}

.github/workflows/reusable-phpunit-test.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -172,18 +172,18 @@ jobs:
172172
173173
- name: Checkout base branch for PR
174174
if: github.event_name == 'pull_request'
175-
uses: actions/checkout@v6
175+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
176176
with:
177177
ref: ${{ github.base_ref }}
178178
persist-credentials: false
179179

180180
- name: Checkout
181-
uses: actions/checkout@v6
181+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
182182
with:
183183
persist-credentials: false
184184

185185
- name: Setup PHP
186-
uses: shivammathur/setup-php@v2
186+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
187187
with:
188188
php-version: ${{ inputs.php-version }}
189189
tools: composer
@@ -200,7 +200,7 @@ jobs:
200200
echo "ARTIFACT_NAME=${{ inputs.job-id || github.job }}-php-${{ inputs.php-version }}-db-${{ inputs.db-platform || 'none' }}${{ inputs.mysql-version || '' }}" >> $GITHUB_OUTPUT
201201
202202
- name: Cache dependencies
203-
uses: actions/cache@v5
203+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
204204
with:
205205
path: ${{ steps.setup-env.outputs.COMPOSER_CACHE_FILES_DIR }}
206206
key: ${{ inputs.job-id || github.job }}-php-${{ inputs.php-version }}-db-${{ inputs.db-platform || 'none' }}-${{ hashFiles('**/composer.*') }}
@@ -211,7 +211,7 @@ jobs:
211211
212212
- name: Cache PHPUnit's static analysis cache
213213
if: ${{ inputs.enable-artifact-upload }}
214-
uses: actions/cache@v5
214+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
215215
with:
216216
path: build/.phpunit.cache/code-coverage
217217
key: phpunit-code-coverage-${{ hashFiles('**/phpunit.*') }}
@@ -241,7 +241,7 @@ jobs:
241241

242242
- name: Upload coverage results as artifact
243243
if: ${{ inputs.enable-artifact-upload }}
244-
uses: actions/upload-artifact@v7
244+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
245245
with:
246246
name: ${{ steps.setup-env.outputs.ARTIFACT_NAME }}
247247
path: build/cov/coverage-${{ steps.setup-env.outputs.ARTIFACT_NAME }}.cov

.github/workflows/reusable-serviceless-phpunit-test.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -67,18 +67,18 @@ jobs:
6767
6868
- name: Checkout base branch for PR
6969
if: github.event_name == 'pull_request'
70-
uses: actions/checkout@v6
70+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7171
with:
7272
ref: ${{ github.base_ref }}
7373
persist-credentials: false
7474

7575
- name: Checkout
76-
uses: actions/checkout@v6
76+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7777
with:
7878
persist-credentials: false
7979

8080
- name: Setup PHP
81-
uses: shivammathur/setup-php@v2
81+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
8282
with:
8383
php-version: ${{ inputs.php-version }}
8484
tools: composer
@@ -95,7 +95,7 @@ jobs:
9595
echo "ARTIFACT_NAME=${{ inputs.job-id || github.job }}-php-${{ inputs.php-version }}" >> $GITHUB_OUTPUT
9696
9797
- name: Cache Composer dependencies
98-
uses: actions/cache@v5
98+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
9999
with:
100100
path: ${{ steps.setup-env.outputs.COMPOSER_CACHE_FILES_DIR }}
101101
key: ${{ inputs.job-id || github.job }}-php-${{ inputs.php-version }}-${{ hashFiles('**/composer.*') }}
@@ -105,7 +105,7 @@ jobs:
105105
106106
- name: Cache PHPUnit's static analysis cache
107107
if: ${{ inputs.enable-artifact-upload }}
108-
uses: actions/cache@v5
108+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
109109
with:
110110
path: build/.phpunit.cache/code-coverage
111111
key: phpunit-code-coverage-${{ hashFiles('**/phpunit.*') }}
@@ -133,7 +133,7 @@ jobs:
133133

134134
- name: Upload coverage results as artifact
135135
if: ${{ inputs.enable-artifact-upload }}
136-
uses: actions/upload-artifact@v7
136+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
137137
with:
138138
name: ${{ steps.setup-env.outputs.ARTIFACT_NAME }}
139139
path: build/cov/coverage-${{ steps.setup-env.outputs.ARTIFACT_NAME }}.cov

.github/workflows/test-autoreview.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,15 +37,15 @@ jobs:
3737
steps:
3838
- name: Checkout base branch for PR
3939
if: github.event_name == 'pull_request'
40-
uses: actions/checkout@v6
40+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4141
with:
4242
ref: ${{ github.base_ref }}
4343

4444
- name: Checkout
45-
uses: actions/checkout@v6
45+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4646

4747
- name: Setup PHP
48-
uses: shivammathur/setup-php@v2
48+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
4949
with:
5050
php-version: '8.2'
5151

.github/workflows/test-coding-standards.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,15 +36,15 @@ jobs:
3636
steps:
3737
- name: Checkout base branch for PR
3838
if: github.event_name == 'pull_request'
39-
uses: actions/checkout@v6
39+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4040
with:
4141
ref: ${{ github.base_ref }}
4242

4343
- name: Checkout
44-
uses: actions/checkout@v6
44+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
4545

4646
- name: Setup PHP
47-
uses: shivammathur/setup-php@v2
47+
uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0
4848
with:
4949
php-version: ${{ matrix.php-version }}
5050
extensions: tokenizer
@@ -55,7 +55,7 @@ jobs:
5555
run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
5656

5757
- name: Cache dependencies
58-
uses: actions/cache@v5
58+
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
5959
with:
6060
path: ${{ steps.composer-cache.outputs.COMPOSER_CACHE_FILES_DIR }}
6161
key: ${{ runner.os }}-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}

0 commit comments

Comments
 (0)