ci(deps): pin dependencies

4m-mazi · May 14, 2024 · c8e7810 · c8e7810
1 parent ed1faa8
commit c8e7810
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           app-id: ${{ secrets.MAZI_RELEASE_APP_ID }}
           private-key: ${{ secrets.MAZI_RELEASE_APP_PRIVATE_KEY }}
-      - uses: googleapis/[email protected]
+      - uses: googleapis/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4.1.0
         id: release
         with:
           token: ${{ steps.generate_token.outputs.token }}

diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
@@ -43,7 +43,7 @@ jobs:
       # cache wouldn't necessarily upload when it changes. actions/download-artifact also doesn't work
       # because it only handles artifacts uploaded in the same run, and we want to restore from the
       # previous successful run.
-      - uses: dawidd6/action-download-artifact@v2
+      - uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e # v2
         if: github.event.inputs.repoCache != 'disabled'
         continue-on-error: true
         with:
@@ -92,7 +92,7 @@ jobs:
           # their full path, ultimately leading to a nested directory situation.
           # To solve *that*, we'd have to extract to root (/), which isn't safe.
           tar -czvf $cache_archive -C $cache_dir .
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
         if: github.event.inputs.repoCache != 'disabled'
         with:
           name: ${{ env.cache_key }}