diff --git a/.github/workflows/create-PRs.yml b/.github/workflows/create-PRs.yml index 278e40f3..cd34c81e 100644 --- a/.github/workflows/create-PRs.yml +++ b/.github/workflows/create-PRs.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 @@ -26,7 +26,7 @@ jobs: - name: Install yq cli #See https://github.com/marketplace/actions/install-a-binary-from-github-releases - uses: jaxxstorm/action-install-gh-release@v1.10.0 + uses: jaxxstorm/action-install-gh-release@c5ead9a448b4660cf1e7866ee22e4dc56538031a # v1.10.0 with: repo: mikefarah/yq tag: v4.34.2 diff --git a/.github/workflows/create-final-bosh-release-on-commits.yml b/.github/workflows/create-final-bosh-release-on-commits.yml index 8895bf0c..57138641 100644 --- a/.github/workflows/create-final-bosh-release-on-commits.yml +++ b/.github/workflows/create-final-bosh-release-on-commits.yml @@ -23,14 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 # TODO: add caching for cli downloads, see https://github.com/marketplace/actions/cache - name: Install bosh-cli #See https://github.com/marketplace/actions/install-a-binary-from-github-releases - uses: jaxxstorm/action-install-gh-release@v1.10.0 + uses: jaxxstorm/action-install-gh-release@c5ead9a448b4660cf1e7866ee22e4dc56538031a # v1.10.0 with: repo: cloudfoundry/bosh-cli tag: v7.4.0 @@ -43,7 +43,7 @@ jobs: - name: Install vendir cli #See https://github.com/marketplace/actions/install-a-binary-from-github-releases - uses: jaxxstorm/action-install-gh-release@v1.10.0 + uses: jaxxstorm/action-install-gh-release@c5ead9a448b4660cf1e7866ee22e4dc56538031a # v1.10.0 with: repo: carvel-dev/vendir tag: v0.34.6 @@ -53,7 +53,7 @@ jobs: - name: Install yq cli #See https://github.com/marketplace/actions/install-a-binary-from-github-releases - uses: jaxxstorm/action-install-gh-release@v1.10.0 + uses: jaxxstorm/action-install-gh-release@c5ead9a448b4660cf1e7866ee22e4dc56538031a # v1.10.0 with: repo: mikefarah/yq tag: v4.34.2 @@ -191,7 +191,7 @@ jobs: - name: create github release id: create-github-release if: ${{ steps.create-bosh-release.outputs.need_gh_release == 'true' }} - uses: ncipollo/release-action@v1.13.0 + uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0 with: tag: ${{ steps.create-bosh-release.outputs.version }} draft: false diff --git a/.github/workflows/create-release-branches.yml b/.github/workflows/create-release-branches.yml index 9f87cb68..e4dd22c6 100644 --- a/.github/workflows/create-release-branches.yml +++ b/.github/workflows/create-release-branches.yml @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 @@ -33,7 +33,7 @@ jobs: - name: Install yq cli #See https://github.com/marketplace/actions/install-a-binary-from-github-releases - uses: jaxxstorm/action-install-gh-release@v1.10.0 + uses: jaxxstorm/action-install-gh-release@c5ead9a448b4660cf1e7866ee22e4dc56538031a # v1.10.0 with: repo: mikefarah/yq tag: v4.34.2 diff --git a/.github/workflows/rebase-release-branches-on-master-branch-commits.yml b/.github/workflows/rebase-release-branches-on-master-branch-commits.yml index ffde259d..5621f25c 100644 --- a/.github/workflows/rebase-release-branches-on-master-branch-commits.yml +++ b/.github/workflows/rebase-release-branches-on-master-branch-commits.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 # TODO: test use of the syntax token from https://github.com/actions/checkout/blob/b4ffde65f46336ab88eb53be808477a3936bae11/README.md?plain=1#L32-L42