diff --git a/.github/workflows/composer-install.yml b/.github/workflows/composer-install.yml index 15a8cf2..3adc09c 100644 --- a/.github/workflows/composer-install.yml +++ b/.github/workflows/composer-install.yml @@ -29,11 +29,11 @@ jobs: php: ["8.1", "8.2", "8.3", "8.4"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Cache Composer packages id: composer-cache - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: vendor key: ${{ runner.os }}-php-${{ matrix.php }}-${{ hashFiles('**/composer.json') }} @@ -42,7 +42,7 @@ jobs: ${{ runner.os }}-php- - name: Composer (PHP ${{ matrix.php }}) - uses: php-actions/composer@v6 + uses: php-actions/composer@8a65f0d3c6a1d17ca4800491a40b5756a4c164f3 # v6 with: php_version: ${{ matrix.php }} args: --no-progress --prefer-dist --optimize-autoloader diff --git a/.github/workflows/compress-images.yml b/.github/workflows/compress-images.yml index b8994e0..5333e58 100644 --- a/.github/workflows/compress-images.yml +++ b/.github/workflows/compress-images.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Compress Images id: calibre @@ -39,7 +39,7 @@ jobs: - name: Create New Pull Request If Needed if: steps.calibre.outputs.markdown != '' - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7 with: title: Compressed Images Nightly branch-suffix: timestamp diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ebba11a..09895a2 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -28,7 +28,7 @@ jobs: statuses: read steps: - name: "Checkout Repository" - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Dependency Review" - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4 diff --git a/.github/workflows/laravel-phpunit.yml b/.github/workflows/laravel-phpunit.yml index 00af07f..f2031df 100644 --- a/.github/workflows/laravel-phpunit.yml +++ b/.github/workflows/laravel-phpunit.yml @@ -23,15 +23,15 @@ jobs: statuses: write steps: - - uses: shivammathur/setup-php@v2 + - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2 with: php-version: "8.3" - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: "Check file existence" id: check_files - uses: andstor/file-existence-action@v3 + uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3 with: files: "package.json, artisan" diff --git a/.github/workflows/pr-compress-images.yml b/.github/workflows/pr-compress-images.yml index 92a5503..ed30c17 100644 --- a/.github/workflows/pr-compress-images.yml +++ b/.github/workflows/pr-compress-images.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Compress Images uses: calibreapp/image-actions@main diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 1bdf50a..67808e1 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -59,7 +59,7 @@ jobs: steps: # Git Checkout - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ secrets.FIXIMUS_TOKEN || secrets.PAT || secrets.GITHUB_TOKEN }} @@ -72,7 +72,7 @@ jobs: # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/latest/flavors/ - uses: oxsecurity/megalinter/flavors/cupcake@v8.4.2 + uses: oxsecurity/megalinter/flavors/cupcake@ec124f7998718d79379a3c5b39f5359952baf21d # v8.4.2 id: ml @@ -110,7 +110,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 if: success() || failure() with: name: MegaLinter reports @@ -122,7 +122,7 @@ jobs: # Create pull request if applicable # (for now works only on PR from same repository, not from forks) - name: Create Pull Request with applied fixes - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7 id: cpr if: >- steps.ml.outputs.has_updated_sources == 1 && @@ -178,7 +178,7 @@ jobs: run: sudo chown -Rc $UID .git/ - name: Commit and push applied linter fixes - uses: stefanzweifel/git-auto-commit-action@v5 + uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5 if: >- steps.ml.outputs.has_updated_sources == 1 && ( @@ -205,6 +205,6 @@ jobs: - name: Upload MegaLinter scan results to GitHub Security tab if: success() || failure() - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3 with: sarif_file: "megalinter-reports/megalinter-report.sarif" diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index efca43a..290f941 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -20,6 +20,6 @@ jobs: packages: read steps: - name: 🚀 Run Release Drafter - uses: release-drafter/release-drafter@v6.1.0 + uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-monthly.yaml b/.github/workflows/release-monthly.yaml index 465bf10..adb36e0 100644 --- a/.github/workflows/release-monthly.yaml +++ b/.github/workflows/release-monthly.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Create Release shell: bash diff --git a/.github/workflows/reviewdog-linters.yml b/.github/workflows/reviewdog-linters.yml index 160be7c..3fa9324 100644 --- a/.github/workflows/reviewdog-linters.yml +++ b/.github/workflows/reviewdog-linters.yml @@ -20,10 +20,10 @@ jobs: statuses: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: GitHub Actions - uses: reviewdog/action-actionlint@v1 + uses: reviewdog/action-actionlint@abd537417cf4991e1ba8e21a67b1119f4f53b8e0 # v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} reporter: github-pr-review @@ -35,13 +35,13 @@ jobs: reporter: github-pr-review - name: markdownlint - uses: reviewdog/action-markdownlint@v0 + uses: reviewdog/action-markdownlint@f901468edf9a3634dd39b35ba26cad0aad1a0bfd # v0 with: github_token: ${{ secrets.GITHUB_TOKEN }} reporter: github-pr-review - name: shfmt - uses: reviewdog/action-shfmt@v1 + uses: reviewdog/action-shfmt@f59386f08bd9a24ac1a746e69f026ddc2ed06710 # v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} shfmt_flags: | @@ -57,7 +57,7 @@ jobs: --func-next-line - name: yamllint - uses: reviewdog/action-yamllint@v1 + uses: reviewdog/action-yamllint@1dca3ad811867be18fbe293a9818d715a6c2cd46 # v1 with: github_token: ${{ secrets.github_token }} reporter: github-pr-review diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a8daa69..0976a75 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -29,7 +29,7 @@ jobs: steps: - name: 🚀 Run stale - uses: actions/stale@v9.1.0 + uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 30 diff --git a/.github/workflows/sync-labels-to-own-projects.yml b/.github/workflows/sync-labels-to-own-projects.yml index 14ce0c5..1385b06 100644 --- a/.github/workflows/sync-labels-to-own-projects.yml +++ b/.github/workflows/sync-labels-to-own-projects.yml @@ -26,7 +26,7 @@ jobs: outputs: repos: ${{ steps.repos.outputs.REPOS }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Get Repositories id: repos @@ -48,7 +48,7 @@ jobs: echo "$REPOS" echo "$EOF" } >> "$GITHUB_ENV" - - uses: micnncim/action-label-syncer@v1 + - uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1 with: prune: true repository: ${{ steps.repos.outputs.REPOS }} diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 873ae8d..c2751e9 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -35,7 +35,7 @@ jobs: "https://raw.githubusercontent.com/ivuorinen/.github/main/.github/labels.yml" \ > labels.yml - name: 🚀 Run Label Syncer - uses: micnncim/action-label-syncer@v1.3.0 + uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: