From 665b231f87eb084d285c2c722026f7f195055efe Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Thu, 16 Nov 2023 14:50:06 +1300 Subject: [PATCH] feat: Pin actions to hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Done with pin-github-action 1.8.0 using `npx pin-github-action .github/workflows/*.yml`. Dependabot should support updating in the same fashion . Had to `export GH_ADMIN_TOKEN=github_pat_…` using a fine-grained personal access tokens with no extra access to work around rate limiting *and* to be able to work in private repos . --- .github/workflows/push.yml | 2 +- .github/workflows/release-please.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 945d1b9..5aca061 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -7,4 +7,4 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: linz/action-typescript@v3 + - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index e25cd6e..d81ef54 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -10,7 +10,7 @@ jobs: outputs: release_created: ${{ steps.release.outputs.release_created }} steps: - - uses: google-github-actions/release-please-action@v3 + - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3 id: release with: release-type: node @@ -22,7 +22,7 @@ jobs: if: ${{ needs.release-please.outputs.release_created }} steps: - name: Build and test - uses: linz/action-typescript@v3 + uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 with: registry-url: 'https://npm.pkg.github.com'