[core] Pin GitHub Actions dependencies (#34929)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
mui · Oct 30, 2022 · 86b4f32 · 86b4f32
1 parent 6bc045c
commit 86b4f32
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 9 deletions.
diff --git a/.github/workflows/check-if-pr-has-label.yml b/.github/workflows/check-if-pr-has-label.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: mnajdova/[email protected]
+      - uses: mnajdova/github-action-required-labels@ca0df9249827e43aa4b4a0d25d9fe3e9b19b0705 # tag=v2.1
         with:
           mode: minimum
           count: 1

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -19,12 +19,12 @@ jobs:
         os: [macos-latest, windows-latest, ubuntu-latest]
     steps:
       - run: echo "${{ github.actor }}"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
         with:
           # fetch all tags which are required for `yarn release:changelog`
           fetch-depth: 0
       - name: Use Node.js 14.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3
         with:
           node-version: 14
           cache: 'yarn' # https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#caching-packages-dependencies

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -14,10 +14,10 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # tag=v2
         with:
           languages: typescript
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -27,4 +27,4 @@ jobs:
           # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # queries: security-extended,security-and-quality
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # tag=v2
diff --git a/.github/workflows/mark-duplicate.yml b/.github/workflows/mark-duplicate.yml
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     steps:
       - name: mark-duplicate
-        uses: actions-cool/issues-helper@v3
+        uses: actions-cool/issues-helper@02811b26b65e9c0da5f1d8a0095b53478d6591a2 # tag=v3
         with:
           actions: 'mark-duplicate'
           token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml
@@ -16,7 +16,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: lee-dohm/[email protected]
+      - uses: lee-dohm/no-response@9bb0a4b5e6a45046f00353d5de7d90fb8bd773bb # tag=v0.5.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           # Number of days of inactivity before an Issue is closed for lack of response

diff --git a/.github/workflows/support-stackoverflow.yml b/.github/workflows/support-stackoverflow.yml
@@ -12,7 +12,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: dessant/support-requests@v2
+      - uses: dessant/support-requests@876a4de3922dd57434a451e58ad679f986c5da97 # tag=v2
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           # Label used to mark issues as support requests