diff --git a/.github/workflows/check-if-pr-has-label.yml b/.github/workflows/check-if-pr-has-label.yml index cc1ffc96918f2e..3430cb53c9b1f3 100644 --- a/.github/workflows/check-if-pr-has-label.yml +++ b/.github/workflows/check-if-pr-has-label.yml @@ -11,7 +11,7 @@ jobs: permissions: contents: read steps: - - uses: mnajdova/github-action-required-labels@v2.1 + - uses: mnajdova/github-action-required-labels@ca0df9249827e43aa4b4a0d25d9fe3e9b19b0705 # tag=v2.1 with: mode: minimum count: 1 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0de49dd0b13fc8..392f4a4873ed54 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,12 +19,12 @@ jobs: os: [macos-latest, windows-latest, ubuntu-latest] steps: - run: echo "${{ github.actor }}" - - uses: actions/checkout@v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3 with: # fetch all tags which are required for `yarn release:changelog` fetch-depth: 0 - name: Use Node.js 14.x - uses: actions/setup-node@v3 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3 with: node-version: 14 cache: 'yarn' # https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#caching-packages-dependencies diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5bc4828e36a752..c26f37c6e0cc82 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,10 +14,10 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # tag=v2 with: languages: typescript # If you wish to specify custom queries, you can do so here or in a config file. @@ -27,4 +27,4 @@ jobs: # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@ec3cf9c605b848da5f1e41e8452719eb1ccfb9a6 # tag=v2 diff --git a/.github/workflows/mark-duplicate.yml b/.github/workflows/mark-duplicate.yml index 9692bf2e1fb51e..58c18fd8fbd59d 100644 --- a/.github/workflows/mark-duplicate.yml +++ b/.github/workflows/mark-duplicate.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write steps: - name: mark-duplicate - uses: actions-cool/issues-helper@v3 + uses: actions-cool/issues-helper@02811b26b65e9c0da5f1d8a0095b53478d6591a2 # tag=v3 with: actions: 'mark-duplicate' token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml index 7eaa844612fdb6..1564d7efe05ece 100644 --- a/.github/workflows/no-response.yml +++ b/.github/workflows/no-response.yml @@ -16,7 +16,7 @@ jobs: contents: read issues: write steps: - - uses: lee-dohm/no-response@v0.5.0 + - uses: lee-dohm/no-response@9bb0a4b5e6a45046f00353d5de7d90fb8bd773bb # tag=v0.5.0 with: token: ${{ secrets.GITHUB_TOKEN }} # Number of days of inactivity before an Issue is closed for lack of response diff --git a/.github/workflows/support-stackoverflow.yml b/.github/workflows/support-stackoverflow.yml index 1089595bf9a579..d9d4c2122f516d 100644 --- a/.github/workflows/support-stackoverflow.yml +++ b/.github/workflows/support-stackoverflow.yml @@ -12,7 +12,7 @@ jobs: contents: read issues: write steps: - - uses: dessant/support-requests@v2 + - uses: dessant/support-requests@876a4de3922dd57434a451e58ad679f986c5da97 # tag=v2 with: github-token: ${{ secrets.GITHUB_TOKEN }} # Label used to mark issues as support requests