From d7278ea42b46a87ee0020304807140f6dd311337 Mon Sep 17 00:00:00 2001 From: Claas Augner Date: Mon, 27 Oct 2025 17:55:52 +0100 Subject: [PATCH] ci(workflows): pin 3rd party actions --- .github/workflows/prod.yml | 8 ++++---- .github/workflows/release.yml | 8 ++++---- .github/workflows/rust.yml | 2 +- .github/workflows/stage.yml | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 83395b4..2f2a0bf 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -33,25 +33,25 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up node - uses: actions/setup-node@v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: ".nvmrc" package-manager-cache: false - name: Authenticate with GCP - uses: google-github-actions/auth@v3 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: token_format: access_token service_account: deploy-prod-updates@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions - name: Setup gcloud - uses: google-github-actions/setup-gcloud@v3 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Do it! env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 82a76bf..d2f9013 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,20 +13,20 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - uses: taiki-e/create-gh-release-action@v1 + - uses: taiki-e/create-gh-release-action@26b80501670402f1999aff4b934e1574ef2d3705 # v1.9.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} upload-assets: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - uses: taiki-e/upload-rust-binary-action@v1 + - uses: taiki-e/upload-rust-binary-action@3962470d6e7f1993108411bc3f75a135ec67fc8c # v1.27.0 with: bin: differy env: diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index ad7ad21..97f3dc2 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run fmt diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml index 994dcae..a1bd03e 100644 --- a/.github/workflows/stage.yml +++ b/.github/workflows/stage.yml @@ -33,25 +33,25 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Set up node - uses: actions/setup-node@v6 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: node-version-file: ".nvmrc" package-manager-cache: false - name: Authenticate with GCP - uses: google-github-actions/auth@v3 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: token_format: access_token service_account: deploy-stage-updates@${{ secrets.GCP_PROJECT_NAME }}.iam.gserviceaccount.com workload_identity_provider: projects/${{ secrets.WIP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions - name: Setup gcloud - uses: google-github-actions/setup-gcloud@v3 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Do it! env: