From 31e50ca0fb70e5f4fe28bea941547fc72d931eaf Mon Sep 17 00:00:00 2001 From: Mark McDonald Date: Tue, 18 Mar 2025 15:53:43 +0800 Subject: [PATCH 1/2] Pin actions to specific SHAs --- .github/workflows/samples.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/samples.yaml b/.github/workflows/samples.yaml index 04f2611aa..8e9617344 100644 --- a/.github/workflows/samples.yaml +++ b/.github/workflows/samples.yaml @@ -10,11 +10,11 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Get Changed Files id: changed_files - uses: tj-actions/changed-files@v44 + uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44 with: files: | samples/*.py From 296732031de4808d8baa1c9b6176ed1b70066d28 Mon Sep 17 00:00:00 2001 From: Mark McDonald Date: Tue, 18 Mar 2025 17:47:26 +0800 Subject: [PATCH 2/2] Update all the other workflows --- .github/workflows/labeler.yml | 2 +- .github/workflows/remove-issue-labels.yml | 2 +- .github/workflows/remove-pr-labels.yml | 2 +- .github/workflows/samples.yaml | 4 ++-- .github/workflows/stale.yml | 2 +- .github/workflows/test_pr.yaml | 24 +++++++++++------------ 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 6dcd9ab15..19574ff0a 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -11,5 +11,5 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4 if: ${{ github.event.pull_request.draft == false }} diff --git a/.github/workflows/remove-issue-labels.yml b/.github/workflows/remove-issue-labels.yml index 43f43dd13..79783430d 100644 --- a/.github/workflows/remove-issue-labels.yml +++ b/.github/workflows/remove-issue-labels.yml @@ -11,7 +11,7 @@ jobs: issues: write runs-on: ubuntu-latest steps: - - uses: actions-ecosystem/action-remove-labels@v1 + - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1 with: labels: | status:triaged diff --git a/.github/workflows/remove-pr-labels.yml b/.github/workflows/remove-pr-labels.yml index 3aed6ced7..64aeeaa64 100644 --- a/.github/workflows/remove-pr-labels.yml +++ b/.github/workflows/remove-pr-labels.yml @@ -11,7 +11,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions-ecosystem/action-remove-labels@v1 + - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1 with: labels: | status:awaiting review diff --git a/.github/workflows/samples.yaml b/.github/workflows/samples.yaml index 8e9617344..6e5d45261 100644 --- a/.github/workflows/samples.yaml +++ b/.github/workflows/samples.yaml @@ -49,11 +49,11 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Get Changed Files id: changed_files - uses: tj-actions/changed-files@v44 + uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44 with: files: | samples/rest/*.sh diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index df7d6c186..1f7710e5a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -19,7 +19,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v5 + - uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-issue-stale: 14 diff --git a/.github/workflows/test_pr.yaml b/.github/workflows/test_pr.yaml index 362a53e49..35f7c8fea 100644 --- a/.github/workflows/test_pr.yaml +++ b/.github/workflows/test_pr.yaml @@ -19,8 +19,8 @@ jobs: name: Test Py3.12 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.12' - name: Run tests @@ -32,8 +32,8 @@ jobs: name: Test Py3.11 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.11' - name: Run tests @@ -45,8 +45,8 @@ jobs: name: Test Py3.10 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.10' - name: Run tests @@ -58,8 +58,8 @@ jobs: name: Test Py3.9 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.9' - name: Run tests @@ -71,8 +71,8 @@ jobs: name: pytype 3.11 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.11' - name: Run pytype @@ -86,8 +86,8 @@ jobs: name: Check format with black runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: '3.11' - name: Check format