From 194b2b13582201a0ecf1c1dd7ed2de675a5de48c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Tue, 9 Sep 2025 23:20:47 +0200 Subject: [PATCH] feat: pin github action dependencies (#10797) Related https://github.com/NativeScript/nativescript-cli/pull/5880 --- .github/workflows/apps_automated_android.yml | 12 ++++++------ .github/workflows/apps_automated_ios.yml | 8 ++++---- .github/workflows/npm_release_core.yml | 4 ++-- .github/workflows/npm_release_tns_core.yml | 2 +- .github/workflows/npm_release_types.yml | 2 +- .github/workflows/npm_release_webpack.yml | 2 +- .github/workflows/ossf-scorecard.yml | 2 +- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/apps_automated_android.yml b/.github/workflows/apps_automated_android.yml index d74a18a95..e5238a50e 100644 --- a/.github/workflows/apps_automated_android.yml +++ b/.github/workflows/apps_automated_android.yml @@ -23,25 +23,25 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 23.5.0 - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 + uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3 with: main-branch-name: 'main' - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'temurin' java-version: '21' - name: Install Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3' @@ -65,7 +65,7 @@ jobs: sudo udevadm trigger --name-match=kvm - name: Run tests on Android Emulator - uses: reactivecircus/android-emulator-runner@v2 + uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # v2.34.0 with: api-level: 34 arch: x86_64 diff --git a/.github/workflows/apps_automated_ios.yml b/.github/workflows/apps_automated_ios.yml index e726f6c25..9c58fc53f 100644 --- a/.github/workflows/apps_automated_ios.yml +++ b/.github/workflows/apps_automated_ios.yml @@ -24,17 +24,17 @@ jobs: runs-on: warp-macos-15-arm64-6x steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # - name: ActionDebugger By Warpbuild # uses: Warpbuilds/action-debugger@v1.3 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 23.5.0 - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 + uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3 with: main-branch-name: 'main' @@ -52,7 +52,7 @@ jobs: run: npx nx run-many --target=test --configuration=ci --projects=core - name: Start iOS Simulator - uses: futureware-tech/simulator-action@v4 + uses: futureware-tech/simulator-action@dab10d813144ef59b48d401cd95da151222ef8cd # v4 with: model: 'iPhone 16 Pro' os_version: '18.4' diff --git a/.github/workflows/npm_release_core.yml b/.github/workflows/npm_release_core.yml index 6c7e8bea4..fceb18332 100644 --- a/.github/workflows/npm_release_core.yml +++ b/.github/workflows/npm_release_core.yml @@ -19,13 +19,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Setup run: npm run setup - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 + uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3 with: main-branch-name: 'main' diff --git a/.github/workflows/npm_release_tns_core.yml b/.github/workflows/npm_release_tns_core.yml index d4551f046..37e1317c5 100644 --- a/.github/workflows/npm_release_tns_core.yml +++ b/.github/workflows/npm_release_tns_core.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Setup run: npm install diff --git a/.github/workflows/npm_release_types.yml b/.github/workflows/npm_release_types.yml index 3fe4e8f69..fcf0dcf87 100644 --- a/.github/workflows/npm_release_types.yml +++ b/.github/workflows/npm_release_types.yml @@ -21,7 +21,7 @@ jobs: - name: Todo run: | echo "TODO: implement action" -# - uses: actions/checkout@v2 +# - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 # # - name: Setup # run: npm install diff --git a/.github/workflows/npm_release_webpack.yml b/.github/workflows/npm_release_webpack.yml index 85c0820e0..7edc8cc25 100644 --- a/.github/workflows/npm_release_webpack.yml +++ b/.github/workflows/npm_release_webpack.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Setup run: npm install diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 837d6bdff..00cee999d 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 with: sarif_file: results.sarif