From b31dd39dc8966310582b4985e972203e3d2c5e11 Mon Sep 17 00:00:00 2001 From: dagecko Date: Mon, 30 Mar 2026 00:32:52 -0400 Subject: [PATCH] fix: harden GitHub Actions workflows --- .github/workflows/check-urls.yml | 4 ++-- .github/workflows/detect-conflicting-prs.yml | 2 +- .github/workflows/issues-pinner.yml | 4 ++-- .github/workflows/rtl-ltr-linter.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-urls.yml b/.github/workflows/check-urls.yml index a3d91cddc0517..db527051aa3e1 100644 --- a/.github/workflows/check-urls.yml +++ b/.github/workflows/check-urls.yml @@ -42,7 +42,7 @@ jobs: fetch-depth: ${{ steps.set-params.outputs.fetch-depth }} - name: Get changed files id: changed-files - uses: tj-actions/changed-files@v46 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 with: separator: " " json: true @@ -80,7 +80,7 @@ jobs: fetch-depth: ${{ needs.get-changed-files.outputs.fetch-depth }} - name: Setup Ruby v2.6 if: ${{ endsWith(matrix.file, '.yml') || endsWith(matrix.file, '.md') }} - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@eab2afb99481ca09a4e91171a8e0aee0e89bfedd # v1 with: ruby-version: 2.6 - name: Install awesome_bot diff --git a/.github/workflows/detect-conflicting-prs.yml b/.github/workflows/detect-conflicting-prs.yml index 462d9fccc619e..c48e9675d6231 100644 --- a/.github/workflows/detect-conflicting-prs.yml +++ b/.github/workflows/detect-conflicting-prs.yml @@ -29,7 +29,7 @@ jobs: - name: Label conflicting PRs that are open id: pr-labeler - uses: eps1lon/actions-label-merge-conflict@v3.0.3 + uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3 with: repoToken: ${{ secrets.GITHUB_TOKEN }} retryAfter: 30 # seconds diff --git a/.github/workflows/issues-pinner.yml b/.github/workflows/issues-pinner.yml index 57f31584019af..3ddfbdb2ab2ec 100644 --- a/.github/workflows/issues-pinner.yml +++ b/.github/workflows/issues-pinner.yml @@ -35,7 +35,7 @@ jobs: - name: Add pushpin label on pinning an issue id: if-pinned if: github.event.action == 'pinned' - uses: actions-ecosystem/action-add-labels@v1 + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1 with: repo: ${{ github.repository }} number: ${{ github.event.issue.number }} @@ -45,7 +45,7 @@ jobs: - name: Remove pushpin label on unpinning an issue id: if-unpinned if: github.event.action == 'unpinned' - uses: actions-ecosystem/action-remove-labels@v1 + uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1 with: repo: ${{ github.repository }} number: ${{ github.event.issue.number }} diff --git a/.github/workflows/rtl-ltr-linter.yml b/.github/workflows/rtl-ltr-linter.yml index 1ae174650bd99..55deb1813b45e 100644 --- a/.github/workflows/rtl-ltr-linter.yml +++ b/.github/workflows/rtl-ltr-linter.yml @@ -40,7 +40,7 @@ jobs: # Identify all changed Markdown files in the PR using tj-actions/changed-files - name: Get changed Markdown files id: changed_md_files - uses: tj-actions/changed-files@v46 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46 with: files: | **/*.md