From: David Galloway Date: Thu, 20 Mar 2025 13:21:27 +0000 (-0400) Subject: workflows: Pin specific SHAs X-Git-Tag: v20.3.0~293^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=c18a78ef58a5845d47299fd9063f6556fd77812b;p=ceph.git workflows: Pin specific SHAs Fixes https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup Signed-off-by: David Galloway --- diff --git a/.github/workflows/create-backport-trackers.yml b/.github/workflows/create-backport-trackers.yml index 79b03f62c1c6f..4706311c59b2e 100644 --- a/.github/workflows/create-backport-trackers.yml +++ b/.github/workflows/create-backport-trackers.yml @@ -37,13 +37,13 @@ jobs: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: | src/script/backport-create-issue src/script/requirements.backport-create-issue.txt sparse-checkout-cone-mode: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '>=3.6 <3.12' cache: 'pip' diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 510a6bebd4e23..1805ae365339c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: # PAT for GitHub API authentication repo-token: "${{ secrets.GITHUB_TOKEN }}"