From 0752eed562192e858ec79c871509488e163ef4eb Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Sun, 1 Feb 2026 19:55:32 +0100 Subject: [PATCH] ci: Pin actions Signed-off-by: Andy Scherzinger --- .github/workflows/dependabot-approve-merge.yml | 4 ++-- .github/workflows/fixup.yml | 2 +- .github/workflows/lint.yml | 12 ++++++------ .github/workflows/node-tests.yml | 16 ++++++++-------- .github/workflows/node.yml | 6 +++--- .github/workflows/oci.yml | 4 ++-- .github/workflows/psalm-github.yml | 4 ++-- .github/workflows/psalm-security.yml | 4 ++-- .github/workflows/s3-external.yml | 8 ++++---- .github/workflows/smb-kerberos.yml | 2 +- .github/workflows/static-code-analysis.yml | 8 ++++---- .github/workflows/update-psalm-baseline.yml | 6 +++--- 12 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index c8d69da5819..2016baec8d8 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -16,13 +16,13 @@ jobs: runs-on: ubuntu-latest steps: # Default github action approve - - uses: hmarr/auto-approve-action@v2 + - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 if: github.actor == 'dependabot[bot]' with: github-token: ${{ secrets.GITHUB_TOKEN }} # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.6 if: github.actor == 'dependabot[bot]' with: target: minor diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 3d20975db74..b2ea15e8637 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -7,6 +7,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Run check - uses: xt0rted/block-autosquash-commits-action@main + uses: xt0rted/block-autosquash-commits-action@79880c36b4811fe549cfffe20233df88876024e7 # v2.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 3533e188932..911566047b7 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,9 +10,9 @@ jobs: name: php${{ matrix.php-versions }} lint steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php${{ matrix.php-versions }} - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip @@ -25,9 +25,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: 7.4 extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip @@ -50,10 +50,10 @@ jobs: name: eslint node${{ matrix.node-version }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up node ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6 with: node-version: ${{ matrix.node-version }} diff --git a/.github/workflows/node-tests.yml b/.github/workflows/node-tests.yml index b472d5ebf5b..8a544b6898b 100644 --- a/.github/workflows/node-tests.yml +++ b/.github/workflows/node-tests.yml @@ -16,10 +16,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.1 + uses: skjnldsv/read-package-engines-version-actions@1e2f46e78e31476bc71ebd909105e6e033d5a6f4 # v1.1 id: versions with: fallbackNode: '^12' @@ -31,10 +31,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Set up node ${{ needs.versions.outputs.nodeVersion }} - uses: actions/setup-node@v2 + uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2 with: node-version: ${{ needs.versions.outputs.nodeVersion }} @@ -56,10 +56,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Set up node ${{ needs.versions.outputs.nodeVersion }} - uses: actions/setup-node@v2 + uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2 with: node-version: ${{ needs.versions.outputs.nodeVersion }} @@ -78,10 +78,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Set up node ${{ needs.versions.outputs.nodeVersion }} - uses: actions/setup-node@v2 + uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2 with: node-version: ${{ needs.versions.outputs.nodeVersion }} diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 443ed95dd24..f9b4358fdc5 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -23,17 +23,17 @@ jobs: name: node steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Read package.json node and npm engines version - uses: skjnldsv/read-package-engines-version-actions@v1.2 + uses: skjnldsv/read-package-engines-version-actions@1bdcee71fa343c46b18dc6aceffb4cd1e35209c6 # v1.2 id: versions with: fallbackNode: '^12' fallbackNpm: '^6' - name: Set up node ${{ steps.versions.outputs.nodeVersion }} - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 with: node-version: ${{ steps.versions.outputs.nodeVersion }} diff --git a/.github/workflows/oci.yml b/.github/workflows/oci.yml index 9c102a70c9b..a2c5dbbe198 100644 --- a/.github/workflows/oci.yml +++ b/.github/workflows/oci.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Checkout submodules shell: bash @@ -53,7 +53,7 @@ jobs: git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,oci8,openssl,pcntl,pdo_sqlite,posix,sqlite,xml,zip diff --git a/.github/workflows/psalm-github.yml b/.github/workflows/psalm-github.yml index d27e0a1f143..14a5e8ab67a 100644 --- a/.github/workflows/psalm-github.yml +++ b/.github/workflows/psalm-github.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: recursive - name: Psalm @@ -23,6 +23,6 @@ jobs: composer_ignore_platform_reqs: false report_file: results.sarif - name: Upload Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 with: sarif_file: results.sarif diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml index a97abba44c2..5b73d1a1de2 100644 --- a/.github/workflows/psalm-security.yml +++ b/.github/workflows/psalm-security.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: recursive - name: Psalm @@ -23,6 +23,6 @@ jobs: composer_ignore_platform_reqs: false report_file: results.sarif - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 with: sarif_file: results.sarif diff --git a/.github/workflows/s3-external.yml b/.github/workflows/s3-external.yml index e883f8536b3..f8af6db1b1a 100644 --- a/.github/workflows/s3-external.yml +++ b/.github/workflows/s3-external.yml @@ -36,12 +36,12 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} tools: phpunit:8.5.2 @@ -85,12 +85,12 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: ${{ matrix.php-versions }} tools: phpunit:8.5.2 diff --git a/.github/workflows/smb-kerberos.yml b/.github/workflows/smb-kerberos.yml index 2875a7f4fbd..a0b96d69422 100644 --- a/.github/workflows/smb-kerberos.yml +++ b/.github/workflows/smb-kerberos.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Pull images diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 31ee0f89fa2..6f10226fd76 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -6,7 +6,7 @@ jobs: static-code-analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Checkout submodules shell: bash run: | @@ -14,7 +14,7 @@ jobs: git submodule sync --recursive git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Set up php7.4 - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: 7.4 extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip @@ -32,7 +32,7 @@ jobs: static-code-analysis-ocp: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Checkout submodules shell: bash run: | @@ -40,7 +40,7 @@ jobs: git submodule sync --recursive git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Set up php7.4 - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: 7.4 extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip diff --git a/.github/workflows/update-psalm-baseline.yml b/.github/workflows/update-psalm-baseline.yml index 9fdaeffe22c..9df4c4867fe 100644 --- a/.github/workflows/update-psalm-baseline.yml +++ b/.github/workflows/update-psalm-baseline.yml @@ -10,12 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Set up php7.4 - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2.36.0 with: php-version: 7.4 extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip @@ -34,7 +34,7 @@ jobs: git checkout composer.json composer.lock lib/composer - name: Create Pull Request - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3.14.0 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: Update psalm baseline