ci: Pin actions

Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2026-02-03 20:41:22 -05:00 · 2026-02-01 15:34:25 +01:00 · 2026-02-01 15:34:25 +01:00 · 523e60042b
commit 523e60042b
parent 11c42fe0b5
18 changed files with 48 additions and 48 deletions
--- a/.github/workflows/command-compile.yml
+++ b/.github/workflows/command-compile.yml
@ -18,7 +18,7 @@ jobs:

    steps:
      - name: Check actor permission
-        uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2
+        uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2.1
        with:
          require: write

@ -31,7 +31,7 @@ jobs:
          reactions: "+1"

      - name: Parse command
-        uses: skjnldsv/parse-command-comment@7cef1df370a99dfd5bf896d50121390c96785db8 # v2
+        uses: skjnldsv/parse-command-comment@7cef1df370a99dfd5bf896d50121390c96785db8 # v2.0
        id: command

      # Init path depending on which command is run
@ -73,7 +73,7 @@ jobs:
          fallbackNpm: '^7'

      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
          cache: npm
--- a/.github/workflows/command-pull-3rdparty.yml
+++ b/.github/workflows/command-pull-3rdparty.yml
@ -18,7 +18,7 @@ jobs:

    steps:
      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@ -26,7 +26,7 @@ jobs:
          reaction-type: "+1"

      - name: Checkout the latest code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          fetch-depth: 0
          token: ${{ secrets.COMMAND_BOT_PAT }}
@ -46,7 +46,7 @@ jobs:
          git push

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@ -27,7 +27,7 @@ jobs:

      - name: Check composer.json
        id: check_composer
-        uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2
+        uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2.0.0
        with:
          files: "composer.json"

--- a/.github/workflows/dependabot-approve-merge.yml
+++ b/.github/workflows/dependabot-approve-merge.yml
@ -34,7 +34,7 @@ jobs:
          github-token: ${{ secrets.GITHUB_TOKEN }}

      # Nextcloud bot approve and merge request
-      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
+      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.6
        with:
          target: minor
          github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}
--- a/.github/workflows/ftp.yml
+++ b/.github/workflows/ftp.yml
@ -32,7 +32,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

@ -46,7 +46,7 @@ jobs:
          if [[ "${{ matrix.ftpd }}" == 'vsftpd' ]]; then docker run --name ftp -d --net host -e FTP_USER=test -e FTP_PASS=test -e PASV_ADDRESS=127.0.0.1 -v /tmp/ftp:/home/vsftpd/test fauria/vsftpd; fi
          if [[ "${{ matrix.ftpd }}" == 'pure-ftpd' ]]; then docker run --name ftp -d --net host -e "PUBLICHOST=localhost" -e FTP_USER_NAME=test -e FTP_USER_PASS=test -e FTP_USER_HOME=/home/test -v /tmp/ftp:/home/test -v /tmp/ftp:/etc/pure-ftpd/passwd stilliard/pure-ftpd; fi
      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: ${{ matrix.php-versions }}
          tools: phpunit:9
--- a/.github/workflows/lint-eslint.yml
+++ b/.github/workflows/lint-eslint.yml
@ -48,7 +48,7 @@ jobs:
          fallbackNpm: '^7'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/node-tests.yml
+++ b/.github/workflows/node-tests.yml
@ -19,10 +19,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Read package.json node and npm engines version
-        uses: skjnldsv/read-package-engines-version-actions@v1.1
+        uses: skjnldsv/read-package-engines-version-actions@1e2f46e78e31476bc71ebd909105e6e033d5a6f4 # v1.1
        id: versions
        with:
          fallbackNode: '^12'
@ -34,10 +34,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@ -56,10 +56,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@ -78,10 +78,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

--- a/.github/workflows/node.yml
+++ b/.github/workflows/node.yml
@ -47,7 +47,7 @@ jobs:
          fallbackNpm: '^7'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

--- a/.github/workflows/npm-audit-fix.yml
+++ b/.github/workflows/npm-audit-fix.yml
@ -36,7 +36,7 @@ jobs:
          fallbackNpm: '^7'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@ -55,7 +55,7 @@ jobs:

      - name: Create Pull Request
        if: always()
-        uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5
+        uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: "chore(deps): fix npm audit"
--- a/.github/workflows/performance.yml
+++ b/.github/workflows/performance.yml
@ -17,13 +17,13 @@ jobs:

    steps:
      - name: Checkout server before PR
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true
          ref: ${{ github.event.pull_request.base.ref }}

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: ${{ matrix.php-versions }}
          tools: phpunit:9
@ -38,7 +38,7 @@ jobs:

          php -S localhost:8080 &
      - name: Apply blueprint
-        uses: icewind1991/blueprint@v0.1.2
+        uses: icewind1991/blueprint@00504403f76cb2a09efd0d16793575055e6f63cb # v0.1.2
        with:
          blueprint: tests/blueprints/basic.toml
          ref: ${{ github.event.pull_request.head.ref }}
@ -86,7 +86,7 @@ jobs:
            before.json
            after.json

-      - uses: actions/github-script@v5
+      - uses: actions/github-script@211cb3fefb35a799baa5156f9321bb774fe56294 # v5.2.0
        if: failure() && steps.compare.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
--- a/.github/workflows/phpunit-32bits.yml
+++ b/.github/workflows/phpunit-32bits.yml
@ -30,7 +30,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

--- a/.github/workflows/s3-external.yml
+++ b/.github/workflows/s3-external.yml
@ -38,12 +38,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: ${{ matrix.php-versions }}
          tools: phpunit:9
@ -91,12 +91,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: ${{ matrix.php-versions }}
          tools: phpunit:9
--- a/.github/workflows/s3-primary.yml
+++ b/.github/workflows/s3-primary.yml
@ -33,12 +33,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: ${{ matrix.php-versions }}
          tools: phpunit:9
--- a/.github/workflows/sftp.yml
+++ b/.github/workflows/sftp.yml
@ -30,7 +30,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@ -15,7 +15,7 @@ jobs:
      issues: write

    steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5.2.1
      with:
        repo-token: ${{ secrets.COMMAND_BOT_PAT }}
        stale-issue-message: >
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@ -15,12 +15,12 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: '8.0'
          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@ -40,7 +40,7 @@ jobs:

      - name: Upload Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
        with:
          sarif_file: results.sarif

@ -49,12 +49,12 @@ jobs:

    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@master
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: '8.0'
          extensions: ctype,curl,dom,fileinfo,ftp,gd,imagick,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@ -68,7 +68,7 @@ jobs:

      - name: Upload Security Analysis results to GitHub
        if: always()
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
        with:
          sarif_file: results.sarif

@ -77,12 +77,12 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: '8.0'
          extensions: ctype,curl,dom,fileinfo,gd,imagick,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
--- a/.github/workflows/update-cacert-bundle.yml
+++ b/.github/workflows/update-cacert-bundle.yml
@ -17,7 +17,7 @@ jobs:
    name: update-ca-certificate-bundle-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          ref: ${{ matrix.branches }}
          submodules: true
@ -26,7 +26,7 @@ jobs:
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3.14.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: Update CA certificate bundle
--- a/.github/workflows/update-psalm-baseline.yml
+++ b/.github/workflows/update-psalm-baseline.yml
@ -19,13 +19,13 @@ jobs:
    name: update-psalm-baseline-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          ref: ${{ matrix.branches }}
          submodules: true

      - name: Set up php
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master
        with:
          php-version: '8.0'
          extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
@ -50,7 +50,7 @@ jobs:
          git checkout composer.json composer.lock lib/composer

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: Update psalm baseline