From ea40ed495d4c4ddfa9357f8f092b11fdbb3a8bc4 Mon Sep 17 00:00:00 2001 From: Andy Scherzinger Date: Sun, 1 Feb 2026 19:58:31 +0100 Subject: [PATCH] ci: Pin actions Signed-off-by: Andy Scherzinger --- .github/workflows/dependabot-approve-merge.yml | 4 ++-- .github/workflows/fixup.yml | 2 +- .github/workflows/lint.yml | 8 ++++---- .github/workflows/node.yml | 16 ++++++++-------- .github/workflows/oci.yml | 4 ++-- .github/workflows/psalm-security.yml | 4 ++-- .github/workflows/s3-external.yml | 8 ++++---- .github/workflows/static-code-analysis.yml | 8 ++++---- .github/workflows/update-psalm-baseline.yml | 6 +++--- 9 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml index c8d69da5819..2016baec8d8 100644 --- a/.github/workflows/dependabot-approve-merge.yml +++ b/.github/workflows/dependabot-approve-merge.yml @@ -16,13 +16,13 @@ jobs: runs-on: ubuntu-latest steps: # Default github action approve - - uses: hmarr/auto-approve-action@v2 + - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2 if: github.actor == 'dependabot[bot]' with: github-token: ${{ secrets.GITHUB_TOKEN }} # Nextcloud bot approve and merge request - - uses: ahmadnassri/action-dependabot-auto-merge@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.6 if: github.actor == 'dependabot[bot]' with: target: minor diff --git a/.github/workflows/fixup.yml b/.github/workflows/fixup.yml index 6092cc3a5f8..a358942664f 100644 --- a/.github/workflows/fixup.yml +++ b/.github/workflows/fixup.yml @@ -15,6 +15,6 @@ jobs: steps: - name: Run check - uses: xt0rted/block-autosquash-commits-action@v2 + uses: xt0rted/block-autosquash-commits-action@79880c36b4811fe549cfffe20233df88876024e7 # v2.2.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 016f3ac6d5b..0160af904c1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,9 +10,9 @@ jobs: name: php${{ matrix.php-versions }} lint steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php${{ matrix.php-versions }} - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: ${{ matrix.php-versions }} coverage: none @@ -24,9 +24,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@master + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up php - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: 7.4 coverage: none diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 9728d1e2d73..311ea098fbe 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -17,9 +17,9 @@ jobs: node-version: [12.x] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Use node ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6 with: node-version: ${{ matrix.node-version }} - name: Install dependencies & build @@ -39,9 +39,9 @@ jobs: matrix: node-version: [12.x] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Use node ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6 with: node-version: ${{ matrix.node-version }} - name: Install dependencies @@ -56,9 +56,9 @@ jobs: matrix: node-version: [12.x] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Use node ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6 with: node-version: ${{ matrix.node-version }} - name: Test @@ -70,9 +70,9 @@ jobs: matrix: node-version: [12.x] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Use node ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1.4.6 with: node-version: ${{ matrix.node-version }} - name: Install dependencies diff --git a/.github/workflows/oci.yml b/.github/workflows/oci.yml index 2f2ee8f570c..046f0e608f5 100644 --- a/.github/workflows/oci.yml +++ b/.github/workflows/oci.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Checkout submodules shell: bash @@ -38,7 +38,7 @@ jobs: git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: ${{ matrix.php-versions }} extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, oci8 diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml index 306e4c0cafe..f46712ac4ed 100644 --- a/.github/workflows/psalm-security.yml +++ b/.github/workflows/psalm-security.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: recursive - name: Psalm @@ -21,6 +21,6 @@ jobs: security_analysis: true report_file: results.sarif - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 with: sarif_file: results.sarif diff --git a/.github/workflows/s3-external.yml b/.github/workflows/s3-external.yml index dedab6b0c16..6f7cca1ee1c 100644 --- a/.github/workflows/s3-external.yml +++ b/.github/workflows/s3-external.yml @@ -36,12 +36,12 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: ${{ matrix.php-versions }} tools: phpunit @@ -85,12 +85,12 @@ jobs: steps: - name: Checkout server - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Set up php ${{ matrix.php-versions }} - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: ${{ matrix.php-versions }} tools: phpunit diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index a1bbcdb84c7..e303e91d418 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -6,7 +6,7 @@ jobs: static-code-analysis: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Checkout submodules shell: bash run: | @@ -14,7 +14,7 @@ jobs: git submodule sync --recursive git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Set up php7.4 - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: 7.4 coverage: none @@ -31,7 +31,7 @@ jobs: static-code-analysis-ocp: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Checkout submodules shell: bash run: | @@ -39,7 +39,7 @@ jobs: git submodule sync --recursive git -c "http.extraheader=$auth_header" -c protocol.version=2 submodule update --init --force --recursive --depth=1 - name: Set up php7.4 - uses: shivammathur/setup-php@master + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: 7.4 coverage: none diff --git a/.github/workflows/update-psalm-baseline.yml b/.github/workflows/update-psalm-baseline.yml index 9fdaeffe22c..12c86fd3663 100644 --- a/.github/workflows/update-psalm-baseline.yml +++ b/.github/workflows/update-psalm-baseline.yml @@ -10,12 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: submodules: true - name: Set up php7.4 - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # master with: php-version: 7.4 extensions: ctype,curl,dom,fileinfo,gd,intl,json,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip @@ -34,7 +34,7 @@ jobs: git checkout composer.json composer.lock lib/composer - name: Create Pull Request - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@18f7dc018cc2cd597073088f7c7591b9d1c02672 # v3.14.0 with: token: ${{ secrets.COMMAND_BOT_PAT }} commit-message: Update psalm baseline