From 05205065652ed3d0feb7bf272b2c5b6cf9867d3c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 00:33:52 +0000 Subject: [PATCH 1/2] Pin dependencies --- .github/workflows/add-to-task-list.yml | 4 ++-- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/create-release.yml | 4 ++-- .github/workflows/format-json-yml.yml | 6 +++--- .github/workflows/github-actions-cache-cleaner.yml | 2 +- .github/workflows/super-linter.yml | 6 +++--- .github/workflows/update-gitleaks.yml | 6 +++--- .github/workflows/update-package.yml | 6 +++--- .github/workflows/update-readme.yml | 8 ++++---- action.yml | 2 +- package-lock.json | 2 +- package.json | 2 +- 12 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/add-to-task-list.yml b/.github/workflows/add-to-task-list.yml index 946a764f..4035ff31 100644 --- a/.github/workflows/add-to-task-list.yml +++ b/.github/workflows/add-to-task-list.yml @@ -15,11 +15,11 @@ jobs: steps: - name: Generate a token id: generate_token - uses: actions/create-github-app-token@v1.11.0 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }} private-key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }} - - uses: dev-hato/actions-add-to-projects@v0.0.83 + - uses: dev-hato/actions-add-to-projects@fd5b783f40eca48aaee26b62b3df0c1606e845dc # v0.0.83 with: github-token: ${{steps.generate_token.outputs.token}} project-url: https://github.com/orgs/dev-hato/projects/1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5cf72640..03cbeb86 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,10 +41,10 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -56,7 +56,7 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3 # - run: | # echo "Run, Build Application using script" # ./location_of_script_within_repo/buildscript.sh @@ -66,6 +66,6 @@ jobs: # If the Autobuild fails above, remove it and uncomment the following three lines. # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 906e71b9..d5639a55 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -14,8 +14,8 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 - - uses: dev-hato/actions-create-release@v0.0.38 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: dev-hato/actions-create-release@c2a40c5aa1affd28467f9d85ab21730396b96167 # v0.0.38 with: github-token: ${{secrets.GITHUB_TOKEN}} concurrency: diff --git a/.github/workflows/format-json-yml.yml b/.github/workflows/format-json-yml.yml index c4c2cc6d..7775dc19 100644 --- a/.github/workflows/format-json-yml.yml +++ b/.github/workflows/format-json-yml.yml @@ -19,17 +19,17 @@ jobs: steps: - name: Generate a token id: generate_token - uses: actions/create-github-app-token@v1.11.0 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ secrets.PROJECT_AUTOMATION_APP_ID }} private-key: ${{ secrets.PROJECT_AUTOMATION_PRIVATE_KEY }} - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} token: ${{steps.generate_token.outputs.token}} - - uses: dev-hato/actions-format-json-yml@v0.0.74 + - uses: dev-hato/actions-format-json-yml@fb4529a3bce610d82460527c56ff354ed545d1a1 # v0.0.74 with: github-token: ${{steps.generate_token.outputs.token}} concurrency: diff --git a/.github/workflows/github-actions-cache-cleaner.yml b/.github/workflows/github-actions-cache-cleaner.yml index aa34e88f..b55d7bc3 100644 --- a/.github/workflows/github-actions-cache-cleaner.yml +++ b/.github/workflows/github-actions-cache-cleaner.yml @@ -17,7 +17,7 @@ jobs: github-actions-cache-cleaner: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./ with: github-token: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index 927cc432..16a67cc5 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -39,12 +39,12 @@ jobs: # Checkout the code base # ########################## - name: Checkout Code - uses: actions/checkout@v4.2.1 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: # Full git history is needed to get a proper list # of changed files within `super-linter` fetch-depth: 0 - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: cache: npm - run: bash "${GITHUB_WORKSPACE}/scripts/super_linter/build/set_path.sh" @@ -52,7 +52,7 @@ jobs: # Run Linter against code base # ################################ - name: Lint Code Base - uses: super-linter/super-linter/slim@v7.1.0 + uses: super-linter/super-linter/slim@b92721f792f381cedc002ecdbb9847a15ece5bb8 # v7.1.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} DEFAULT_BRANCH: main diff --git a/.github/workflows/update-gitleaks.yml b/.github/workflows/update-gitleaks.yml index e865d383..41cc7d00 100644 --- a/.github/workflows/update-gitleaks.yml +++ b/.github/workflows/update-gitleaks.yml @@ -17,19 +17,19 @@ jobs: update-gitleaks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: cache: npm - name: Install packages if: github.event_name != 'pull_request' || github.event.action != 'closed' run: npm ci - - uses: dev-hato/actions-update-gitleaks@v0.0.79 + - uses: dev-hato/actions-update-gitleaks@0e9a2d1c25c0acc3108157714109d94ebecbf7cf # v0.0.79 with: github-token: ${{secrets.GITHUB_TOKEN}} concurrency: diff --git a/.github/workflows/update-package.yml b/.github/workflows/update-package.yml index 6f518cdd..101ace3b 100644 --- a/.github/workflows/update-package.yml +++ b/.github/workflows/update-package.yml @@ -18,18 +18,18 @@ jobs: update-package: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: cache: npm - if: github.event_name != 'pull_request' || github.event.action != 'closed' run: npm install - - uses: dev-hato/actions-diff-pr-management@v1.2.0 + - uses: dev-hato/actions-diff-pr-management@e5c78b251a69f44f93b2f1398e06b129bcf151ec # v1.2.0 with: github-token: ${{secrets.GITHUB_TOKEN}} branch-name-prefix: fix-package diff --git a/.github/workflows/update-readme.yml b/.github/workflows/update-readme.yml index d8ae9447..82a3db95 100644 --- a/.github/workflows/update-readme.yml +++ b/.github/workflows/update-readme.yml @@ -17,12 +17,12 @@ jobs: update-readme: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.2.1 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha || github.sha }} - - uses: actions/setup-node@v4.0.4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 if: github.event_name != 'pull_request' || github.event.action != 'closed' with: cache: npm @@ -31,7 +31,7 @@ jobs: - name: Get inputs markdown id: get_inputs_markdown if: github.event_name != 'pull_request' || github.event.action != 'closed' - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: HEAD_REF: ${{github.event.pull_request.head.ref || github.head_ref}} with: @@ -46,7 +46,7 @@ jobs: run: bash "${GITHUB_WORKSPACE}/scripts/update_readme/update_readme/update_readme.sh" - if: github.event_name != 'pull_request' || github.event.action != 'closed' run: npx prettier --write . - - uses: dev-hato/actions-diff-pr-management@v1.2.0 + - uses: dev-hato/actions-diff-pr-management@e5c78b251a69f44f93b2f1398e06b129bcf151ec # v1.2.0 with: github-token: ${{secrets.GITHUB_TOKEN}} branch-name-prefix: fix-readme diff --git a/action.yml b/action.yml index 37a49245..db675d21 100644 --- a/action.yml +++ b/action.yml @@ -8,7 +8,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/github-script@v7.0.1 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{inputs.github-token}} script: | diff --git a/package-lock.json b/package-lock.json index 2d0b4813..2fa0e728 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "@proofdict/textlint-rule-proofdict": "3.1.2", "@textlint-ja/textlint-rule-no-insert-dropping-sa": "2.0.1", "js-yaml": "4.1.0", - "prettier": "^3.3.3", + "prettier": "3.3.3", "textlint": "14.2.1", "textlint-filter-rule-comments": "1.2.2", "textlint-rule-abbr-within-parentheses": "1.0.2", diff --git a/package.json b/package.json index f6117c77..0cec7a57 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "@proofdict/textlint-rule-proofdict": "3.1.2", "@textlint-ja/textlint-rule-no-insert-dropping-sa": "2.0.1", "js-yaml": "4.1.0", - "prettier": "^3.3.3", + "prettier": "3.3.3", "textlint": "14.2.1", "textlint-filter-rule-comments": "1.2.2", "textlint-rule-abbr-within-parentheses": "1.0.2", From 0ee2c3ab96266dd17460b7390c9d3c642f53e770 Mon Sep 17 00:00:00 2001 From: Masaya Suzuki <15100604+massongit@users.noreply.github.com> Date: Wed, 16 Oct 2024 10:02:34 +0900 Subject: [PATCH 2/2] =?UTF-8?q?super-linter=E3=81=AE=E3=83=90=E3=83=BC?= =?UTF-8?q?=E3=82=B8=E3=83=A7=E3=83=B3=E5=8F=96=E5=BE=97=E5=87=A6=E7=90=86?= =?UTF-8?q?=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/super_linter/build/set_path.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/super_linter/build/set_path.sh b/scripts/super_linter/build/set_path.sh index e2422e23..7775ce05 100755 --- a/scripts/super_linter/build/set_path.sh +++ b/scripts/super_linter/build/set_path.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash npm ci -action="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml)" -PATH="$(docker run --rm --entrypoint '' "ghcr.io/${action//\/slim@/:slim-}" /bin/sh -c 'echo $PATH')" +tag_name="$(yq '.jobs.build.steps[-1].uses' .github/workflows/super-linter.yml | sed -e 's;/slim@.*;:slim;g')" +tag_version="$(yq '.jobs.build.steps[-1].uses | line_comment' .github/workflows/super-linter.yml)" +PATH="$(docker run --rm --entrypoint '' "ghcr.io/${tag_name}-${tag_version}" /bin/sh -c 'echo $PATH')" echo "PATH=/github/workspace/node_modules/.bin:${PATH}" >>"$GITHUB_ENV"