diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml index 03880e78..60027e43 100644 --- a/.github/workflows/codacy-analysis.yml +++ b/.github/workflows/codacy-analysis.yml @@ -29,7 +29,7 @@ jobs: steps: # Checkout the repository to the GitHub Actions runner - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index ace4d694..358a260b 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -8,7 +8,7 @@ jobs: if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.6.0 + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: token: ${{ secrets.PAT_TOKEN }} fetch-depth: 0 # otherwise, you will failed to push refs to dest repo diff --git a/.github/workflows/sync-release-version.yml b/.github/workflows/sync-release-version.yml index 5aff5a40..530dca95 100644 --- a/.github/workflows/sync-release-version.yml +++ b/.github/workflows/sync-release-version.yml @@ -8,7 +8,7 @@ jobs: update-version: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 with: fetch-depth: 0 - name: Run release-tagger diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3a7b64c9..cd008130 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Dump GitHub context env: GITHUB_CONTEXT: ${{ toJson(github) }} diff --git a/.github/workflows/update-readme.yml b/.github/workflows/update-readme.yml index 67587d51..550fd8cd 100644 --- a/.github/workflows/update-readme.yml +++ b/.github/workflows/update-readme.yml @@ -9,7 +9,7 @@ jobs: sync-assets: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 with: fetch-depth: 0