diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 8950728dbf1..db95c5ef724 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -4,7 +4,8 @@ "config:base", "schedule:earlyMondays", "group:allNonMajor", - ":prHourlyLimitNone" + ":prHourlyLimitNone", + "helpers:pinGitHubActionDigests" ], "labels": ["c: dependencies"], "reviewersFromCodeOwners": true, diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 593c17f00a9..bbfb49dbd9c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,23 +35,23 @@ jobs: name: 'Build & Unit Test: node-${{ matrix.node_version }}, ${{ matrix.os }}' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: # Required for docs/versions tests fetch-depth: 0 - name: Install pnpm (node 14, pnpm 7) if: matrix.node_version == 14 - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 with: version: 7 - name: Install pnpm if: matrix.node_version != 14 - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to ${{ matrix.node_version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: ${{ matrix.node_version }} cache: 'pnpm' @@ -90,16 +90,16 @@ jobs: run: date - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: # Required for docs/versions tests fetch-depth: 0 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to ${{ matrix.node_version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: ${{ matrix.node_version }} cache: 'pnpm' @@ -122,10 +122,10 @@ jobs: name: 'E2E Doc Test: node-18, ubuntu-latest' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Install deps run: pnpm install @@ -143,15 +143,15 @@ jobs: name: 'Lint: node-18, ubuntu-latest' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to 18 - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 cache: 'pnpm' @@ -173,15 +173,15 @@ jobs: name: 'TS-Check Scripts: node-18, ubuntu-latest' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to 18 - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 cache: 'pnpm' @@ -200,15 +200,15 @@ jobs: name: 'TS-Check Tests: node-18, ubuntu-latest' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to 18 - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 cache: 'pnpm' @@ -227,15 +227,15 @@ jobs: name: 'Codecov: node-18, ubuntu-latest' steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to 18 - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 cache: 'pnpm' @@ -252,7 +252,7 @@ jobs: run: pnpm vitest run --coverage - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3.1.4 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/comment-issue.yml b/.github/workflows/comment-issue.yml index c9d33ce4b09..4bf1bc2f4fc 100644 --- a/.github/workflows/comment-issue.yml +++ b/.github/workflows/comment-issue.yml @@ -13,7 +13,7 @@ jobs: issues: write steps: - name: Add Comment For User Interest - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | github.rest.issues.createComment({ @@ -49,7 +49,7 @@ jobs: }) - name: React to Issue - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | github.rest.reactions.createForIssue({ diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 480298b7077..73b1ccdb054 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -15,15 +15,15 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Install pnpm - uses: pnpm/action-setup@v2.2.4 + uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4 - name: Set node version to 18 - uses: actions/setup-node@v3 + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: node-version: 18 cache: 'pnpm' @@ -53,7 +53,7 @@ jobs: run: pnpm exec tsc .github/workflows/commentCodeGeneration.ts --outDir .github/workflows - name: Comment - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | const script = require('${{ github.workspace }}/.github/workflows/commentCodeGeneration.js') diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml index 75b40cdea7c..bf8f8158962 100644 --- a/.github/workflows/semantic-pull-request.yml +++ b/.github/workflows/semantic-pull-request.yml @@ -20,7 +20,7 @@ jobs: name: Semantic Pull Request steps: - name: Validate PR title - uses: amannn/action-semantic-pull-request@v5 + uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: