Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
tools: use hashes instead of tags for external actions
Using tags is a security risk, as they can be updated to point to
anything else.

Refs: nodejs/corepack#117 (comment)
  • Loading branch information
aduh95 committed Jun 1, 2022
commit f2b4d310bfe03bc8b0e16d3e1512bd9d00ab2f81
4 changes: 3 additions & 1 deletion .github/workflows/authors.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,9 @@ jobs:
fetch-depth: '0' # This is required to actually get all the authors
persist-credentials: false
- run: tools/update-authors.mjs # Run the AUTHORS tool
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/coverage-linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,6 @@ jobs:
- name: Clean tmp
run: rm -rf coverage/tmp && rm -rf out
- name: Upload
uses: codecov/codecov-action@v1
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378
Comment thread
aduh95 marked this conversation as resolved.
Outdated
with:
directory: ./coverage
2 changes: 1 addition & 1 deletion .github/workflows/coverage-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,6 @@ jobs:
- name: Clean tmp
run: npx rimraf ./coverage/tmp
- name: Upload
uses: codecov/codecov-action@v1
uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378
Comment thread
aduh95 marked this conversation as resolved.
Outdated
with:
directory: ./coverage
4 changes: 3 additions & 1 deletion .github/workflows/find-inactive-collaborators.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@ jobs:
run: tools/find-inactive-collaborators.mjs

- name: Open pull request
uses: gr2m/create-or-update-pull-request-action@v1
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/find-inactive-tsc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,9 @@ jobs:
run: tools/find-inactive-tsc.mjs >> $GITHUB_ENV

- name: Open pull request
uses: gr2m/create-or-update-pull-request-action@v1
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/license-builder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ jobs:
with:
persist-credentials: false
- run: ./tools/license-builder.sh # Run the license builder tool
- uses: gr2m/create-or-update-pull-request-action@v1.x # Create a PR or update the Action's existing PR
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/linters.yml
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ jobs:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: mszostok/codeowners-validator@v0.6.0
- uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f
with:
checks: files,duppatterns
lint-pr-url:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/notify-force-push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Slack Notification
uses: rtCamp/action-slack-notify@master
uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
env:
SLACK_COLOR: '#DE512A'
SLACK_ICON: https://github.com/nodejs.png?size=48
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/tools.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,9 @@ jobs:
with:
persist-credentials: false
- run: ${{ matrix.run }}
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:
Expand Down