From 6be6d05a2998245f5fd7ed0314da0c3ec0bb9e9c Mon Sep 17 00:00:00 2001 From: Sandeep Murthy Date: Thu, 16 Apr 2026 13:12:47 +0100 Subject: [PATCH] ci: pin all actions to full commit SHAs --- .github/workflows/build.yaml | 2 +- .github/workflows/deploy.yml | 4 ++-- .github/workflows/lint.yml | 4 ++-- .github/workflows/test.yml | 18 +++++++++--------- .github/workflows/validate-project-outputs.yml | 4 ++-- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f309f66..0c3fac1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up environment for CI run: | diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index d0b5a64..21481f8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,10 +13,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Assume AWS IAM Role - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: eu-west-2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2a1311e..f9c0b50 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -11,10 +11,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.11" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c260314..fe83123 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,10 +12,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.11" @@ -42,10 +42,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.11" @@ -70,7 +70,7 @@ jobs: --cov-report=xml - name: Upload coverage.xml artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: coverage-xml path: coverage.xml @@ -78,7 +78,7 @@ jobs: - name: Upload coverage report to Codecov (best effort) continue-on-error: true - uses: codecov/codecov-action@v6 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 with: files: ./coverage.xml token: ${{ secrets.CODECOV_TOKEN }} @@ -91,10 +91,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.11" @@ -116,7 +116,7 @@ jobs: - name: Upload Playwright artifacts on failure if: failure() - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: playwright-artifacts path: test-results/playwright diff --git a/.github/workflows/validate-project-outputs.yml b/.github/workflows/validate-project-outputs.yml index 2a60f28..d54996c 100644 --- a/.github/workflows/validate-project-outputs.yml +++ b/.github/workflows/validate-project-outputs.yml @@ -32,10 +32,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.11"