diff --git a/.github/workflows/ai-sync.yml b/.github/workflows/ai-sync.yml index 24782aa..5dadf1d 100644 --- a/.github/workflows/ai-sync.yml +++ b/.github/workflows/ai-sync.yml @@ -15,7 +15,7 @@ jobs: name: Check generated AI instructions runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: submodules: true - run: bash scripts/sync-ai-skills.sh --check diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2186337..9eaaff7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ jobs: code-changed: ${{ steps.filter.outputs.code }} provenance-changed: ${{ steps.filter.outputs.provenance }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4 id: filter with: @@ -82,7 +82,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - uses: rhysd/actionlint@914e7df21a07ef503a81201c76d2b11c789d3fca # v1.7.12 version-sync: @@ -97,7 +97,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: "22" @@ -118,7 +118,7 @@ jobs: - name: Skip when lint is not required if: needs.check-changes.outputs.code-changed != 'true' run: echo "No trusted code changes; lint skipped." - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 if: needs.check-changes.outputs.code-changed == 'true' - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 if: needs.check-changes.outputs.code-changed == 'true' @@ -142,7 +142,7 @@ jobs: - name: Skip when tests are not required if: needs.check-changes.outputs.code-changed != 'true' run: echo "No trusted code changes; tests skipped." - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 if: needs.check-changes.outputs.code-changed == 'true' - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 if: needs.check-changes.outputs.code-changed == 'true' @@ -183,7 +183,7 @@ jobs: - name: Skip when runtime checks are not required if: needs.check-changes.outputs.code-changed != 'true' run: echo "No trusted code changes; runtime checks skipped." - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 if: needs.check-changes.outputs.code-changed == 'true' - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 if: needs.check-changes.outputs.code-changed == 'true' @@ -221,7 +221,7 @@ jobs: - name: Skip when packaging is not required if: needs.check-changes.outputs.code-changed != 'true' run: echo "No trusted code changes; pack skipped." - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 if: needs.check-changes.outputs.code-changed == 'true' - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 if: needs.check-changes.outputs.code-changed == 'true' @@ -250,7 +250,7 @@ jobs: - name: Skip when provenance is not required if: needs.check-changes.outputs.provenance-changed != 'true' run: echo "No trusted provenance changes; provenance check skipped." - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 if: needs.check-changes.outputs.provenance-changed == 'true' - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 if: needs.check-changes.outputs.provenance-changed == 'true' diff --git a/.github/workflows/provenance-sync.yml b/.github/workflows/provenance-sync.yml index 3431da6..a5c0707 100644 --- a/.github/workflows/provenance-sync.yml +++ b/.github/workflows/provenance-sync.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: ref: ${{ github.event.pull_request.head.ref || github.ref_name }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ec0b1f2..389911f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: ${{ env.NODE_VERSION }} @@ -89,7 +89,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: ${{ env.NODE_VERSION }}