Skip to content

Commit a230b32

Browse files
renovate[bot]renovate[bot]
authored
feat(gha): pin dependencies (#5)
| datasource | package | from | to | | ----------- | ------------------------------------ | ------ | ------ | | github-tags | stefanzweifel/git-auto-commit-action | v5.1.0 | v5.2.0 | | github-tags | webfactory/ssh-agent | v0.9.0 | v0.9.1 | Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 129c3ed commit a230b32

3 files changed

Lines changed: 12 additions & 12 deletions

File tree

.github/workflows/pre-commit.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -31,19 +31,19 @@ jobs:
3131
pre-commit:
3232
runs-on: ubuntu-latest
3333
container:
34-
image: devopsroastbot/mise:2025.8.20-alpine
34+
image: devopsroastbot/mise:2025.8.20-alpine@sha256:3af00d5bcec3be143e054f4269e7a3c644c4cee2e25891208d04f21586b5a924
3535
credentials:
3636
username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
3737
password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
3838
steps:
3939
- name: generate token from github app
4040
id: github_app
41-
uses: getsentry/action-github-app-token@v3
41+
uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3
4242
with:
4343
app_id: ${{ inputs.gh_app_id }}
4444
private_key: ${{ secrets.DEVOPS_ROAST_BOT_GH_APP_PRIVATE_KEY }}
4545
- name: checkout
46-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v5
46+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
4747
env:
4848
REF_TO_CHECKOUT: ${{ inputs.auto_commit == true && github.head_ref || '' }}
4949
with:
@@ -68,19 +68,19 @@ jobs:
6868
curl --silent -H "Authorization: Bearer ${{ steps.github_app.outputs.token }}" https://api.github.com/meta | \
6969
jq --raw-output '"github.com " + .ssh_keys[]' >> /etc/ssh/ssh_known_hosts
7070
- name: setup ssh for private pre-commit hooks
71-
uses: webfactory/ssh-agent@v0.9.0
71+
uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
7272
with:
7373
ssh-private-key: ${{ secrets.PRE_COMMIT_HOOKS_REPO_DEPLOY_KEY }}
7474
- name: cache mise dependencies
75-
uses: actions/cache@v4
75+
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
7676
with:
7777
path: ~/.local/share/mise
7878
key: mise-${{ runner.os }}-${{ hashFiles('mise.toml') }}
7979
- name: mise install
8080
run: |
8181
mise install --yes
8282
- name: cache pre-commit dependencies
83-
uses: actions/cache@v4
83+
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
8484
with:
8585
path: ~/.cache/pre-commit
8686
key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
@@ -100,7 +100,7 @@ jobs:
100100
CONTINUE_ON_ERROR: ${{ inputs.auto_commit == true }}
101101
continue-on-error: ${{ fromJSON(env.CONTINUE_ON_ERROR) }}
102102
- name: auto fix changes reported by pre-commit
103-
uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0
103+
uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
104104
id: auto_commit_action
105105
if: inputs.auto_commit
106106
with:

.github/workflows/release-please-standard.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,13 +22,13 @@ jobs:
2222
steps:
2323
- name: generate token from github app
2424
id: github_app
25-
uses: getsentry/action-github-app-token@v3
25+
uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3
2626
with:
2727
app_id: ${{ inputs.gh_app_id }}
2828
private_key: ${{ secrets.DEVOPS_ROAST_BOT_GH_APP_PRIVATE_KEY }}
2929

3030
- name: run release-please action
31-
uses: googleapis/release-please-action@v4
31+
uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4
3232
with:
3333
token: ${{ steps.github_app.outputs.token }}
3434
release-type: simple

.github/workflows/sync-files.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,13 +27,13 @@ jobs:
2727
steps:
2828
- name: generate token from github app
2929
id: github_app
30-
uses: getsentry/action-github-app-token@v3
30+
uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3
3131
with:
3232
app_id: ${{ inputs.gh_app_id }}
3333
private_key: ${{ secrets.DEVOPS_ROAST_BOT_GH_APP_PRIVATE_KEY }}
34-
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v5
34+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
3535
with:
3636
token: ${{ steps.github_app.outputs.token }}
37-
- uses: wadackel/files-sync-action@v3
37+
- uses: wadackel/files-sync-action@95d12ea42e78723763c810a462bcacb4cc315994 # v3
3838
with:
3939
github_token: ${{ steps.github_app.outputs.token }}

0 commit comments

Comments
 (0)