From 55a0f9656c73bc5dc51e1deccada6d1779fbf2a9 Mon Sep 17 00:00:00 2001 From: Julien Doutre <36448022+juliendoutre@users.noreply.github.com> Date: Mon, 16 Mar 2026 14:28:51 +0100 Subject: [PATCH] Pin GitHub Actions --- .github/actions/cache-setup/action.yml | 2 +- .github/workflows/ci.yml | 6 +++--- .github/workflows/datadog-static-analysis.yml | 2 +- .github/workflows/third-party_exported.yml | 4 ++-- .github/workflows/third-party_vulnerabilities.yml | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/actions/cache-setup/action.yml b/.github/actions/cache-setup/action.yml index d1706306b..468aa93cf 100644 --- a/.github/actions/cache-setup/action.yml +++ b/.github/actions/cache-setup/action.yml @@ -17,7 +17,7 @@ runs: shell: bash - name: Cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cargo/bin/ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 90f0447f7..58db4dc33 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Cache setup uses: ./.github/actions/cache-setup @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Cache setup uses: ./.github/actions/cache-setup @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Cache setup uses: ./.github/actions/cache-setup diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml index 7bdc38fe2..5ef64a75d 100644 --- a/.github/workflows/datadog-static-analysis.yml +++ b/.github/workflows/datadog-static-analysis.yml @@ -8,7 +8,7 @@ jobs: name: Datadog Static Analyzer steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Check code meets quality and security standards id: datadog-static-analysis uses: DataDog/datadog-static-analyzer-github-action@v1 diff --git a/.github/workflows/third-party_exported.yml b/.github/workflows/third-party_exported.yml index 44d0b757a..407d74890 100644 --- a/.github/workflows/third-party_exported.yml +++ b/.github/workflows/third-party_exported.yml @@ -15,14 +15,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: # pull the fork's HEAD instead of the main repo's repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.sha }} - name: Assert Glommio depends on crates permissively licensed - uses: EmbarkStudios/cargo-deny-action@v2 + uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2.0.15 with: log-level: warn command: check licenses diff --git a/.github/workflows/third-party_vulnerabilities.yml b/.github/workflows/third-party_vulnerabilities.yml index 3b1adbbea..adc4d109b 100644 --- a/.github/workflows/third-party_vulnerabilities.yml +++ b/.github/workflows/third-party_vulnerabilities.yml @@ -12,10 +12,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - name: Run checks on third-party dependencies - uses: EmbarkStudios/cargo-deny-action@v2 + uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2.0.15 with: log-level: warn command: check