From e65309d7d1beabc28f08daa009e86ea313e0fcdd Mon Sep 17 00:00:00 2001 From: Kentaro Ohkouchi Date: Tue, 21 Apr 2026 15:19:52 +0900 Subject: [PATCH] =?UTF-8?q?chore:=20GitHub=20Actions=20=E3=82=92=20commit?= =?UTF-8?q?=20SHA=20=E3=81=A7=E3=83=94=E3=83=B3=E7=95=99=E3=82=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `.github/workflows/deploy.yml` の全 `uses:` を `@<40文字 SHA> # vX.Y.Z` 形式に変換 (pinact 3.9.0 で自動生成)。 Supply-chain 対策として、サードパーティ Actions のミュータブルなタグ参照を 不変の commit SHA に固定する。Dependabot (github-actions) が設定済みのため、 バージョンコメントを元に今後も自動アップデートされる。 --- .github/workflows/deploy.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index bbc241b..8f801a5 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,11 +15,11 @@ jobs: deployments: write id-token: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Load secrets from 1Password if: github.event_name == 'push' && github.ref == 'refs/heads/main' - uses: 1password/load-secrets-action@v3 + uses: 1password/load-secrets-action@dafbe7cb03502b260e2b2893c753c352eee545bf # v3.2.1 with: export-env: true env: @@ -28,7 +28,7 @@ jobs: CLOUDFLARE_ACCOUNT_ID: op://EcAuth/cloudflare-credentials/CLOUDFLARE_ACCOUNT_ID - name: Setup Hugo - uses: peaceiris/actions-hugo@v3 + uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: hugo-version: 'latest' extended: true @@ -38,7 +38,7 @@ jobs: - name: Deploy to Cloudflare Pages if: github.event_name == 'push' && github.ref == 'refs/heads/main' - uses: cloudflare/wrangler-action@v3 + uses: cloudflare/wrangler-action@9acf94ace14e7dc412b076f2c5c20b8ce93c79cd # v3.15.0 with: apiToken: ${{ env.CLOUDFLARE_API_TOKEN }} accountId: ${{ env.CLOUDFLARE_ACCOUNT_ID }}