From 6ccd57f4c5d15bdc2fef309bd9fb6cc9db2ef1c6 Mon Sep 17 00:00:00 2001 From: John Wesley Walker III <81404201+jww3@users.noreply.github.com> Date: Wed, 12 Jun 2024 19:11:03 +0200 Subject: [PATCH] Pin actions/checkout's own workflows to a known, good, stable version. (#1776) * Pin actions/checkout's own workflows to a known, good, stable version. * fixed failing unit test * fix unit test --- .github/workflows/check-dist.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/licensed.yml | 2 +- .github/workflows/test.yml | 18 +++++++++--------- .github/workflows/update-main-version.yml | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index a131104..53902ee 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.6 - name: Set Node.js 20.x uses: actions/setup-node@v4 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6aa80d7..778d474 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.6 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index a98e674..1f71aa7 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest name: Check licenses steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.6 - run: npm ci - run: npm run licensed-check \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bc7f5f0..1ef3c31 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/setup-node@v4 with: node-version: 20.x - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.6 - run: npm ci - run: npm run build - run: npm run format-check @@ -37,7 +37,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.6 # Basic checkout - name: Checkout basic @@ -202,7 +202,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.6 # Basic checkout using git - name: Checkout basic @@ -234,7 +234,7 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.6 # Basic checkout using git - name: Checkout basic @@ -264,13 +264,13 @@ jobs: steps: # Clone this repo - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.6 with: - path: v4 + path: localClone # Basic checkout using git - name: Checkout basic - uses: ./v4 + uses: ./localClone with: ref: test-data/v2/basic - name: Verify basic @@ -292,6 +292,6 @@ jobs: # needed to make checkout post cleanup succeed - name: Fix Checkout v4 - uses: actions/checkout@v4 + uses: actions/checkout@v4.1.6 with: - path: v4 + path: localClone diff --git a/.github/workflows/update-main-version.yml b/.github/workflows/update-main-version.yml index 23fc820..7bec7d5 100644 --- a/.github/workflows/update-main-version.yml +++ b/.github/workflows/update-main-version.yml @@ -22,7 +22,7 @@ jobs: # Note this update workflow can also be used as a rollback tool. # For that reason, it's best to pin `actions/checkout` to a known, stable version # (typically, about two releases back). - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.1.6 with: fetch-depth: 0 - name: Git config