From c051564acbe10ffe9b6c7413071ec54b5571b5ff Mon Sep 17 00:00:00 2001 From: Andrew Mackett Date: Tue, 24 Mar 2026 15:18:32 +0000 Subject: [PATCH] chore: pin GitHub actions to specific commit SHA --- .github/workflows/ci.yaml | 10 +++++----- .github/workflows/sdk_generation.yaml | 4 ++-- .github/workflows/sdk_publish.yaml | 6 +++--- .github/workflows/sdk_tag.yaml | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 79112bad..93a22ae2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -27,10 +27,10 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - name: Use Java ${{ matrix.java }} - uses: actions/setup-java@v4 + uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4 with: distribution: 'corretto' java-version: ${{ matrix.java }} @@ -42,7 +42,7 @@ jobs: run: | ./gradlew test - - uses: hmarr/auto-approve-action@v4 + - uses: hmarr/auto-approve-action@8f929096a962e83ccdfa8afcf855f39f12d4dac7 # v4 if: "github.event.pull_request.user.login == 'github-actions[bot]'" with: github-token: ${{ secrets.DISPATCH_ACCESS_TOKEN }} @@ -59,7 +59,7 @@ jobs: - id: automerge name: automerge if: "github.event.pull_request.user.login == 'github-actions[bot]'" - uses: "pascalgn/automerge-action@v0.16.4" + uses: "pascalgn/automerge-action@7961b8b5eec56cc088c140b56d864285eabd3f67" # v0.16.4 env: GITHUB_TOKEN: ${{ secrets.DISPATCH_ACCESS_TOKEN }} MERGE_LABELS: '' @@ -77,7 +77,7 @@ jobs: if: ${{ contains(needs.*.result, 'failure') }} steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 if: github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && github.event.pull_request.user.login == 'github-actions[bot]') env: SLACK_USERNAME: Java SDK diff --git a/.github/workflows/sdk_generation.yaml b/.github/workflows/sdk_generation.yaml index 2ccedae8..90a209c3 100644 --- a/.github/workflows/sdk_generation.yaml +++ b/.github/workflows/sdk_generation.yaml @@ -21,7 +21,7 @@ permissions: - cron: 0 0 * * * jobs: generate: - uses: speakeasy-api/sdk-generation-action/.github/workflows/workflow-executor.yaml@v15 + uses: speakeasy-api/sdk-generation-action/.github/workflows/workflow-executor.yaml@fe37b336cd1948f1e2e60383fd94bfb884318cf2 # v15 with: force: ${{ github.event.inputs.force }} mode: pr @@ -40,7 +40,7 @@ jobs: if: ${{ contains(needs.*.result, 'failure') }} steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 if: github.ref == 'refs/heads/main' env: SLACK_USERNAME: Java SDK diff --git a/.github/workflows/sdk_publish.yaml b/.github/workflows/sdk_publish.yaml index 5e49680b..625c430c 100644 --- a/.github/workflows/sdk_publish.yaml +++ b/.github/workflows/sdk_publish.yaml @@ -14,7 +14,7 @@ permissions: workflow_dispatch: {} jobs: publish: - uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@v15 + uses: speakeasy-api/sdk-generation-action/.github/workflows/sdk-publish.yaml@fe37b336cd1948f1e2e60383fd94bfb884318cf2 # v15 with: target: java secrets: @@ -32,7 +32,7 @@ jobs: if: always() steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@v2 + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2 if: github.ref == 'refs/heads/main' env: SLACK_USERNAME: Java SDK @@ -55,7 +55,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Notify SDKs - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 with: token: ${{ secrets.DISPATCH_ACCESS_TOKEN }} repository: ${{ matrix.repo }} diff --git a/.github/workflows/sdk_tag.yaml b/.github/workflows/sdk_tag.yaml index 972e2709..c4ae2dad 100644 --- a/.github/workflows/sdk_tag.yaml +++ b/.github/workflows/sdk_tag.yaml @@ -11,7 +11,7 @@ permissions: workflow_dispatch: {} jobs: tag: - uses: speakeasy-api/sdk-generation-action/.github/workflows/tag.yaml@v15 + uses: speakeasy-api/sdk-generation-action/.github/workflows/tag.yaml@fe37b336cd1948f1e2e60383fd94bfb884318cf2 # v15 with: registry_tags: main secrets: