From f01d4f54a46d5268323c54ee9828936173bbbae6 Mon Sep 17 00:00:00 2001 From: Andrew Brandt Date: Sun, 11 Jan 2026 08:58:20 -0600 Subject: [PATCH] chore: pin actions in workflows to commit hashes **Description**: Pin all actions used in `.github/workflows` to specific commit hashes. **Related Issue(s)**: Implements #321 Signed-off-by: Andrew Brandt --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be9a6e59..d7d3c83a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ name: CI -'on': +on: push: branches: [master] pull_request: @@ -7,12 +7,12 @@ name: CI jobs: build: runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive - - uses: actions/setup-python@v6 + + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: '3.14' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c8d1c830..48f836c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,16 +9,16 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive - - uses: actions/cache@v5 + - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: | ~/.cache/pip ~/.platformio/.cache key: ${{ runner.os }}-pio - - uses: actions/setup-python@v6 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: '3.14' @@ -29,7 +29,7 @@ jobs: run: pio run -e gh_release - name: Upload Artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: CrossPoint-${{ github.ref_name }} path: |