From 54560482635b85ceb9f1e3ffed98d371fc3c4137 Mon Sep 17 00:00:00 2001 From: Jon Desrosiers Date: Thu, 4 Mar 2021 14:55:46 -0500 Subject: [PATCH] Pin SHA values as version numbers for 3rd party GHAs (#29485) (cherry picked from commit 80b6e5b00795b698f112ddeee6d4c07711fde6e7) --- .github/workflows/build-plugin-zip.yml | 14 +++++++------- .github/workflows/bundle-size.yml | 4 ++-- .github/workflows/cancel.yml | 2 +- .github/workflows/create-block.yml | 6 +++--- .github/workflows/end2end-test.yml | 8 ++++---- .github/workflows/performance.yml | 8 ++++---- .github/workflows/pull-request-automation.yml | 2 +- .github/workflows/rnmobile-android-runner.yml | 10 +++++----- .github/workflows/rnmobile-ios-runner.yml | 10 +++++----- .github/workflows/stale-issue-needs-info.yml | 2 +- .github/workflows/static-checks.yml | 6 +++--- .github/workflows/storybook-pages.yml | 8 ++++---- .github/workflows/unit-test.yml | 18 +++++++++--------- 13 files changed, 49 insertions(+), 49 deletions(-) diff --git a/.github/workflows/build-plugin-zip.yml b/.github/workflows/build-plugin-zip.yml index 8ae0c7f9864fd5..6324a0195d9b3e 100644 --- a/.github/workflows/build-plugin-zip.yml +++ b/.github/workflows/build-plugin-zip.yml @@ -17,10 +17,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -33,7 +33,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js 14.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: 14.x @@ -43,7 +43,7 @@ jobs: NO_CHECKS: 'true' - name: Upload artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@e448a9b857ee2131e752b06002bf0e093c65e571 # v2.2.2 with: name: gutenberg-plugin path: ./gutenberg.zip @@ -59,7 +59,7 @@ jobs: run: echo ::set-output name=version::$(echo $GITHUB_REF | cut -d / -f 3 | sed s/^v// | sed 's/-rc./ RC/' ) - name: Download Plugin Zip Artifact - uses: actions/download-artifact@v2 + uses: actions/download-artifact@4a7a711286f30c025902c28b541c10e147a9b843 # v2.0.8 with: name: gutenberg-plugin @@ -71,7 +71,7 @@ jobs: - name: Create Release Draft id: create_release - uses: actions/create-release@v1 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -83,7 +83,7 @@ jobs: - name: Upload Release Asset id: upload-release-asset - uses: actions/upload-release-asset@v1.0.1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/bundle-size.yml b/.github/workflows/bundle-size.yml index e1e6c292fd24df..1b85fa623e23fe 100644 --- a/.github/workflows/bundle-size.yml +++ b/.github/workflows/bundle-size.yml @@ -8,11 +8,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: fetch-depth: 1 - - uses: preactjs/compressed-size-action@v2 + - uses: preactjs/compressed-size-action@7d87f60a6b0c7d193b8183ce859ed00b356ea92f # v2.1.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" pattern: "{build/**/*.js,build/**/*.css}" diff --git a/.github/workflows/cancel.yml b/.github/workflows/cancel.yml index e65d084e10d840..6c8cc20fe1135f 100644 --- a/.github/workflows/cancel.yml +++ b/.github/workflows/cancel.yml @@ -9,7 +9,7 @@ jobs: - name: Get all workflow ids and set to env variable run: echo "WORKFLOW_IDS_TO_CANCEL=$(curl https://api.github.com/repos/${GITHUB_REPOSITORY}/actions/workflows -s | jq -r '.workflows | map(.id|tostring) | join(",")')" >> $GITHUB_ENV - - uses: styfle/cancel-workflow-action@0.4.0 + - uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d # v0.8.0 with: workflow_id: ${{ env.WORKFLOW_IDS_TO_CANCEL }} access_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/create-block.yml b/.github/workflows/create-block.yml index 501ea35660eeba..4bff464420313d 100644 --- a/.github/workflows/create-block.yml +++ b/.github/workflows/create-block.yml @@ -23,10 +23,10 @@ jobs: node: [12, 14] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -39,7 +39,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js ${{ matrix.node }}.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: ${{ matrix.node }} diff --git a/.github/workflows/end2end-test.yml b/.github/workflows/end2end-test.yml index 5c41c9a7940ce4..dc10ffe7a12ab8 100644 --- a/.github/workflows/end2end-test.yml +++ b/.github/workflows/end2end-test.yml @@ -24,10 +24,10 @@ jobs: steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -40,7 +40,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js 14.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: 14.x @@ -60,7 +60,7 @@ jobs: $( npm bin )/wp-scripts test-e2e --config=./packages/e2e-tests/jest.config.js --cacheDirectory="$HOME/.jest-cache" --runTestsByPath $( awk 'NR % 4 == ${{ matrix.part }} - 1' < ~/.jest-e2e-tests ) - name: Archive debug artifacts (screenshots, HTML snapshots) - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@e448a9b857ee2131e752b06002bf0e093c65e571 # v2.2.2 if: always() with: name: failures-artifacts diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml index 12d25673bcd9f5..857bed9849def8 100644 --- a/.github/workflows/performance.yml +++ b/.github/workflows/performance.yml @@ -14,10 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -30,7 +30,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js 14.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: 14.x @@ -56,5 +56,5 @@ jobs: IFS='.' read -r -a WP_VERSION_ARRAY <<< "$WP_VERSION" WP_BRANCH="wp/${WP_VERSION_ARRAY[0]}.${WP_VERSION_ARRAY[1]}" ./bin/plugin/cli.js perf --ci $WP_BRANCH $PREVIOUS_RELEASE_BRANCH $CURRENT_RELEASE_BRANCH - + diff --git a/.github/workflows/pull-request-automation.yml b/.github/workflows/pull-request-automation.yml index 49cb6f83aac037..b3fe89023d2bf3 100644 --- a/.github/workflows/pull-request-automation.yml +++ b/.github/workflows/pull-request-automation.yml @@ -10,7 +10,7 @@ jobs: steps: # Checkout defaults to using the branch which triggered the event, which # isn't necessarily `trunk` (e.g. in the case of a merge). - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: ref: trunk diff --git a/.github/workflows/rnmobile-android-runner.yml b/.github/workflows/rnmobile-android-runner.yml index 2834ade7eacf6c..d3e47a1bc593a7 100644 --- a/.github/workflows/rnmobile-android-runner.yml +++ b/.github/workflows/rnmobile-android-runner.yml @@ -20,10 +20,10 @@ jobs: steps: - name: checkout - uses: actions/checkout@v2 + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Restore npm cache - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('package-lock.json') }} @@ -33,19 +33,19 @@ jobs: - run: npm ci - name: Restore Gradle cache - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 with: path: ~/.gradle/caches key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} restore-keys: ${{ runner.os }}-gradle - - uses: reactivecircus/android-emulator-runner@v2 + - uses: reactivecircus/android-emulator-runner@08b092e904025fada32a01b711af1e7ff7b7a4a3 # v2.14.3 with: api-level: 28 profile: pixel_xl script: npm run native test:e2e:android:local ${{ matrix.native-test-name }} - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@e448a9b857ee2131e752b06002bf0e093c65e571 # v2.2.2 if: always() with: name: android-screen-recordings diff --git a/.github/workflows/rnmobile-ios-runner.yml b/.github/workflows/rnmobile-ios-runner.yml index 35f8f685112275..cb64467a25f6ef 100644 --- a/.github/workflows/rnmobile-ios-runner.yml +++ b/.github/workflows/rnmobile-ios-runner.yml @@ -19,10 +19,10 @@ jobs: ] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Restore npm cache - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 with: path: ~/.npm key: ${{ runner.os }}-npm-${{ hashFiles('package-lock.json') }} @@ -35,13 +35,13 @@ jobs: run: find package-lock.json packages/react-native-editor/ios packages/react-native-aztec/ios packages/react-native-bridge/ios -type f -print0 | sort -z | xargs -0 shasum | tee ios-checksums.txt - name: Restore build cache - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 with: path: packages/react-native-editor/ios/build/GutenbergDemo/Build/Products/Release-iphonesimulator/GutenbergDemo.app key: ${{ runner.os }}-ios-build-${{ hashFiles('ios-checksums.txt') }} - name: Restore pods cache - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 with: path: | packages/react-native-editor/ios/Pods @@ -70,7 +70,7 @@ jobs: - name: Prepare build cache run: rm packages/react-native-editor/ios/build/GutenbergDemo/Build/Products/Release-iphonesimulator/GutenbergDemo.app/main.jsbundle - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@e448a9b857ee2131e752b06002bf0e093c65e571 # v2.2.2 if: always() with: name: ios-screen-recordings diff --git a/.github/workflows/stale-issue-needs-info.yml b/.github/workflows/stale-issue-needs-info.yml index c7413a32c2e4ec..a14b777dc0ab75 100644 --- a/.github/workflows/stale-issue-needs-info.yml +++ b/.github/workflows/stale-issue-needs-info.yml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v3 + - uses: actions/stale@996798eb71ef485dc4c7b4d3285842d714040c4a # v3.0.17 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'Help us move this issue forward. Since it has no activity after 15 days of requesting more information, a bot is marking the issue as stale. Please add additional information as a comment or this issued will be closed in 5 days.' diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml index 0d27c597f722d3..ad10daa5a167fb 100644 --- a/.github/workflows/static-checks.yml +++ b/.github/workflows/static-checks.yml @@ -14,10 +14,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -30,7 +30,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js 14.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: 14.x diff --git a/.github/workflows/storybook-pages.yml b/.github/workflows/storybook-pages.yml index c5a3b847b0ff04..5ea64c67899344 100644 --- a/.github/workflows/storybook-pages.yml +++ b/.github/workflows/storybook-pages.yml @@ -10,12 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 with: ref: trunk - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -28,7 +28,7 @@ jobs: ${{ runner.os }}- - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: '14.x' @@ -39,7 +39,7 @@ jobs: run: npm run storybook:build - name: Deploy - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@bbdfb200618d235585ad98e965f4aafc39b4c501 # v3.7.3 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./storybook/build diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 7ba7b0ae1f5943..a5ccf320fbef50 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -19,10 +19,10 @@ jobs: node: [12, 14] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -35,7 +35,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js ${{ matrix.node }}.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: ${{ matrix.node }} @@ -59,10 +59,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -75,7 +75,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js 14.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: 14.x @@ -107,10 +107,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - name: Cache node modules - uses: actions/cache@v2 + uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4 env: cache-name: cache-node-modules with: @@ -123,7 +123,7 @@ jobs: ${{ runner.os }}- - name: Use Node.js 14.x - uses: actions/setup-node@v1 + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5 with: node-version: 14.x