Replace unpinned actions with pinned action

stacklok-cloud[bot] · stacklok-cloud[bot] · commit 7e6f782633e5 · 2024-05-17T10:44:32.000Z
diff --git a/.github/workflows/badges.yml b/.github/workflows/badges.yml
@@ -5,61 +5,59 @@ on:
       - develop
   schedule:
     - cron: "0 0 * * *"
-
 jobs:
   get-badges:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: Use Node.js
-      uses: actions/setup-node@v1
-      with:
-        node-version: 10.x
-    - run: npm install
-    - id: libyear
-      uses: ./
-    - run: mkdir badges
-    - uses: emibcn/badge-action@v1
-      with:
-        label: 'libyear drift'
-        status: ${{ steps.libyear.outputs.drift }} year(s) behind
-        color: 'blue'
-        path: 'badges/drift.svg'
-    - uses: emibcn/badge-action@v1
-      with:
-        label: 'libyear pulse'
-        status: ${{ steps.libyear.outputs.pulse }} year(s) behind
-        color: 'blue'
-        path: 'badges/pulse.svg'
-    - uses: emibcn/badge-action@v1
-      with:
-        label: 'libyear'
-        status: ${{ steps.libyear.outputs.releases }} release(s) behind
-        color: 'blue'
-        path: 'badges/releases.svg'
-    - uses: emibcn/badge-action@v1
-      with:
-        label: 'libyear'
-        status: ${{ steps.libyear.outputs.major }} major release(s) behind
-        color: 'blue'
-        path: 'badges/major.svg'
-    - uses: emibcn/badge-action@v1
-      with:
-        label: 'libyear'
-        status: ${{ steps.libyear.outputs.minor }} minor release(s) behind
-        color: 'blue'
-        path: 'badges/minor.svg'
-    - uses: emibcn/badge-action@v1
-      with:
-        label: 'libyear'
-        status: ${{ steps.libyear.outputs.patch }} patch release(s) behind
-        color: 'blue'
-        path: 'badges/patch.svg'
-    - uses: s0/git-publish-subdir-action@develop
-      env:
-        REPO: self
-        BRANCH: badges
-        FOLDER: badges
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        SQUASH_HISTORY: true
-
+      - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
+      - name: Use Node.js
+        uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1
+        with:
+          node-version: 10.x
+      - run: npm install
+      - id: libyear
+        uses: ./
+      - run: mkdir badges
+      - uses: emibcn/badge-action@d5e1c38612d8a624b9b49f9d8c8b5c82cd11ef19 # v1
+        with:
+          label: 'libyear drift'
+          status: ${{ steps.libyear.outputs.drift }} year(s) behind
+          color: 'blue'
+          path: 'badges/drift.svg'
+      - uses: emibcn/badge-action@d5e1c38612d8a624b9b49f9d8c8b5c82cd11ef19 # v1
+        with:
+          label: 'libyear pulse'
+          status: ${{ steps.libyear.outputs.pulse }} year(s) behind
+          color: 'blue'
+          path: 'badges/pulse.svg'
+      - uses: emibcn/badge-action@d5e1c38612d8a624b9b49f9d8c8b5c82cd11ef19 # v1
+        with:
+          label: 'libyear'
+          status: ${{ steps.libyear.outputs.releases }} release(s) behind
+          color: 'blue'
+          path: 'badges/releases.svg'
+      - uses: emibcn/badge-action@d5e1c38612d8a624b9b49f9d8c8b5c82cd11ef19 # v1
+        with:
+          label: 'libyear'
+          status: ${{ steps.libyear.outputs.major }} major release(s) behind
+          color: 'blue'
+          path: 'badges/major.svg'
+      - uses: emibcn/badge-action@d5e1c38612d8a624b9b49f9d8c8b5c82cd11ef19 # v1
+        with:
+          label: 'libyear'
+          status: ${{ steps.libyear.outputs.minor }} minor release(s) behind
+          color: 'blue'
+          path: 'badges/minor.svg'
+      - uses: emibcn/badge-action@d5e1c38612d8a624b9b49f9d8c8b5c82cd11ef19 # v1
+        with:
+          label: 'libyear'
+          status: ${{ steps.libyear.outputs.patch }} patch release(s) behind
+          color: 'blue'
+          path: 'badges/patch.svg'
+      - uses: s0/git-publish-subdir-action@5bc6742efb946f4cba68c7a9067a31ea5631071d # develop
+        env:
+          REPO: self
+          BRANCH: badges
+          FOLDER: badges
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SQUASH_HISTORY: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,42 +1,41 @@
 name: Test branch
 on: push
-
 jobs:
   ci:
     name: Run Build and check output is checked-in
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: Use Node.js
-      uses: actions/setup-node@v1
-      with:
-        node-version: 10.x
-    - name: 'Build'
-      run: |
-        npm install
-        npm run build
-    - name: Check no files have changes
-      run: git diff --exit-code
+      - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
+      - name: Use Node.js
+        uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1
+        with:
+          node-version: 10.x
+      - name: 'Build'
+        run: |
+          npm install
+          npm run build
+      - name: Check no files have changes
+        run: git diff --exit-code
   unit-tests:
     name: Run Unit Tests
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: Use Node.js
-      uses: actions/setup-node@v1
-      with:
-        node-version: 10.x
-    - name: Install NPM Packages
-      run: |
-        npm install
-    - name: Run Unit Tests
-      run: |
-        npm run test -- --coverage
-    - name: Check Linting
-      run: |
-        npm run lint
-    - name: Submit to CodeCov
-      uses: codecov/codecov-action@v1
-      with:
-        file: ./coverage/lcov.info
-        fail_ci_if_error: true
+      - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
+      - name: Use Node.js
+        uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1
+        with:
+          node-version: 10.x
+      - name: Install NPM Packages
+        run: |
+          npm install
+      - name: Run Unit Tests
+        run: |
+          npm run test -- --coverage
+      - name: Check Linting
+        run: |
+          npm run lint
+      - name: Submit to CodeCov
+        uses: codecov/codecov-action@29386c70ef20e286228c72b668a06fd0e8399192 # v1
+        with:
+          file: ./coverage/lcov.info
+          fail_ci_if_error: true
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -10,16 +10,14 @@
 # supported CodeQL languages.
 #
 name: "CodeQL"
-
 on:
   push:
-    branches: [ develop ]
+    branches: [develop]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ develop ]
+    branches: [develop]
   schedule:
     - cron: '19 14 * * 2'
-
 jobs:
   analyze:
     name: Analyze
@@ -28,44 +26,38 @@ jobs:
       actions: read
       contents: read
       security-events: write
-
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
+        language: ['javascript']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Checkout repository
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@2adeade71c5a811210de40b090a358ed9581536c # v1
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@2adeade71c5a811210de40b090a358ed9581536c # v1
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@2adeade71c5a811210de40b090a358ed9581536c # v1
diff --git a/.github/workflows/libyear.yml b/.github/workflows/libyear.yml
@@ -1,18 +1,17 @@
 name: Libyear
 on: push
-
 jobs:
   libyear:
     name: Libyear
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
-    - name: Use Node.js
-      uses: actions/setup-node@v1
-      with:
-        node-version: 10.x
-    - name: 'Install NPM Packages'
-      run: |
-        npm install
-    - name: Run libyear action
-      uses: ./
+      - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
+      - name: Use Node.js
+        uses: actions/setup-node@f1f314fca9dfce2769ece7d933488f076716723e # v1
+        with:
+          node-version: 10.x
+      - name: 'Install NPM Packages'
+        run: |
+          npm install
+      - name: Run libyear action
+        uses: ./
