diff --git a/.github/workflows/canary-release-pr.yml b/.github/workflows/canary-release-pr.yml index 3e93ef40df5b..c61908db99b7 100644 --- a/.github/workflows/canary-release-pr.yml +++ b/.github/workflows/canary-release-pr.yml @@ -30,7 +30,7 @@ jobs: if: github.event_name == 'workflow_dispatch' || endsWith(github.head_ref, 'with-canary-release') steps: - name: Fail if triggering actor is not administrator - uses: prince-chrismc/check-actor-permissions-action@v2.0.4 + uses: prince-chrismc/check-actor-permissions-action@76c9ebe1cc5f00207d4ac0948be353226e27bf93 # v2.0.4 with: permission: admin @@ -53,19 +53,19 @@ jobs: echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ steps.info.outputs.isFork == 'true' && steps.info.outputs.repository || null }} ref: ${{ steps.info.outputs.sha }} token: ${{ secrets.GH_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: '.nvmrc' - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: | ~/.yarn/berry/cache @@ -93,7 +93,7 @@ jobs: - name: Replace Pull Request Body # TODO: replace with ivangabriele/find-and-replace-pull-request-body@vX when https://github.com/ivangabriele/find-and-replace-pull-request-body/pull/11 has been released - uses: mcky/find-and-replace-pull-request-body@v1.1.6-mcky + uses: mcky/find-and-replace-pull-request-body@ffeec965b89c9284c290f2a85077a8c2c60f5040 # v1.1.6-mcky with: githubToken: ${{ secrets.GH_TOKEN }} prNumber: ${{ github.event_name == 'workflow_dispatch' && inputs.pr || '' }} diff --git a/.github/workflows/cron-weekly.yml b/.github/workflows/cron-weekly.yml index 07026c97fb8a..85d569500f60 100644 --- a/.github/workflows/cron-weekly.yml +++ b/.github/workflows/cron-weekly.yml @@ -8,8 +8,8 @@ jobs: check-links: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: gaurav-nelson/github-action-markdown-link-check@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 # checks all markdown files from important folders including all subfolders with: # only show errors that occur instead of successful links + errors diff --git a/.github/workflows/danger-js.yml b/.github/workflows/danger-js.yml index a9ef5d65affe..4332aad5382c 100644 --- a/.github/workflows/danger-js.yml +++ b/.github/workflows/danger-js.yml @@ -21,12 +21,12 @@ jobs: name: Danger JS runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: ".nvmrc" - name: Danger JS - uses: danger/danger-js@11.2.6 + uses: danger/danger-js@899a8200c0781b16d740c2d68a15e64530f6ab56 # 11.2.6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/generate-sandboxes.yml b/.github/workflows/generate-sandboxes.yml index 425ae0f1fb44..b0ea24e98620 100644 --- a/.github/workflows/generate-sandboxes.yml +++ b/.github/workflows/generate-sandboxes.yml @@ -26,11 +26,11 @@ jobs: name: Generate to next runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: next - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: '.nvmrc' @@ -78,11 +78,11 @@ jobs: name: Generate to main runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: main - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: '.nvmrc' diff --git a/.github/workflows/handle-release-branches.yml b/.github/workflows/handle-release-branches.yml index 84cebf0aee54..2affd51c5c71 100644 --- a/.github/workflows/handle-release-branches.yml +++ b/.github/workflows/handle-release-branches.yml @@ -23,7 +23,7 @@ jobs: if: ${{ needs.branch-checks.outputs.is-latest-branch == 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: curl -X POST "https://api.netlify.com/build_hooks/${{ secrets.FRONTPAGE_HOOK }}" @@ -32,7 +32,7 @@ jobs: if: ${{ needs.branch-checks.outputs.is-next-branch == 'true' || needs.branch-checks.outputs.is-release-branch == 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: next path: next @@ -54,7 +54,7 @@ jobs: if: ${{ needs.branch-checks.outputs.is-next-branch == 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/prepare-non-patch-release.yml b/.github/workflows/prepare-non-patch-release.yml index c495114d461e..b368b5ec86b5 100644 --- a/.github/workflows/prepare-non-patch-release.yml +++ b/.github/workflows/prepare-non-patch-release.yml @@ -43,7 +43,7 @@ jobs: working-directory: scripts steps: - name: Checkout next - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: next # this needs to be set to a high enough number that it will contain the last version tag @@ -52,12 +52,12 @@ jobs: token: ${{ secrets.GH_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: ".nvmrc" - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: | ~/.yarn/berry/cache diff --git a/.github/workflows/prepare-patch-release.yml b/.github/workflows/prepare-patch-release.yml index f66258c0d836..20984f6ae523 100644 --- a/.github/workflows/prepare-patch-release.yml +++ b/.github/workflows/prepare-patch-release.yml @@ -25,18 +25,18 @@ jobs: working-directory: scripts steps: - name: Checkout main - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: main token: ${{ secrets.GH_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: ".nvmrc" - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: | ~/.yarn/berry/cache diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e8828028f0fa..b31549d00081 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,18 +37,18 @@ jobs: gh run watch ${{ github.run_id }} - name: Checkout ${{ github.ref_name }} - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 100 token: ${{ secrets.GH_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: ".nvmrc" - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 with: path: | ~/.yarn/berry/cache diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index dfedf4d4ca4c..186b0d9c136a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -7,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: stale-issue-message: "Hi there! Thank you for opening this issue, but it has been marked as `stale` because we need more information to move forward. Could you please provide us with the requested reproduction or additional information that could help us better understand the problem? We'd love to resolve this issue, but we can't do it without your help!" close-issue-message: "I'm afraid we need to close this issue for now, since we can't take any action without the requested reproduction or additional information. But please don't hesitate to open a new issue if the problem persists – we're always happy to help. Thanks so much for your understanding." diff --git a/.github/workflows/tests-unit.yml b/.github/workflows/tests-unit.yml index 0c6a9f61b333..789632e272ff 100644 --- a/.github/workflows/tests-unit.yml +++ b/.github/workflows/tests-unit.yml @@ -15,11 +15,11 @@ jobs: name: Core Unit Tests, windows-latest runs-on: windows-11-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 2 - name: Set node version - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version-file: ".nvmrc" cache: 'yarn' diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index adf6ad3b9bfc..c3726370156d 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -17,7 +17,7 @@ jobs: name: Nissuer runs-on: ubuntu-latest steps: - - uses: balazsorban44/nissuer@1.10.0 + - uses: balazsorban44/nissuer@92ef22afd6a75e5e588f5d689a1fd3433f596f82 # 1.10.0 with: label-comments: | { diff --git a/.github/workflows/trigger-circle-ci-workflow.yml b/.github/workflows/trigger-circle-ci-workflow.yml index a35a74868f10..c41960e96bdf 100644 --- a/.github/workflows/trigger-circle-ci-workflow.yml +++ b/.github/workflows/trigger-circle-ci-workflow.yml @@ -58,7 +58,7 @@ jobs: if: needs.get-parameters.outputs.workflow != '' steps: - name: Trigger Normal tests - uses: fjogeleit/http-request-action@v1 + uses: fjogeleit/http-request-action@bf78da14118941f7e940279dd58f67e863cbeff6 # v1.16.3 with: url: 'https://circleci.com/api/v2/project/gh/storybookjs/storybook/pipeline' method: 'POST'