From 17f05fab3da9cf89e11869b70d71b8e2e2a5913e Mon Sep 17 00:00:00 2001 From: Allen Date: Wed, 25 Mar 2026 16:38:46 +0000 Subject: [PATCH] mesh-2092: pin action versions to commit sha --- .github/workflows/merge-develop.yml | 16 ++++++++-------- .github/workflows/pull-request.yml | 24 ++++++++++++------------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/merge-develop.yml b/.github/workflows/merge-develop.yml index 64e7e38..9a6baa3 100644 --- a/.github/workflows/merge-develop.yml +++ b/.github/workflows/merge-develop.yml @@ -14,12 +14,12 @@ jobs: if: github.repository == 'NHSDigital/mesh-sandbox' && !contains(github.event.head_commit.message, 'tag release version:') steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: setup python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v with: python-version-file: "pyproject.toml" @@ -33,7 +33,7 @@ jobs: poetry self add "poetry-dynamic-versioning[plugin]" - name: cache virtualenv - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | .venv @@ -52,7 +52,7 @@ jobs: - name: setup java if: success() || failure() - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: "corretto" java-version: "11" @@ -73,7 +73,7 @@ jobs: - name: setup java if: github.actor != 'dependabot[bot]' && (success() || failure()) - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: "corretto" java-version: "17" @@ -116,7 +116,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-sandbox' && github.actor != 'dependabot[bot]' && !contains(github.event.head_commit.message, 'tag release version:') steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -126,7 +126,7 @@ jobs: find . -type f | xargs chmod g+w - name: setup python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version-file: "pyproject.toml" @@ -148,7 +148,7 @@ jobs: - name: create release id: create_release - uses: actions/create-release@v1 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1 continue-on-error: false env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 3874f77..23a230e 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-sandbox' steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -46,7 +46,7 @@ jobs: PR_BRANCH: ${{ github.head_ref }} - name: setup python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version-file: "pyproject.toml" @@ -60,7 +60,7 @@ jobs: poetry self add "poetry-dynamic-versioning[plugin]" - name: cache virtualenv - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | .venv @@ -82,7 +82,7 @@ jobs: - name: setup java if: success() || failure() - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: "corretto" java-version: "11" @@ -103,7 +103,7 @@ jobs: - name: setup java if: success() || failure() - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: distribution: "corretto" java-version: "17" @@ -133,7 +133,7 @@ jobs: - name: archive reports if: success() || failure() - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: reports path: reports/**/* @@ -158,7 +158,7 @@ jobs: if: github.repository == 'NHSDigital/mesh-sandbox' steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -182,7 +182,7 @@ jobs: PR_BRANCH: ${{ github.head_ref }} - name: setup python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version-file: "pyproject.toml" @@ -196,7 +196,7 @@ jobs: poetry self add "poetry-dynamic-versioning[plugin]" - name: cache virtualenv - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | .venv @@ -244,7 +244,7 @@ jobs: - lint steps: - name: checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -273,7 +273,7 @@ jobs: PR_BRANCH: ${{ github.head_ref }} - name: setup python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version-file: "pyproject.toml" @@ -287,7 +287,7 @@ jobs: poetry self add "poetry-dynamic-versioning[plugin]" - name: cache virtualenv - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: | .venv