From 5def0468e4fde07c910cd7213764b921779bfca4 Mon Sep 17 00:00:00 2001 From: Joe Parsons <471936+joeparsons@users.noreply.github.com> Date: Tue, 4 Nov 2025 10:43:46 -0700 Subject: [PATCH 1/3] Closes #133: Pin all third-party GitHub actions to specific revision hashes, enable dependabot updates for github-actions. --- .github/dependabot.yml | 29 +++++++++++++++++++++++ .github/workflows/pull-request-checks.yml | 12 +++++----- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7cede48..374cf44 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,8 @@ updates: schedule: interval: "daily" labels: + - "dependencies" + - "php" - "3.x only" - package-ecosystem: "composer" directory: "/" @@ -13,4 +15,31 @@ updates: schedule: interval: "daily" labels: + - "dependencies" + - "php" - "1.x only" + + - package-ecosystem: "github-actions" + directory: "/" + target-branch: main + schedule: + interval: "daily" + cooldown: + default-days: 5 + labels: + - "dependencies" + - "github_actions" + - "ci" + - "3.x only" + - package-ecosystem: "github-actions" + directory: "/" + target-branch: "1.x" + schedule: + interval: "daily" + cooldown: + default-days: 5 + labels: + - "dependencies" + - "github_actions" + - "ci" + - "1.x only" \ No newline at end of file diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index 6e51a5f..571b87d 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -11,11 +11,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 with: php-version: '8.3' - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Find the pull request source branch name run: | @@ -50,7 +50,7 @@ jobs: fi - name: Checkout scaffolding repo - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: az-digital/az-quickstart-scaffolding ref: ${{ env.SCAFFOLDING_BRANCH_NAME }} @@ -71,7 +71,7 @@ jobs: composer install -o - name: Save build artifact - uses: actions/cache/save@v4 + uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/az-quickstart-scaffolding key: azqs-build-${{ github.sha }} @@ -82,7 +82,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Restore build artifact cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/az-quickstart-scaffolding key: azqs-build-${{ github.sha }} @@ -97,7 +97,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Restore build artifact cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/az-quickstart-scaffolding key: azqs-build-${{ github.sha }} From 566efba4f5a6f14a869107e9ce1b1215a5f0474d Mon Sep 17 00:00:00 2001 From: Joe Parsons <471936+joeparsons@users.noreply.github.com> Date: Tue, 4 Nov 2025 10:54:30 -0700 Subject: [PATCH 2/3] Fix formatting in dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 374cf44..a315d68 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -42,4 +42,4 @@ updates: - "dependencies" - "github_actions" - "ci" - - "1.x only" \ No newline at end of file + - "1.x only" From 5e55ccf678dad9597ab1ab4a07b5df645b1ecb9c Mon Sep 17 00:00:00 2001 From: Joe Parsons <471936+joeparsons@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:00:20 -0700 Subject: [PATCH 3/3] Update to current versions --- .github/workflows/pull-request-checks.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pull-request-checks.yml b/.github/workflows/pull-request-checks.yml index 571b87d..796433e 100644 --- a/.github/workflows/pull-request-checks.yml +++ b/.github/workflows/pull-request-checks.yml @@ -11,11 +11,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up PHP - uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # 2.35.5 + uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # 2.36.0 with: php-version: '8.3' - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Find the pull request source branch name run: | @@ -50,7 +50,7 @@ jobs: fi - name: Checkout scaffolding repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: az-digital/az-quickstart-scaffolding ref: ${{ env.SCAFFOLDING_BRANCH_NAME }} @@ -71,7 +71,7 @@ jobs: composer install -o - name: Save build artifact - uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ github.workspace }}/az-quickstart-scaffolding key: azqs-build-${{ github.sha }} @@ -82,7 +82,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Restore build artifact cache - uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ github.workspace }}/az-quickstart-scaffolding key: azqs-build-${{ github.sha }} @@ -97,7 +97,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Restore build artifact cache - uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: ${{ github.workspace }}/az-quickstart-scaffolding key: azqs-build-${{ github.sha }}