From 42ab94ebd239f2b4b9778e058570715fd3f4c6e1 Mon Sep 17 00:00:00 2001 From: Tito Date: Thu, 4 Jun 2026 08:04:54 +1200 Subject: [PATCH 1/2] chore: pin GitHub Actions to SHAs --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/dependabot-changeset.yml | 6 +++--- .github/workflows/release.yml | 10 +++++----- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5a72ac8..076e4cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,15 +19,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: ${{ matrix.node-version }} - name: Setup Bun - uses: oven-sh/setup-bun@v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 with: bun-version: latest @@ -53,15 +53,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "25.x" - name: Setup Bun - uses: oven-sh/setup-bun@v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 with: bun-version: latest diff --git a/.github/workflows/dependabot-changeset.yml b/.github/workflows/dependabot-changeset.yml index 03df44a..95c9097 100644 --- a/.github/workflows/dependabot-changeset.yml +++ b/.github/workflows/dependabot-changeset.yml @@ -17,19 +17,19 @@ jobs: if: github.actor == 'dependabot[bot]' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 ref: ${{ github.head_ref }} token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "22.x" - name: Setup Bun - uses: oven-sh/setup-bun@v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 with: bun-version: latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c2247d5..5f97b22 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,17 +20,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "22.x" - name: Setup Bun - uses: oven-sh/setup-bun@v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 with: bun-version: latest @@ -51,7 +51,7 @@ jobs: - name: Create Release Pull Request or Publish id: changesets - uses: changesets/action@v1 + uses: changesets/action@a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d # v1 with: version: bun run changeset:version publish: echo "skip" @@ -148,7 +148,7 @@ jobs: - name: Extract release notes and create GitHub Release if: steps.changesets.outputs.hasChangesets == 'false' - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const fs = require('fs'); From 29737fe3ec8b2d5b15f4605ff782e86e6cb733a8 Mon Sep 17 00:00:00 2001 From: Tito Date: Thu, 4 Jun 2026 09:53:37 +1200 Subject: [PATCH 2/2] chore: use exact GitHub Action version comments --- .github/workflows/ci.yml | 14 ++++++-------- .github/workflows/dependabot-changeset.yml | 6 +++--- .github/workflows/release.yml | 10 +++++----- 3 files changed, 14 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 076e4cf..26a9d72 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,15 +19,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup Node.js ${{ matrix.node-version }} - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ matrix.node-version }} - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1.2.2 with: bun-version: latest @@ -53,15 +52,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: "25.x" - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1.2.2 with: bun-version: latest diff --git a/.github/workflows/dependabot-changeset.yml b/.github/workflows/dependabot-changeset.yml index 95c9097..b1affde 100644 --- a/.github/workflows/dependabot-changeset.yml +++ b/.github/workflows/dependabot-changeset.yml @@ -17,19 +17,19 @@ jobs: if: github.actor == 'dependabot[bot]' steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 ref: ${{ github.head_ref }} token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: "22.x" - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1.2.2 with: bun-version: latest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5f97b22..f2c388f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,17 +20,17 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: "22.x" - name: Setup Bun - uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1 + uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1.2.2 with: bun-version: latest @@ -51,7 +51,7 @@ jobs: - name: Create Release Pull Request or Publish id: changesets - uses: changesets/action@a45c4d594aa4e2c509dc14a9f2b3b67ba3780d0d # v1 + uses: changesets/action@3841a0683d3cfa6dae0f9bb335290003010fe3f0 # v1.9.0 with: version: bun run changeset:version publish: echo "skip" @@ -148,7 +148,7 @@ jobs: - name: Extract release notes and create GitHub Release if: steps.changesets.outputs.hasChangesets == 'false' - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 with: script: | const fs = require('fs');