diff --git a/.github/actions/tf-plan-apply/action.yml b/.github/actions/tf-plan-apply/action.yml index 5f426ce2..3d1dd556 100644 --- a/.github/actions/tf-plan-apply/action.yml +++ b/.github/actions/tf-plan-apply/action.yml @@ -56,7 +56,7 @@ runs: using: "composite" steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ inputs.aws_assume_role }} role-skip-session-tagging: true @@ -72,7 +72,7 @@ runs: shell: bash - name: Setup Terraform - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: ${{ inputs.terraform_version }} terraform_wrapper: false diff --git a/.github/workflows/automated-deploy-dev.yml b/.github/workflows/automated-deploy-dev.yml index e7205501..5ea4c80f 100644 --- a/.github/workflows/automated-deploy-dev.yml +++ b/.github/workflows/automated-deploy-dev.yml @@ -24,7 +24,7 @@ jobs: environment: development steps: - name: Checkout branch - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Apply base_iam uses: ./.github/actions/tf-plan-apply @@ -47,10 +47,10 @@ jobs: environment: development steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true @@ -58,7 +58,7 @@ jobs: mask-aws-account-id: true - name: Setup Terraform - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: 1.14.7 terraform_wrapper: true @@ -163,7 +163,7 @@ jobs: shell: bash - name: Add PR Comment - uses: actions/github-script@v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: github.event_name == 'pull_request' && (success() || failure()) with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -256,7 +256,7 @@ jobs: if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true @@ -270,7 +270,7 @@ jobs: echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV - name: Send Slack Notification - uses: slackapi/slack-github-action@v3.0.1 + uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2 with: method: chat.postMessage token: ${{ env.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/automated-pr-validator.yml b/.github/workflows/automated-pr-validator.yml index 34625132..50ba0d57 100644 --- a/.github/workflows/automated-pr-validator.yml +++ b/.github/workflows/automated-pr-validator.yml @@ -17,17 +17,17 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: anchore/sbom-action@v0 + - uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 with: path: "." format: cyclonedx-json output-file: sbom-repo-${{ github.event.repository.name }}-${{ github.sha }}.cdx.json - - uses: anchore/scan-action@v7 + - uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7.4.0 id: sbom-scan with: sbom: sbom-repo-${{ github.event.repository.name }}-${{ github.sha }}.cdx.json @@ -37,13 +37,13 @@ jobs: output-format: sarif - name: Upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 if: always() with: sarif_file: ${{ steps.sbom-scan.outputs.sarif }} - name: Add/Update SBOM failure comment - uses: actions/github-script@v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: always() && failure() with: script: | @@ -81,7 +81,7 @@ jobs: }) - name: Delete SBOM failure comment - uses: actions/github-script@v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 if: always() && success() with: script: | @@ -112,7 +112,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -130,10 +130,10 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python 3.11 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.11 diff --git a/.github/workflows/automated-sonarqube-cloud-analysis.yml b/.github/workflows/automated-sonarqube-cloud-analysis.yml index 30692f30..09d2f759 100644 --- a/.github/workflows/automated-sonarqube-cloud-analysis.yml +++ b/.github/workflows/automated-sonarqube-cloud-analysis.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Set up Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: '24' @@ -33,7 +33,7 @@ jobs: npm test - name: SonarQube Cloud Scan - uses: SonarSource/sonarqube-scan-action@v7 + uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # v8.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -46,7 +46,7 @@ jobs: if: failure() && github.event_name == 'push' && github.ref == 'refs/heads/main' steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true @@ -60,7 +60,7 @@ jobs: echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV - name: Send Slack Notification - uses: slackapi/slack-github-action@v3.0.1 + uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2 with: method: chat.postMessage token: ${{ env.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/base-cleanup-lambda-edge.yml b/.github/workflows/base-cleanup-lambda-edge.yml index fb4ca06a..1a88cfb6 100644 --- a/.github/workflows/base-cleanup-lambda-edge.yml +++ b/.github/workflows/base-cleanup-lambda-edge.yml @@ -31,19 +31,19 @@ jobs: environment: ${{ inputs.environment }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: 'NHSDigital/national-document-repository-infrastructure' ref: ${{ inputs.git_ref }} fetch-depth: '0' - name: Setup Python 3.11 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.11 - name: Configure AWS Credentials for ${{ vars.AWS_REGION }} - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true diff --git a/.github/workflows/base-cleanup-workspace.yml b/.github/workflows/base-cleanup-workspace.yml index e959b9aa..eda41506 100644 --- a/.github/workflows/base-cleanup-workspace.yml +++ b/.github/workflows/base-cleanup-workspace.yml @@ -31,14 +31,14 @@ jobs: environment: ${{ inputs.environment }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: 'NHSDigital/national-document-repository-infrastructure' ref: ${{ inputs.git_ref }} fetch-depth: '0' - name: Setup Python 3.11 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.11 @@ -49,7 +49,7 @@ jobs: ./venv/bin/pip3 install boto3==1.42.68 - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true diff --git a/.github/workflows/cron-daily-health-check.yml b/.github/workflows/cron-daily-health-check.yml index 78faac97..982066bf 100644 --- a/.github/workflows/cron-daily-health-check.yml +++ b/.github/workflows/cron-daily-health-check.yml @@ -53,7 +53,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: NHSDigital/national-document-repository @@ -75,7 +75,7 @@ jobs: working-directory: ./app - name: Cypress Build - uses: cypress-io/github-action@v7 + uses: cypress-io/github-action@c495c3ddffba403ba11be95fffb67e25203b3799 # v7.1.10 with: install: false runTests: false @@ -90,7 +90,7 @@ jobs: run: npm install serve -g - name: Run Cypress Tests (Chrome) - uses: cypress-io/github-action@v7 + uses: cypress-io/github-action@c495c3ddffba403ba11be95fffb67e25203b3799 # v7.1.10 with: install: false start: serve -s dist @@ -103,7 +103,7 @@ jobs: CYPRESS_BASE_URL: http://localhost:3000 - name: Upload Artifacts (Screenshots) - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: failure() with: name: cypress-screenshots-chrome @@ -111,7 +111,7 @@ jobs: if-no-files-found: ignore - name: Upload Artifacts (Videos) - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: failure() with: name: cypress-videos-chrome @@ -173,7 +173,7 @@ jobs: if: failure() steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true @@ -187,7 +187,7 @@ jobs: echo "SLACK_BOT_TOKEN=$slack_bot_token" >> $GITHUB_ENV - name: Send Slack Notification - uses: slackapi/slack-github-action@v3.0.1 + uses: slackapi/slack-github-action@03ea5433c137af7c0495bc0cad1af10403fc800c # v3.0.2 with: method: chat.postMessage token: ${{ env.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/cron-tear-down-sandbox.yml b/.github/workflows/cron-tear-down-sandbox.yml index abb88a11..7df8c123 100644 --- a/.github/workflows/cron-tear-down-sandbox.yml +++ b/.github/workflows/cron-tear-down-sandbox.yml @@ -16,12 +16,12 @@ jobs: environment: development steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} role-skip-session-tagging: true @@ -29,7 +29,7 @@ jobs: mask-aws-account-id: true - name: Setup Python 3.11 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.11 diff --git a/.github/workflows/cron-tear-down-test.yml b/.github/workflows/cron-tear-down-test.yml index c372b556..a63d71a1 100644 --- a/.github/workflows/cron-tear-down-test.yml +++ b/.github/workflows/cron-tear-down-test.yml @@ -41,12 +41,12 @@ jobs: sandbox-name: [ndr-test] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_WORKSPACE }}-github-actions-role role-skip-session-tagging: true @@ -55,7 +55,7 @@ jobs: - name: Setup Terraform - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: 1.14.7 terraform_wrapper: false @@ -109,19 +109,19 @@ jobs: environment: test steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/test-github-bootstrap aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - name: Setup Terraform - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: 1.14.3 diff --git a/.github/workflows/deploy-pre-prod.yml b/.github/workflows/deploy-pre-prod.yml index 3857b7b5..d7f559a1 100644 --- a/.github/workflows/deploy-pre-prod.yml +++ b/.github/workflows/deploy-pre-prod.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout main if: ${{ inputs.branch_or_tag == 'main' }} - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: "0" @@ -34,7 +34,7 @@ jobs: - name: Bump version and push tag if: ${{ inputs.branch_or_tag == 'main' }} id: versioning - uses: anothrNick/github-tag-action@1.64.0 + uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} WITH_V: false @@ -51,7 +51,7 @@ jobs: environment: pre-prod steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.tag_main.outputs.version }} fetch-depth: "0" @@ -76,7 +76,7 @@ jobs: environment: pre-prod steps: - name: Checkout main - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ needs.tag_main.outputs.version }} fetch-depth: "0" diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index 4d0085ec..5d0279a2 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -22,7 +22,7 @@ jobs: environment: prod steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: refs/tags/${{ github.event.inputs.git_tag }} fetch-depth: "0" @@ -46,7 +46,7 @@ jobs: environment: prod steps: - name: Checkout Tag - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: refs/tags/${{ inputs.git_tag }} fetch-depth: "0" diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml index 6ddb4bf6..0c699879 100644 --- a/.github/workflows/deploy-sandbox.yml +++ b/.github/workflows/deploy-sandbox.yml @@ -63,7 +63,7 @@ jobs: environment: development steps: - name: Checkout branch - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.git_ref}} @@ -88,7 +88,7 @@ jobs: environment: development steps: - name: Checkout main - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main @@ -112,7 +112,7 @@ jobs: environment: development steps: - name: Checkout Branch - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.git_ref}} diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml index a62e02c8..39c13f2f 100644 --- a/.github/workflows/deploy-test.yml +++ b/.github/workflows/deploy-test.yml @@ -22,7 +22,7 @@ jobs: environment: test steps: - name: Checkout branch - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.git_ref }} @@ -45,7 +45,7 @@ jobs: environment: test steps: - name: Checkout main - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.inputs.git_ref }} diff --git a/.github/workflows/tear-down-sandbox.yml b/.github/workflows/tear-down-sandbox.yml index 037ba242..980512c3 100644 --- a/.github/workflows/tear-down-sandbox.yml +++ b/.github/workflows/tear-down-sandbox.yml @@ -73,19 +73,19 @@ jobs: environment: ${{ inputs.environment }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.git_ref }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - name: Setup Terraform - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: 1.14.7 @@ -110,19 +110,19 @@ jobs: environment: ${{ inputs.environment }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.git_ref }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - name: Setup Terraform - uses: hashicorp/setup-terraform@v4 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: 1.14.7 @@ -145,19 +145,19 @@ jobs: environment: ${{ inputs.environment }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.git_ref }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap aws-region: ${{ vars.AWS_REGION }} mask-aws-account-id: true - name: Setup Python 3.11 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: 3.11 diff --git a/.github/workflows/tool-rename-git-tag.yml b/.github/workflows/tool-rename-git-tag.yml index 48c8c9a4..559f7ca1 100644 --- a/.github/workflows/tool-rename-git-tag.yml +++ b/.github/workflows/tool-rename-git-tag.yml @@ -27,7 +27,7 @@ jobs: permissions: write-all steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.old_tag }} fetch-depth: 0 @@ -42,7 +42,7 @@ jobs: echo Branch SHA: ${{ steps.get-sha.outputs.BRANCH_SHA }} - name: Overwrite tag - uses: actions/github-script@v8 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: script: | console.log(context)