Skip to content

Commit 8c240c8

Browse files
hyperpolymathclaude
andcommitted
SHA-pin GitHub Actions and upgrade deprecated checkout versions
- Upgrade actions/checkout from v2/v3 to SHA-pinned v4 - SHA-pin all unshelled action tags (pages, CodeQL, scorecard, rust-cache, upload/download-artifact, setup-node, cache) - Standardise scorecard-action to v2.4.0 - Fix setup-node@v6 → SHA-pinned v4 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 6af0e61 commit 8c240c8

79 files changed

Lines changed: 246 additions & 246 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

aggregate-library/.github/workflows/guix-nix-policy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
check:
77
runs-on: ubuntu-latest
88
steps:
9-
- uses: actions/checkout@v4
9+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
1010
- name: Enforce Guix primary / Nix fallback
1111
run: |
1212
# Check for package manager files

aggregate-library/.github/workflows/jekyll-gh-pages.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,16 +28,16 @@ jobs:
2828
runs-on: ubuntu-latest
2929
steps:
3030
- name: Checkout
31-
uses: actions/checkout@v4
31+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
3232
- name: Setup Pages
33-
uses: actions/configure-pages@v5
33+
uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5
3434
- name: Build with Jekyll
35-
uses: actions/jekyll-build-pages@v1
35+
uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1
3636
with:
3737
source: ./
3838
destination: ./_site
3939
- name: Upload artifact
40-
uses: actions/upload-pages-artifact@v3
40+
uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
4141

4242
# Deployment job
4343
deploy:
@@ -49,4 +49,4 @@ jobs:
4949
steps:
5050
- name: Deploy to GitHub Pages
5151
id: deployment
52-
uses: actions/deploy-pages@v4
52+
uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4

aggregate-library/.github/workflows/quality.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ jobs:
77
lint:
88
runs-on: ubuntu-latest
99
steps:
10-
- uses: actions/checkout@v4
10+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
1111

1212
- name: Check file permissions
1313
run: |
@@ -37,7 +37,7 @@ jobs:
3737
docs:
3838
runs-on: ubuntu-latest
3939
steps:
40-
- uses: actions/checkout@v4
40+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
4141
- name: Check documentation
4242
run: |
4343
MISSING=""

aggregate-library/.github/workflows/rsr-antipattern.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
antipattern-check:
1919
runs-on: ubuntu-latest
2020
steps:
21-
- uses: actions/checkout@v4
21+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
2222

2323
- name: Check for TypeScript
2424
run: |

aggregate-library/.github/workflows/scorecard.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,17 +15,17 @@ jobs:
1515
security-events: write
1616
id-token: write
1717
steps:
18-
- uses: actions/checkout@v4
18+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
1919
with:
2020
persist-credentials: false
2121

2222
- name: Run Scorecard
23-
uses: ossf/scorecard-action@v2.3.1
23+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
2424
with:
2525
results_file: results.sarif
2626
results_format: sarif
2727

2828
- name: Upload results
29-
uses: github/codeql-action/upload-sarif@v3
29+
uses: github/codeql-action/upload-sarif@6624720a57d4c312633c7b953db2f2da5bcb4c3a # v3
3030
with:
3131
sarif_file: results.sarif

aggregate-library/.github/workflows/security-policy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ jobs:
66
check:
77
runs-on: ubuntu-latest
88
steps:
9-
- uses: actions/checkout@v4
9+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
1010
- name: Security checks
1111
run: |
1212
FAILED=false

aggregate-library/.github/workflows/wellknown-enforcement.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
validate:
2020
runs-on: ubuntu-latest
2121
steps:
22-
- uses: actions/checkout@v4
22+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
2323

2424
- name: RFC 9116 security.txt validation
2525
run: |

packages/.github/workflows/testpr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ jobs:
55
default:
66
runs-on: ubuntu-latest
77
steps:
8-
- uses: actions/checkout@v6
8+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
99
with:
1010
fetch-depth: 0
1111
ref: ${{ github.event.pull_request.head.sha }}

packages/.github/workflows/testpush.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ jobs:
55
default:
66
runs-on: ubuntu-latest
77
steps:
8-
- uses: actions/checkout@v6
8+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
99
- uses: iffy/install-nim@v5.1.1
1010
with:
1111
version: stable

rescript-ecosystem/cadre-router/tea-router/.github/workflows/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,8 @@ jobs:
2424
# name: Build
2525
# runs-on: ubuntu-latest
2626
# steps:
27-
# - uses: actions/checkout@v6.0.1
28-
# - uses: actions/setup-node@v4
27+
# - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
28+
# - uses: actions/setup-node@49933ea5288caeca8642195f2b846b8bbe245a93 # v4
2929
# with:
3030
# node-version: '20'
3131
# - run: npm ci

0 commit comments

Comments
 (0)