diff --git a/.github/workflows/auto-changelog.yml b/.github/workflows/auto-changelog.yml index 0f7cf602..ea696d93 100644 --- a/.github/workflows/auto-changelog.yml +++ b/.github/workflows/auto-changelog.yml @@ -10,8 +10,8 @@ jobs: update-draft: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Draft Release - uses: release-drafter/release-drafter@v5 + uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/auto-versioning.yml b/.github/workflows/auto-versioning.yml index 1bb8dce4..2f9c852f 100644 --- a/.github/workflows/auto-versioning.yml +++ b/.github/workflows/auto-versioning.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 @@ -78,7 +78,7 @@ jobs: - name: Create GitHub Release (tag-only, no workspace changes) if: ${{ steps.semver.outputs.changed && steps.check_release.outputs.exists == 'false' }} - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: tag_name: ${{ steps.create_tag.outputs.tag }} name: Release ${{ steps.create_tag.outputs.tag }} diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 28354ac9..b87c89d4 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -24,10 +24,10 @@ jobs: name: Performance Regression Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 with: go-version: '1.25.4' cache-dependency-path: backend/go.sum diff --git a/.github/workflows/codecov-upload.yml b/.github/workflows/codecov-upload.yml index a2d040af..68ad8e14 100644 --- a/.github/workflows/codecov-upload.yml +++ b/.github/workflows/codecov-upload.yml @@ -16,12 +16,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639 # v4 with: go-version: '1.25.4' cache-dependency-path: backend/go.sum @@ -35,7 +35,7 @@ jobs: exit ${PIPESTATUS[0]} - name: Upload backend coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./backend/coverage.out @@ -47,12 +47,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: '24.11.1' cache: 'npm' @@ -69,7 +69,7 @@ jobs: exit ${PIPESTATUS[0]} - name: Upload frontend coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5 with: token: ${{ secrets.CODECOV_TOKEN }} directory: ./frontend/coverage diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 28cf7c71..8ad7150c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,7 @@ jobs: - name: Setup Go if: matrix.language == 'go' - uses: actions/setup-go@v4 + uses: actions/setup-go@19bb51245e9c80abacb2e91cc42b33fa478b8639 # v4 with: go-version: '1.25.4' diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml index 7901d1f2..e9ea357b 100644 --- a/.github/workflows/docker-lint.yml +++ b/.github/workflows/docker-lint.yml @@ -14,7 +14,7 @@ jobs: hadolint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Run Hadolint uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index b5c87c31..21469d89 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -279,7 +279,7 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Build image locally for PR run: | diff --git a/.github/workflows/release-goreleaser.yml b/.github/workflows/release-goreleaser.yml index cc65b74a..1e9ed1ab 100644 --- a/.github/workflows/release-goreleaser.yml +++ b/.github/workflows/release-goreleaser.yml @@ -19,17 +19,17 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 with: go-version: '1.25.4' - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: '24.11.1' @@ -50,7 +50,7 @@ jobs: # GITHUB_TOKEN is set from CHARON_TOKEN or CPMP_TOKEN (fallback), defaulting to GITHUB_TOKEN - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5 + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5 with: distribution: goreleaser version: latest