Pin all GitHub Actions to full commit SHAs
Org policy now requires actions pinned to immutable SHAs instead of mutable version tags. Pin actions/checkout, actions/github-script, softprops/action-gh-release, and oven-sh/setup-bun across all workflows.
This commit is contained in:
Lawrence Chen
parent
3cf1d2501f
commit
fc3e3a4d7d
4 changed files with 11 additions and 11 deletions
6
.github/workflows/nightly.yml
vendored
6
.github/workflows/nightly.yml
vendored
|
|
@ -25,7 +25,7 @@ jobs:
|
|||
steps:
|
||||
- name: Decide whether a nightly build is needed
|
||||
id: decide
|
||||
uses: actions/github-script@v7
|
||||
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
|
||||
env:
|
||||
FORCE_BUILD: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.force == 'true' && 'true' || 'false' }}
|
||||
with:
|
||||
|
|
@ -84,7 +84,7 @@ jobs:
|
|||
cancel-in-progress: false
|
||||
steps:
|
||||
- name: Checkout main
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
|
||||
with:
|
||||
ref: ${{ needs.decide.outputs.head_sha }}
|
||||
submodules: recursive
|
||||
|
|
@ -326,7 +326,7 @@ jobs:
|
|||
git push origin refs/tags/nightly --force
|
||||
|
||||
- name: Publish nightly release assets
|
||||
uses: softprops/action-gh-release@v2
|
||||
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
|
||||
with:
|
||||
tag_name: nightly
|
||||
name: Nightly
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue