diff --git a/.github/workflows/codeowners-folder-validation.yml b/.github/workflows/codeowners-folder-validation.yml index 26c4fb7..447d987 100644 --- a/.github/workflows/codeowners-folder-validation.yml +++ b/.github/workflows/codeowners-folder-validation.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false diff --git a/.github/workflows/evaluation.yml b/.github/workflows/evaluation.yml index e0f5ab4..e80c55b 100644 --- a/.github/workflows/evaluation.yml +++ b/.github/workflows/evaluation.yml @@ -75,7 +75,7 @@ jobs: statuses: write steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 0 persist-credentials: false @@ -137,7 +137,7 @@ jobs: statuses: write steps: - name: Checkout base branch - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ github.event.pull_request.base.sha }} fetch-depth: 0 @@ -327,7 +327,7 @@ jobs: - name: Checkout repository if: github.event_name != 'schedule' || steps.check-changes.outputs.has_changes == 'true' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 0 persist-credentials: false @@ -471,7 +471,7 @@ jobs: # changes are tested. For fork PRs (untrusted), always build from the # base branch to prevent untrusted code from modifying tooling. - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ needs.gate.outputs.is_fork != 'true' && needs.gate.outputs.head_sha || '' }} persist-credentials: false @@ -489,7 +489,7 @@ jobs: - name: Setup .NET SDK if: steps.cache-validator.outputs.cache-hit != 'true' - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json @@ -529,13 +529,13 @@ jobs: steps: - name: Checkout skills content - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ needs.gate.outputs.head_sha || '' }} persist-credentials: false - name: Setup .NET SDK - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json @@ -854,7 +854,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false @@ -986,7 +986,7 @@ jobs: cancel-in-progress: false steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false @@ -1077,7 +1077,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false @@ -1204,11 +1204,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository (for dashboard UI files) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false - - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 20 diff --git a/.github/workflows/gh-aw-upgrade.yml b/.github/workflows/gh-aw-upgrade.yml index b3d5b5a..6a74d17 100644 --- a/.github/workflows/gh-aw-upgrade.yml +++ b/.github/workflows/gh-aw-upgrade.yml @@ -13,7 +13,7 @@ jobs: upgrade: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name: Install gh-aw CLI run: curl -sL https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh | bash diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index c3fb945..b35d55e 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -19,13 +19,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false fetch-depth: 0 - name: Get changed Markdown files - uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47 + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # v47.0.6 id: changed-files with: files: "**/*.md" @@ -33,7 +33,7 @@ jobs: - name: Run markdownlint if: steps.changed-files.outputs.any_changed == 'true' - uses: DavidAnson/markdownlint-cli2-action@ce4853d43830c74c1753b39f3cf40f71c2031eb9 # v23 + uses: DavidAnson/markdownlint-cli2-action@ded1f9488f68a970bc66ea5619e13e9b52e601cd # v23 with: globs: ${{ steps.changed-files.outputs.all_changed_files }} separator: "," diff --git a/.github/workflows/skill-check.yml b/.github/workflows/skill-check.yml index c444826..96be53d 100644 --- a/.github/workflows/skill-check.yml +++ b/.github/workflows/skill-check.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false @@ -28,7 +28,7 @@ jobs: - name: Setup .NET SDK if: steps.cache-validator.outputs.cache-hit != 'true' - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json diff --git a/.github/workflows/skill-coverage.yml b/.github/workflows/skill-coverage.yml index 6c83fa3..4a40ceb 100644 --- a/.github/workflows/skill-coverage.yml +++ b/.github/workflows/skill-coverage.yml @@ -112,7 +112,7 @@ jobs: # Checkout the default branch for trusted tooling (Measure-SkillCoverage.ps1), # then fetch the PR head into a separate worktree so untrusted code is never executed. - name: Checkout base branch (trusted tooling) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false diff --git a/.github/workflows/skill-validator.yml b/.github/workflows/skill-validator.yml index 4a63fb2..d6fc950 100644 --- a/.github/workflows/skill-validator.yml +++ b/.github/workflows/skill-validator.yml @@ -26,7 +26,7 @@ jobs: outputs: has_changes: ${{ steps.check.outputs.has_changes }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: fetch-depth: 0 @@ -73,10 +73,10 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false - - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + - uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json @@ -148,7 +148,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: true