From 9781ef939788eae9646c5b79f6f4302b1a82df8c Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Thu, 14 May 2026 09:34:48 +0100 Subject: [PATCH] Pin GitHub Actions to commit SHAs Co-Authored-By: Claude Opus 4.5 --- .github/dependabot.yml | 10 ++++++++++ .github/workflows/pint-fix.yml | 6 +++--- .github/workflows/pint-lint.yml | 4 ++-- .github/workflows/release.yml | 10 +++++----- .github/workflows/tests.yml | 4 ++-- 5 files changed, 22 insertions(+), 12 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f6faee6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/pint-fix.yml b/.github/workflows/pint-fix.yml index cb0c9a6..aba5359 100644 --- a/.github/workflows/pint-fix.yml +++ b/.github/workflows/pint-fix.yml @@ -15,14 +15,14 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.head_ref }} - name: Fix PHP code style issues - uses: aglipanci/laravel-pint-action@1.0.0 + uses: aglipanci/laravel-pint-action@643466ad03b726047b3c78b531be5ec7835429ff # 1.0.0 - name: Commit changes - uses: stefanzweifel/git-auto-commit-action@v4 + uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4 with: commit_message: Fix styling diff --git a/.github/workflows/pint-lint.yml b/.github/workflows/pint-lint.yml index d641864..5320b4f 100644 --- a/.github/workflows/pint-lint.yml +++ b/.github/workflows/pint-lint.yml @@ -11,10 +11,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Check PHP code style issues - uses: aglipanci/laravel-pint-action@1.0.0 + uses: aglipanci/laravel-pint-action@643466ad03b726047b3c78b531be5ec7835429ff # 1.0.0 with: testMode: true verboseMode: true \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 184a7df..52fd04e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,10 +11,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2 with: php-version: 8.4 extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick @@ -34,13 +34,13 @@ jobs: - name: Get Changelog id: changelog - uses: statamic/changelog-action@v1 + uses: statamic/changelog-action@5d112d0d790cdeeb5adca3e584e37edc474ab51b # v1 with: version: ${{ github.ref }} - name: Create release id: create_release - uses: actions/create-release@v1 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -50,7 +50,7 @@ jobs: prerelease: ${{ contains(github.ref, '-beta') }} - name: Upload zip to release - uses: actions/upload-release-asset@v1.0.1 + uses: actions/upload-release-asset@64e5e85fc528f162d7ba7ce2d15a3bb67efb3d80 # v1.0.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ebe3a93..ac9c8f3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,10 +24,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # v2 with: php-version: ${{ matrix.php }} extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick