Merge pull request #1281 from pi-hole/pin_sha

Pin github actions to SHA
2025-12-20 03:08:45 +00:00 · 2025-11-09 12:41:36 +01:00
parent 35b369c6b0 12ea0f0549
commit a17d79492c
6 changed files with 11 additions and 11 deletions
--- a/.github/workflows/calibreapp-image-actions.yml
+++ b/.github/workflows/calibreapp-image-actions.yml
@@ -16,11 +16,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
          persist-credentials: false
      - name: Compress Images
-        uses: calibreapp/image-actions@1.4.1 # TODO: if they start using a tag like v1, switch to that
+        uses: calibreapp/image-actions@f32575787d333b0579f0b7d506ff03be63a669d1 #1.4.1 TODO: if they start using a tag like v1, switch to that
        with:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,20 +18,20 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
          persist-credentials: false
          fetch-depth: 0
      - name: Set up Python
-        uses: actions/setup-python@v6.0.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0
        with:
          python-version: "${{ env.PYTHON_VERSION }}"
          architecture: "x64"
          cache: pip
      - name: Set up Node.js
-        uses: actions/setup-node@v6.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
        with:
          node-version: "${{ env.NODE }}"
          cache: npm
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -9,12 +9,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
          persist-credentials: false
      - name: Spell-Checking
-        uses: codespell-project/actions-codespell@master
+        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 #v2.1
        with:
          ignore_words_file: .codespellignore
          skip: ./docs/routers/fritzbox-de.md,./mkdocs.yml,./package.json,./package-lock.json,./.markdownlint.json,./requirements.txt, ./MathJax-es5/*
--- a/.github/workflows/editorconfig-checker.yml
+++ b/.github/workflows/editorconfig-checker.yml
@@ -10,8 +10,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
        with:
          persist-credentials: false
-      - uses: editorconfig-checker/action-editorconfig-checker@main
+      - uses: editorconfig-checker/action-editorconfig-checker@4b6cd6190d435e7e084fb35e36a096e98506f7b9 #v2.1.0
      - run: editorconfig-checker
--- a/.github/workflows/merge-conflict.yml
+++ b/.github/workflows/merge-conflict.yml
@@ -13,7 +13,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check if PRs are have merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@v3.0.3
+        uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 #v3.0.3
        with:
          dirtyLabel: "Merge Conflict"
          repoToken: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/stale_pr.yml
+++ b/.github/workflows/stale_pr.yml
@@ -16,7 +16,7 @@ jobs:
      pull-requests: write
    steps:
-      - uses: actions/stale@v10.1.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          # Do not automatically mark PR/issue as stale