From 05227927fd467fb28cef2a250eec2f452a593fc9 Mon Sep 17 00:00:00 2001 From: Patrick Linnane Date: Thu, 12 Dec 2024 22:55:04 -0800 Subject: [PATCH] workflows: use full version numbers Signed-off-by: Patrick Linnane --- .github/workflows/actionlint.yml | 6 +++--- .github/workflows/automerge-from-merge-queue.yml | 2 +- .github/workflows/automerge.yml | 2 +- .github/workflows/cache.yml | 2 +- .github/workflows/create-replacement-pr.yml | 2 +- .github/workflows/dispatch-build-bottle.yml | 6 +++--- .github/workflows/dispatch-rebottle.yml | 4 ++-- .github/workflows/publish-commit-bottles.yml | 2 +- .github/workflows/recreate-linux-runners.yml | 4 ++-- .github/workflows/tests.yml | 10 +++++----- .github/workflows/triage-ci.yml | 2 +- .github/workflows/triage.yml | 2 +- 12 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 162a7f5e3ade1..852782b4eb41e 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -58,7 +58,7 @@ jobs: - run: zizmor --format sarif . > results.sarif - name: Upload SARIF file - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: results.sarif path: results.sarif @@ -82,13 +82,13 @@ jobs: security-events: write steps: - name: Download SARIF file - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: results.sarif path: results.sarif - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@86b04fb0e47484f7282357688f21d5d0e32175fe # v3.27.9 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/automerge-from-merge-queue.yml b/.github/workflows/automerge-from-merge-queue.yml index 6f541ab88626a..03fbdbb1f2db4 100644 --- a/.github/workflows/automerge-from-merge-queue.yml +++ b/.github/workflows/automerge-from-merge-queue.yml @@ -41,7 +41,7 @@ jobs: actions: read steps: - name: Upload metadata - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: event_payload path: ${{ github.event_path }} diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 834e88f7524fe..a49f0184e64ad 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -47,7 +47,7 @@ jobs: workflow-name: Triage tasks - name: Download `event_payload` artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: event_payload github-token: ${{ github.token }} diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml index eb466df102e7c..307b621bfadad 100644 --- a/.github/workflows/cache.yml +++ b/.github/workflows/cache.yml @@ -86,7 +86,7 @@ jobs: echo "prefix=${cache_key_prefix}" >> "${GITHUB_OUTPUT}" - name: Cache Homebrew Bundler gems - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ steps.set-up-homebrew.outputs.gems-path }} key: ${{ steps.cache-key.outputs.prefix }}-rubygems-${{ steps.set-up-homebrew.outputs.gems-hash }} diff --git a/.github/workflows/create-replacement-pr.yml b/.github/workflows/create-replacement-pr.yml index ab43575699413..2b363589b2cfa 100644 --- a/.github/workflows/create-replacement-pr.yml +++ b/.github/workflows/create-replacement-pr.yml @@ -182,7 +182,7 @@ jobs: "$PR" - name: Generate build provenance - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-path: '${{steps.pr-pull.outputs.bottle_path}}/*.tar.gz' if: inputs.upload diff --git a/.github/workflows/dispatch-build-bottle.yml b/.github/workflows/dispatch-build-bottle.yml index 718982d6e652c..5fb2412870699 100644 --- a/.github/workflows/dispatch-build-bottle.yml +++ b/.github/workflows/dispatch-build-bottle.yml @@ -68,7 +68,7 @@ jobs: - name: Prepare runner matrix id: runner-matrix - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const macOSRegex = /^(\d+(?:\.\d+)?)(?:-(arm64|x86_64))?$/; @@ -218,7 +218,7 @@ jobs: test-bot: false - name: Download bottles from GitHub Actions - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: bottles_* path: ${{ env.BOTTLES_DIR }} @@ -236,7 +236,7 @@ jobs: signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }} - name: Generate build provenance - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-path: ${{ env.BOTTLES_DIR }}/*.tar.gz diff --git a/.github/workflows/dispatch-rebottle.yml b/.github/workflows/dispatch-rebottle.yml index eab24ebcd1dd2..035d4103ff7da 100644 --- a/.github/workflows/dispatch-rebottle.yml +++ b/.github/workflows/dispatch-rebottle.yml @@ -155,7 +155,7 @@ jobs: test-bot: false - name: Download bottles from GitHub Actions - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: bottles_* path: ${{ env.BOTTLES_DIR }} @@ -173,7 +173,7 @@ jobs: signing_key: ${{ secrets.BREWTESTBOT_GPG_SIGNING_SUBKEY }} - name: Generate build provenance - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-path: ${{ env.BOTTLES_DIR }}/*.tar.gz diff --git a/.github/workflows/publish-commit-bottles.yml b/.github/workflows/publish-commit-bottles.yml index 5cce2324c5789..294c59a05ba37 100644 --- a/.github/workflows/publish-commit-bottles.yml +++ b/.github/workflows/publish-commit-bottles.yml @@ -354,7 +354,7 @@ jobs: "$PR" - name: Generate build provenance - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-path: '${{steps.pr-pull.outputs.bottle_path}}/*.tar.gz' diff --git a/.github/workflows/recreate-linux-runners.yml b/.github/workflows/recreate-linux-runners.yml index c8b899285ae83..f676e8568f7f4 100644 --- a/.github/workflows/recreate-linux-runners.yml +++ b/.github/workflows/recreate-linux-runners.yml @@ -47,7 +47,7 @@ jobs: - name: Download `event_payload` artifact if: github.event_name == 'workflow_run' - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: event_payload github-token: ${{ github.token }} @@ -91,7 +91,7 @@ jobs: - linux-self-hosted-1 steps: - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0.2.1 + uses: google-github-actions/setup-gcloud@daadedc81d5f9d3c06d2c92f49202a3cc2b919ba # v0.2.1 with: project_id: ${{ secrets.GCP_PROJECT_ID }} service_account_key: ${{ secrets.GCP_SA_KEY }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index ca2bd34ea4aaa..61c1aef5a7737 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,7 +55,7 @@ jobs: stable: ${{ matrix.stable }} - name: Cache style cache - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: /home/linuxbrew/.cache/Homebrew/style key: style-cache-${{ matrix.stable && 'stable-' || 'master-' }}${{ github.sha }} @@ -144,13 +144,13 @@ jobs: test-bot-formulae-args: ${{ steps.check-labels.outputs.test-bot-formulae-args }} test-bot-dependents-args: ${{ steps.check-labels.outputs.test-bot-dependents-args }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Check for CI labels id: check-labels - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: TESTING_FORMULAE: ${{needs.formulae_detect.outputs.testing_formulae}} ADDED_FORMULAE: ${{needs.formulae_detect.outputs.added_formulae}} @@ -260,13 +260,13 @@ jobs: test-bot-formulae-args: ${{ steps.check-labels.outputs.test-bot-formulae-args }} test-bot-dependents-args: ${{ steps.check-labels.outputs.test-bot-dependents-args }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Check for CI labels id: check-labels - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: TESTING_FORMULAE: ${{needs.formulae_detect.outputs.testing_formulae}} ADDED_FORMULAE: ${{needs.formulae_detect.outputs.added_formulae}} diff --git a/.github/workflows/triage-ci.yml b/.github/workflows/triage-ci.yml index d429254fcf0ec..d6f5a797ba04f 100644 --- a/.github/workflows/triage-ci.yml +++ b/.github/workflows/triage-ci.yml @@ -41,7 +41,7 @@ jobs: workflow-name: Triage tasks - name: Download `event_payload` artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: event_payload github-token: ${{ github.token }} diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml index 45325d7ad2673..a3b3a37dc8af7 100644 --- a/.github/workflows/triage.yml +++ b/.github/workflows/triage.yml @@ -24,7 +24,7 @@ jobs: if: always() && github.repository_owner == 'Homebrew' runs-on: ubuntu-latest steps: - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: event_payload path: ${{ github.event_path }}