chore: apply repo-ansible to self

boite · boite · commit 2bd3b7683b2b · 2026-03-25T00:35:55.000Z
diff --git a/.github/workflows/10-review.yaml b/.github/workflows/10-review.yaml
@@ -13,15 +13,16 @@ jobs:
     if: github.actor != 'dependabot[bot]'
     continue-on-error: true
     steps:
-      - uses: actions/checkout@v6
+        # v6 https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       # interesting alternative: https://github.com/cocogitto/cocogitto
-      - uses: webiny/action-conventional-commits@v1.3.0
-        # XXX: normal action versioning syntax (`@v1`) doesn't work with this action,
-        # possibly because not published on the GitHub marketplace
+        # v1.3.0 https://github.com/webiny/action-conventional-commits/commit/8bc41ff4e7d423d56fa4905f6ff79209a78776c7
+      - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7
 
       - name: Check Card# reference
-        uses: linkorb/commit-message-checker@v1
+        # v1 https://github.com/linkorb/commit-message-checker/commit/dc804b50ce575a720739ec3f0ef3d5030130ec98
+        uses: linkorb/commit-message-checker@dc804b50ce575a720739ec3f0ef3d5030130ec98
         with:
           # Matches lines that end in a card number:                  #1234
           # Matches lines that end in a card number and PR reference: #1234 (#20)
diff --git a/.github/workflows/auto-label-pull-request.yaml b/.github/workflows/auto-label-pull-request.yaml
@@ -14,7 +14,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Label pull requests based on conventional commits
-        uses: actions/github-script@v7
+        # v8 https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
diff --git a/.github/workflows/auto-merge-dependabot-prs.yaml b/.github/workflows/auto-merge-dependabot-prs.yaml
@@ -15,7 +15,8 @@ jobs:
     if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
       - id: metadata
-        uses: dependabot/fetch-metadata@v2
+        # v2 https://github.com/dependabot/fetch-metadata/commit/21025c705c08248db411dc16f3619e6b5f9ea21a
+        uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a
 
       - if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
         run: gh pr merge --merge "$PR_URL"
diff --git a/.github/workflows/auto-run-repo-ansible.yaml b/.github/workflows/auto-run-repo-ansible.yaml
@@ -29,10 +29,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - if: ${{ env.IS_PULL_REQUEST == '0' }}
-        uses: actions/checkout@v6
+        # v6 https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
 
       - if: ${{ env.IS_PULL_REQUEST == '1' }}
-        uses: actions/checkout@v6
+        # v6 https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
         with:
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
 
@@ -65,7 +67,8 @@ jobs:
 
       - if: ${{ env.IS_PULL_REQUEST == '1' && env.REPOSITORY_CHANGED == '1' }}
         name: bot comment about repo-ansible detected changes
-        uses: actions/github-script@v7
+        # v8 https://github.com/actions/github-script/commit/ed597411d8f924073f98dfc5c65a23a2325f34cd
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
         with:
           script: |
             const changes = process.env.REPO_ANSIBLE_OUTPUT
