upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-13 18:50:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

ci: Pin actions

Browse source 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
This commit is contained in:
Andy Scherzinger 2026-02-01 15:30:16 +01:00
parent 769b5a9536
commit d759d7a21f
No known key found for this signature in database
GPG key ID: 6CADC7E3523C308B
7 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/command-compile.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
steps:
- name: Check actor permission
uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2
uses: skjnldsv/check-actor-permission@e591dbfe838300c007028e1219ca82cc26e8d7c5 # v2.1
with:
require: write
@ -31,7 +31,7 @@ jobs:
reactions: "+1"
- name: Parse command
uses: skjnldsv/parse-command-comment@7cef1df370a99dfd5bf896d50121390c96785db8 # v2
uses: skjnldsv/parse-command-comment@7cef1df370a99dfd5bf896d50121390c96785db8 # v2.0
id: command
# Init path depending on which command is run

2
.github/workflows/cypress.yml vendored
View file

@ -31,7 +31,7 @@ jobs:
- name: Check composer.json
id: check_composer
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2
uses: andstor/file-existence-action@20b4d2e596410855db8f9ca21e96fbe18e12930b # v2.0.0
with:
files: "composer.json"

2
.github/workflows/dependabot-approve-merge.yml vendored
View file

@ -34,7 +34,7 @@ jobs:
github-token: ${{ secrets.GITHUB_TOKEN }}
# Nextcloud bot approve and merge request
- uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
- uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.6
with:
target: minor
github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}

2
.github/workflows/npm-audit-fix.yml vendored
View file

@ -58,7 +58,7 @@ jobs:
- name: Create Pull Request
if: always()
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
with:
token: ${{ secrets.COMMAND_BOT_PAT }}
commit-message: "chore(deps): fix npm audit"

4
.github/workflows/performance.yml vendored
View file

@ -41,7 +41,7 @@ jobs:
php -S localhost:8080 &
- name: Apply blueprint
uses: icewind1991/blueprint@v0.1.2
uses: icewind1991/blueprint@00504403f76cb2a09efd0d16793575055e6f63cb # v0.1.2
with:
blueprint: tests/blueprints/basic.toml
ref: ${{ github.event.pull_request.head.ref }}
@ -89,7 +89,7 @@ jobs:
before.json
after.json
- uses: actions/github-script@v7
- uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
if: failure() && steps.compare.outcome == 'failure'
with:
github-token: ${{secrets.GITHUB_TOKEN}}

2
.github/workflows/stale.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
issues: write
steps:
- uses: actions/stale@v8
- uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0
with:
repo-token: ${{ secrets.COMMAND_BOT_PAT }}
stale-issue-message: >

4
.github/workflows/static-code-analysis.yml vendored
View file

@ -40,7 +40,7 @@ jobs:
- name: Upload Analysis results to GitHub
if: always()
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
with:
sarif_file: results.sarif
@ -68,7 +68,7 @@ jobs:
- name: Upload Security Analysis results to GitHub
if: always()
uses: github/codeql-action/upload-sarif@v2
uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
with:
sarif_file: results.sarif