diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml index c4f1a0b..7774fe6 100644 --- a/.github/workflows/depup.yml +++ b/.github/workflows/depup.yml @@ -10,8 +10,8 @@ jobs: reviewdog: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: reviewdog/action-depup/with-pr@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: reviewdog/action-depup/with-pr@d6b40096afad49ca676145faaba7190df29a9807 # v1.6.3 with: file: action.yml version_name: REVIEWDOG_VERSION @@ -21,7 +21,7 @@ jobs: setup: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: ./.github/depup.sh - name: commit and create a pull request - uses: shogo82148/actions-commit-and-create-pr@v1 + uses: shogo82148/actions-commit-and-create-pr@73fd3057d307337746bfbb26aa002be039ca92ba # v1.1.3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c2e18a3..43597f8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,24 +14,24 @@ jobs: if: github.event.action != 'labeled' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Bump version on merging Pull Requests with specific labels. # (bump:major,bump:minor,bump:patch) - id: bumpr if: "!startsWith(github.ref, 'refs/tags/')" - uses: haya14busa/action-bumpr@v1 + uses: haya14busa/action-bumpr@78ab5a104d20896c9c9122c64221b3aecf1a8cbb # v1.10.0 # Update corresponding major and minor tag. # e.g. Update v1 and v1.2 when releasing v1.2.3 - - uses: haya14busa/action-update-semver@v1 + - uses: haya14busa/action-update-semver@fb48464b2438ae82cc78237be61afb4f461265a1 # v1.2.1 if: "!steps.bumpr.outputs.skip" with: tag: ${{ steps.bumpr.outputs.next_version }} # Get tag name. - id: tag - uses: haya14busa/action-cond@v1 + uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 with: cond: "${{ startsWith(github.ref, 'refs/tags/') }}" if_true: ${{ github.ref }} @@ -50,6 +50,6 @@ jobs: if: github.event.action == 'labeled' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Post bumpr status comment - uses: haya14busa/action-bumpr@v1 + uses: haya14busa/action-bumpr@78ab5a104d20896c9c9122c64221b3aecf1a8cbb # v1.10.0 diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index f9776ff..0997e26 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -9,14 +9,14 @@ jobs: name: runner / shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: haya14busa/action-cond@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 id: reporter with: cond: ${{ github.event_name == 'pull_request' }} if_true: "github-pr-review" if_false: "github-check" - - uses: reviewdog/action-shellcheck@v1 + - uses: reviewdog/action-shellcheck@6e0e63d1750d02d761b3df0f2c5ba9f9ac4a9ed7 # v1.29.0 with: github_token: ${{ secrets.github_token }} reporter: ${{ steps.reporter.outputs.value }} @@ -26,15 +26,15 @@ jobs: name: runner / shfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: reviewdog/action-shfmt@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: reviewdog/action-shfmt@f59386f08bd9a24ac1a746e69f026ddc2ed06710 # v1.0.2 actionlint: name: runner / actionlint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: reviewdog/action-actionlint@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: reviewdog/action-actionlint@e0d05810221e05b96002972e026a262f4d42ce57 # v1.65.1 with: reporter: github-check level: warning @@ -43,8 +43,8 @@ jobs: name: runner / misspell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: reviewdog/action-misspell@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1 # v1.26.1 with: github_token: ${{ secrets.github_token }} reporter: github-check @@ -55,8 +55,8 @@ jobs: name: runner / alex runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: reviewdog/action-alex@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: reviewdog/action-alex@986cf7dd82e702f82b4173deaa793a849f5b719d # v1.15.0 with: github_token: ${{ secrets.github_token }} reporter: github-check diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 59481a4..7665ff1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,7 +6,7 @@ jobs: name: runner / suggester / gofmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: gofmt -w -s . - uses: ./ with: @@ -17,8 +17,8 @@ jobs: name: runner / suggester / shell runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.23" - run: go install mvdan.cc/sh/v3/cmd/shfmt@latest