diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml index 33a7ab3..9adff68 100644 --- a/.github/workflows/auto-release.yml +++ b/.github/workflows/auto-release.yml @@ -115,13 +115,13 @@ jobs: should_release: ${{ steps.decide.outputs.should_release }} steps: - name: Checkout consumer repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 # full history for tag resolution persist-credentials: false - name: Checkout anvil at pinned SHA - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: forgesworn/anvil ref: ${{ github.job_workflow_sha }} @@ -158,7 +158,7 @@ jobs: tag: ${{ steps.tag.outputs.tag }} steps: - name: Checkout consumer repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 18271d6..b732ffe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Run shellcheck on step scripts @@ -30,7 +30,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f8d8afe..e67096b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -222,7 +222,7 @@ jobs: fi - name: Checkout consumer repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: # On chained calls github.ref is the outer run's ref (usually # refs/heads/main). Explicitly check out the tag that was just @@ -231,7 +231,7 @@ jobs: persist-credentials: false - name: Checkout anvil at pinned SHA - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: forgesworn/anvil ref: ${{ github.job_workflow_sha }} @@ -328,14 +328,14 @@ jobs: sha256: ${{ steps.record.outputs.sha256 }} steps: - name: Checkout consumer repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: # Match build-a's ref so both runners pack the same tree. ref: ${{ inputs.tag != '' && inputs.tag || github.ref }} persist-credentials: false - name: Checkout anvil at pinned SHA - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: forgesworn/anvil ref: ${{ github.job_workflow_sha }} @@ -384,7 +384,7 @@ jobs: reproducible: ${{ steps.compare.outputs.reproducible }} steps: - name: Checkout anvil at pinned SHA - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: forgesworn/anvil ref: ${{ github.job_workflow_sha }} @@ -438,7 +438,7 @@ jobs: DRY_RUN: ${{ inputs.dry-run == 'true' && '1' || '0' }} steps: - name: Checkout consumer repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: # update-release.sh calls `git rev-parse HEAD` to supply # --target when creating a Release; that resolves to the @@ -447,7 +447,7 @@ jobs: persist-credentials: false - name: Checkout anvil at pinned SHA - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: forgesworn/anvil ref: ${{ github.job_workflow_sha }} diff --git a/.github/workflows/self-release.yml b/.github/workflows/self-release.yml index eb5ab49..5c76a35 100644 --- a/.github/workflows/self-release.yml +++ b/.github/workflows/self-release.yml @@ -23,7 +23,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -42,7 +42,7 @@ jobs: changelog: ${{ steps.parse.outputs.changelog }} should_release: ${{ steps.decide.outputs.should_release }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 persist-credentials: false @@ -72,7 +72,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0