diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml index fecc999b..e0427c56 100644 --- a/.github/workflows/ast-scan.yml +++ b/.github/workflows/ast-scan.yml @@ -9,7 +9,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Checkmarx AST CLI Action - uses: checkmarx/ast-github-action@main + uses: checkmarx/ast-github-action@831a8d51a8a0535c0399f9c12728d8d3cc22d850 #main (currently 2.0.28) with: base_uri: ${{ secrets.BASE_URI }} cx_tenant: ${{ secrets.TENANT }} diff --git a/.github/workflows/delete-packages-and-releases.yml b/.github/workflows/delete-packages-and-releases.yml index 62502e9c..ebc272d8 100644 --- a/.github/workflows/delete-packages-and-releases.yml +++ b/.github/workflows/delete-packages-and-releases.yml @@ -41,7 +41,7 @@ jobs: - name: Delete releases and tags continue-on-error: true - uses: dev-drprasad/delete-older-releases@v0.3.4 + uses: dev-drprasad/delete-older-releases@dfbe6be2a006e9475dfcbe5b8d201f1824c2a9fe #v0.3.4 env: GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 96f9cf00..00a566e7 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2.1.0 + uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 #v2.1.0 with: github-token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}" - name: Enable auto-merge for Dependabot PRs @@ -20,6 +20,6 @@ jobs: GITHUB_TOKEN: ${{secrets.PERSONAL_ACCESS_TOKEN }} run: gh pr merge --auto --merge "$PR_URL" - name: Auto approve dependabot PRs - uses: hmarr/auto-approve-action@v4 + uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 #v4 with: github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9bde73e1..18e328e0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -92,11 +92,13 @@ jobs: npm ci npm run build + # PUSH TAGS IF IT IS A RELEASE - name: Push tag if release if: inputs.dev == false run: git push && git push --tags + # PUBLISH NPM PACKAGE - name: Publish npm package run: | @@ -110,7 +112,7 @@ jobs: # CREATE RELEASE - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@a6c7483a42ee9d5daced968f6c217562cd680f7f #v2 with: name: ${{env.TAG_NAME}} tag_name: ${{env.TAG_NAME}} diff --git a/.github/workflows/update-cli.yml b/.github/workflows/update-cli.yml index 43eff086..67e21283 100644 --- a/.github/workflows/update-cli.yml +++ b/.github/workflows/update-cli.yml @@ -29,7 +29,7 @@ jobs: ./.github/scripts/update_cli.sh ${{ steps.checkmarx-ast-cli.outputs.release_tag }} - name: Create Pull Request if: steps.checkmarx-ast-cli.outputs.current_tag != steps.checkmarx-ast-cli.outputs.release_tag - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 #v6 with: token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} commit-message: Update checkmarx-ast-cli to ${{ steps.checkmarx-ast-cli.outputs.release_tag }}