Enhance security of actions (NeuralEnsemble#565)

* Added explcit SHA link to mirroring action for added security * Added explicit SHA link to CI action for added security * Added explicit additional cross link to tag as comment
INM-6 · May 24, 2023 · c7b5814 · c7b5814
1 parent 471bf0f
commit c7b5814
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -139,7 +139,7 @@ jobs:
           path: ~/conda_pkgs_dir
           key: ${{ runner.os }}-conda-${{hashFiles('requirements/environment.yml') }}-${{ hashFiles('**/CI.yml') }}-${{ steps.date.outputs.date }}
 
-      - uses: conda-incubator/setup-miniconda@v2.2.0
+      - uses: conda-incubator/setup-miniconda@3b0f2504dd76ef23b6d31f291f4913fb60ab5ff3 # corresponds to v2.2.0
         with:
           auto-update-conda: true
           python-version: ${{ matrix.python-version }}

diff --git a/.github/workflows/ebrains.yml b/.github/workflows/ebrains.yml
@@ -10,15 +10,15 @@ jobs:
     if: ${{ github.repository_owner == 'NeuralEnsemble' }}
     steps:
       - name: syncmaster
-        uses: wei/git-sync@v3
+        uses: wei/git-sync@55c6b63b4f21607da0e9877ca9b4d11a29fc6d83 # corresponds to v3
         with:
           source_repo: "NeuralEnsemble/elephant"
           source_branch: "master"
           destination_repo: "https://ghpusher:${{ secrets.EBRAINS_GITLAB_ACCESS_TOKEN }}@gitlab.ebrains.eu/neuralensemble/elephant.git"
           destination_branch: "master"
 
       - name: synctags
-        uses: wei/git-sync@v3
+        uses: wei/git-sync@55c6b63b4f21607da0e9877ca9b4d11a29fc6d83 # corresponds to v3
         with:
           source_repo: "NeuralEnsemble/elephant"
           source_branch: "refs/tags/*"