diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6c087b6ad1e..c3af8ac871d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,10 @@ version: 2 updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly - package-ecosystem: npm directory: '/' schedule: diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index eb2a312955f..0beb39979fc 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -18,15 +18,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' diff --git a/.github/workflows/ci-a11y-vrt.yml b/.github/workflows/ci-a11y-vrt.yml index 89d864206b0..1c8affddaae 100644 --- a/.github/workflows/ci-a11y-vrt.yml +++ b/.github/workflows/ci-a11y-vrt.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Free up space on GitHub image run: | @@ -35,17 +35,17 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' cache: pnpm - name: Restore node_module cache id: node-cache - uses: actions/cache@v3 + uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3 with: path: | **/.turbo @@ -79,7 +79,7 @@ jobs: # it out for us. - name: Restore Playwright cache id: playwright-cache - uses: actions/cache@v3 + uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3 with: path: ~/.cache/ms-playwright key: '${{ runner.os }}-playwright-${{ steps.playwright-version.outputs.version }}' @@ -121,21 +121,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 # Chromatic git history to track changes - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' cache: pnpm - name: Restore cache - uses: actions/cache@v3 + uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3 with: path: | **/.turbo @@ -159,7 +159,7 @@ jobs: STORYBOOK_GITHUB_PR: ${{ github.event.number }} - name: Run Chromatic tests - uses: chromaui/action@v1 + uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # v11.27.0 with: token: ${{ secrets.GITHUB_TOKEN }} projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }} diff --git a/.github/workflows/ci-lint.yml b/.github/workflows/ci-lint.yml index 7cc98bf2027..38ddb47a84e 100644 --- a/.github/workflows/ci-lint.yml +++ b/.github/workflows/ci-lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 2 @@ -27,16 +27,16 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' cache: pnpm - name: Restore cache - uses: actions/cache@v3 + uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3 with: path: | **/.eslintcache diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 2357fe9f912..ec719615482 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -21,7 +21,7 @@ jobs: ] steps: - name: Checkout branch - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 2 @@ -35,17 +35,17 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node with v${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 id: setup_node with: node-version: ${{ matrix.node-version }} cache: pnpm - name: Restore cache - uses: actions/cache@v3 + uses: actions/cache@2f8e54208210a422b2efd51efaa6bd6d7ca8920f # v3.4.3 with: path: | **/.eslintcache diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 33f7f730e0b..dde24fe23ae 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -23,12 +23,12 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 # v2.3.0 with: github-token: '${{ secrets.GITHUB_TOKEN }}' - name: Enable auto-merge for Dependabot PRs if: ${{ steps.metadata.outputs.update-type != 'version-update:semver-major' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: '${{ secrets.GITHUB_TOKEN }}' script: | diff --git a/.github/workflows/deploy-polaris.shopify.com.yml b/.github/workflows/deploy-polaris.shopify.com.yml index fc6531b879b..90fe2a003b7 100644 --- a/.github/workflows/deploy-polaris.shopify.com.yml +++ b/.github/workflows/deploy-polaris.shopify.com.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Trigger deploy polaris.shopify.com - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: github-token: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }} script: | diff --git a/.github/workflows/major-version-check.yml b/.github/workflows/major-version-check.yml index ea71edbe867..7d984d4a3d7 100644 --- a/.github/workflows/major-version-check.yml +++ b/.github/workflows/major-version-check.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Fetch all branches run: git fetch --all diff --git a/.github/workflows/migrator-comment.yml b/.github/workflows/migrator-comment.yml index ec90285d453..a4c2fc4c088 100644 --- a/.github/workflows/migrator-comment.yml +++ b/.github/workflows/migrator-comment.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Fetch all branches run: git fetch --all diff --git a/.github/workflows/non-committable.yml b/.github/workflows/non-committable.yml index 641c9a5b0a8..eb62447c04d 100644 --- a/.github/workflows/non-committable.yml +++ b/.github/workflows/non-committable.yml @@ -9,8 +9,8 @@ jobs: check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: dorny/paths-filter@v2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: filters: | diff --git a/.github/workflows/release-vscode.yml b/.github/workflows/release-vscode.yml index 1e06d0e5d83..8685fd9ca56 100644 --- a/.github/workflows/release-vscode.yml +++ b/.github/workflows/release-vscode.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 name: Checkout - name: Free up space on GitHub image @@ -26,10 +26,10 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' cache: pnpm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c5ff8a4dcd6..f300bff2cef 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: id-token: write steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: token: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }} @@ -31,10 +31,10 @@ jobs: sudo rm -rf "$AGENT_TOOLSDIRECTORY" - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Setup Node from .nvmrc - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: '.nvmrc' cache: 'pnpm' @@ -47,7 +47,7 @@ jobs: - name: Create release Pull Request or publish to NPM id: changesets - uses: changesets/action@v1 + uses: changesets/action@06245a4e0a36c064a573d4150030f5ec548e4fcc # v1.4.10 with: version: pnpm version-packages publish: pnpm release-packages diff --git a/.github/workflows/snapit.yml b/.github/workflows/snapit.yml index 5fab1e3e652..0834ba0e1a9 100644 --- a/.github/workflows/snapit.yml +++ b/.github/workflows/snapit.yml @@ -13,10 +13,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout default branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup pnpm - uses: pnpm/action-setup@v3 + uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0 - name: Create snapshot uses: Shopify/snapit@main diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ff10490f590..8d135d6c1a9 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v4 + - uses: actions/stale@a20b814fb01b71def3bd6f56e7494d667ddf28da # v4.1.1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-issue-stale: 180 diff --git a/.github/workflows/untriaged-labeler.yml b/.github/workflows/untriaged-labeler.yml index 5197c69ce94..2f714c581c2 100644 --- a/.github/workflows/untriaged-labeler.yml +++ b/.github/workflows/untriaged-labeler.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Check labels id: check_labels - uses: actions/github-script@v5 + uses: actions/github-script@211cb3fefb35a799baa5156f9321bb774fe56294 # v5.2.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -25,7 +25,7 @@ jobs: core.setOutput('hasUntriagedLabel', hasUntriagedLabel); - name: Label issues - uses: andymckay/labeler@1.0.2 + uses: andymckay/labeler@5c59dabdfd4dd5bd9c6e6d255b01b9d764af4414 # 1.0.2 if: steps.check_labels.outputs.hasBugLabel && !steps.check_labels.outputs.hasUntriagedLabel with: add-labels: 'untriaged'