chore: pin and upgrade gh actions (#429)

* chore: pin peter-evans/create-or-update-comment Signed-off-by: Will Murphy <will.murphy@anchore.com> * chore: update and pin GH actions Signed-off-by: Will Murphy <will.murphy@anchore.com> --------- Signed-off-by: Will Murphy <will.murphy@anchore.com>
anchore · Nov 20, 2023 · 9d0277c · 9d0277c
1 parent fd74a6f
commit 9d0277c
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml
@@ -10,6 +10,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Draft release notes
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
@@ -8,7 +8,7 @@ jobs:
   actions-tagger:
     runs-on: ubuntu-latest
     steps:
-      - uses: Actions-R-Us/actions-tagger@v2
+      - uses: Actions-R-Us/actions-tagger@330ddfac760021349fef7ff62b372f2f691c20fb # v2.0.3
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:

diff --git a/.github/workflows/update-snapshots.yml b/.github/workflows/update-snapshots.yml
@@ -12,7 +12,7 @@ jobs:
         ports:
           - 5000:5000
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         id: get-pr
         with:
           script: |
@@ -29,13 +29,13 @@ jobs:
               core.setFailed(`Request failed with error ${err}`)
             }
       - name: Generate token
-        uses: tibdex/github-app-token@v1
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         id: generate-token
         with:
           app_id: ${{ secrets.TOKEN_APP_ID }}
           private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
       - name: Add seen reaction
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
         with:
           comment-id: ${{ github.event.comment.id }}
           reactions: eyes
@@ -64,7 +64,7 @@ jobs:
           git commit -s -am "chore(test): update snapshots"
           git push
       - name: Add success reaction
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
         with:
           comment-id: ${{ github.event.comment.id }}
           reactions: "+1"
diff --git a/.github/workflows/update-syft-release.yml b/.github/workflows/update-syft-release.yml
@@ -24,12 +24,12 @@ jobs:
           npm install
           # export the version for use with create-pull-request:
           echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_OUTPUT
-      - uses: tibdex/github-app-token@v1
+      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         id: generate-token
         with:
           app_id: ${{ secrets.TOKEN_APP_ID }}
           private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }}
-      - uses: peter-evans/create-pull-request@v4
+      - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
         with:
           signoff: true
           delete-branch: true