github · Octomerger · Oct 15, 2020 · Oct 15, 2020 · Oct 15, 2020 · Oct 15, 2020
diff --git a/.github/allowed-actions.js b/.github/allowed-actions.js
@@ -4,35 +4,34 @@
 // can be added it this list.
 
 module.exports = [
-  'actions/cache@v1',
-  'actions/cache@v2',
-  'actions/checkout@v2',
-  'actions/github-script@0.9.0',
-  'actions/github-script@v2.0.0',
-  'actions/github-script@v2',
-  'actions/github-script@v3',
-  'actions/labeler@v2',
-  'actions/setup-node@v1',
-  'actions/setup-ruby@v1',
-  'actions/stale@v3',
-  'crowdin/github-action@1.0.10',
-  'dawidd6/action-delete-branch@v3',
-  'docker://chinthakagodawita/autoupdate-action:v1',
+  'actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe',
+  'actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16',
+  'actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675',
+  'actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163',
+  'actions/github-script@6e5ee1dc1cb3740e5e5e76ad668e3f526edbfe45',
+  'actions/github-script@44b873bc975058192f5279ebe7579496381f575d',
+  'actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9',
+  'actions/labeler@5f867a63be70efff62b767459b009290364495eb',
+  'actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d',
+  'actions/setup-ruby@5f29a1cd8dfebf420691c4c9a0e832e2fae5a526',
+  'actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8',
+  'crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688',
+  'dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911',
+  'docker://chinthakagodawita/autoupdate-action:4d72a15b5989091e07d6f4ce4cd3afb7b835ad1e68190937df778b702a547cdc',
   'fkirc/skip-duplicate-actions@a12175f6209d4805b5a163d723270be2a0dc7b36',
   'github/codeql-action/analyze@v1',
   'github/codeql-action/init@v1',
-  'ianwalter/puppeteer@3.0.0',
-  'juliangruber/approve-pull-request-action@v1',
-  'juliangruber/find-pull-request-action@v1',
-  'juliangruber/read-file-action@v1',
+  'ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb',
+  'juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8',
+  'juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b',
+  'juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512',
   'pascalgn/automerge-action@c9bd182',
-  'peter-evans/create-issue-from-file@v2',
-  'peter-evans/create-pull-request@v2',
-  'rachmari/actions-add-new-issue-to-column@v1.1.1',
-  'rachmari/labeler@v1.0.4',
-  'repo-sync/github-sync@v2',
-  'repo-sync/pull-request@v2',
-  'rtCamp/action-slack-notify@master',
-  'rtCamp/action-slack-notify@v2.1.0',
+  'peter-evans/create-issue-from-file@35e304e2a12caac08c568247a2cb46ecd0c3ecc5',
+  'peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8',
+  'rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9',
+  'rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e',
+  'repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88',
+  'repo-sync/pull-request@ea6773388b83b337e4da9a223293309f2c3670e7',
+  'rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815',
   'tjenkinson/gh-action-auto-merge-dependency-updates@cee2ac0'
 ]
diff --git a/.github/workflows/60-days-stale-check.yml b/.github/workflows/60-days-stale-check.yml
@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/stale@v3
+    - uses: actions/stale@44f9eae0adddf72dbf3eedfacc999f70afcec1a8
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }} 
         stale-issue-message: 'This issue is stale because it has been open 60 days with no activity.'

diff --git a/.github/workflows/auto-label-prs.yml b/.github/workflows/auto-label-prs.yml
@@ -7,6 +7,6 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@v2
+    - uses: actions/labeler@5f867a63be70efff62b767459b009290364495eb
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/autoupdate-branch.yml b/.github/workflows/autoupdate-branch.yml
@@ -8,9 +8,9 @@ jobs:
     name: autoupdate
     runs-on: ubuntu-18.04
     steps:
-      - uses: docker://chinthakagodawita/autoupdate-action:v1
+      - uses: docker://chinthakagodawita/autoupdate-action:4d72a15b5989091e07d6f4ce4cd3afb7b835ad1e68190937df778b702a547cdc
         env:
           GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
           PR_FILTER: labelled
           PR_LABELS: autoupdate
-          MERGE_MSG: "Branch was updated using the 'autoupdate branch' Actions workflow."
+          MERGE_MSG: "Branch was updated using the 'autoupdate branch' Actions workflow."
diff --git a/.github/workflows/browser-test.yml b/.github/workflows/browser-test.yml
@@ -25,16 +25,16 @@ jobs:
       # Even if if doesn't do anything
       - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
         name: Install
-        uses: ianwalter/puppeteer@3.0.0
+        uses: ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb
         with:
           args: npm ci
 
       - if: ${{ needs.see_if_should_skip.outputs.should_skip == 'false' }}
         name: Test
-        uses: ianwalter/puppeteer@3.0.0
+        uses: ianwalter/puppeteer@12728ddef82390d1ecd4732fb543f62177392fbb
         with:
           args: npm run browser-test
diff --git a/.github/workflows/check-all-english-links.yml b/.github/workflows/check-all-english-links.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.repository == 'github/docs-internal'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: npm ci
       run: npm ci
     - name: npm run build
@@ -28,7 +28,7 @@ jobs:
         fi
     - if: ${{ steps.check.outputs.continue == 'yes' }}
       name: Create issue from file
-      uses: peter-evans/create-issue-from-file@v2
+      uses: peter-evans/create-issue-from-file@35e304e2a12caac08c568247a2cb46ecd0c3ecc5
       with:
         token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
         title: ${{ steps.check.outputs.title }}

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest 
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - uses: github/codeql-action/init@v1
       with:
         languages: javascript # comma separated list of values from {go, python, javascript, java, cpp, csharp} (not YET ruby, sorry!)

diff --git a/.github/workflows/crowdin.yml b/.github/workflows/crowdin.yml
@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Sync
-        uses: crowdin/github-action@1.0.10
+        uses: crowdin/github-action@fd9429dd63d6c0f8a8cb4b93ad8076990bd6e688
         with:
           upload_translations: false
           download_translations: true

diff --git a/.github/workflows/first-responder-docs-content.yml b/.github/workflows/first-responder-docs-content.yml
@@ -10,7 +10,7 @@ jobs:
 
     steps:
     - name: Check if the event originated from a team member
-      uses: actions/github-script@v2.0.0
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
       id: set-result
       with:
         github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
@@ -35,13 +35,13 @@ jobs:
           console.log(`This issue or pull request was authored by an external contributor.`)
           return 'false'
     - name: Label external contributor pull requests with docs-content-fr
-      uses: rachmari/labeler@v1.0.4
+      uses: rachmari/labeler@832d42ec5523f3c6d46e8168de71cd54363e3e2e
       if: steps.set-result.outputs.result == 'false'
       with:
         repo-token: "${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}"
         add-labels: "docs-content-fr"
     - name: Triage to FR PR project column
-      uses: rachmari/actions-add-new-issue-to-column@v1.1.1
+      uses: rachmari/actions-add-new-issue-to-column@1a459ef92308ba7c9c9dc2fcdd72f232495574a9
       if: steps.set-result.outputs.result == 'false'
       with:
         action-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
@@ -58,7 +58,7 @@ jobs:
         GITHUB_CONTEXT: ${{ toJson(github) }}
       run: echo "$GITHUB_CONTEXT"
     - name: Remove card from project
-      uses: actions/github-script@v2.0.0
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
       with:
         github-token: ${{secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES}}
         result-encoding: string

diff --git a/.github/workflows/merged-notification.yml b/.github/workflows/merged-notification.yml
@@ -7,7 +7,7 @@ jobs:
     if: github.event.repository.private == false && github.event.pull_request.merged && github.event.pull_request.base.ref == github.event.repository.default_branch
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@626af12fe9a53dc2972b48385e7fe7dec79145c9
         with:
           script: |
             github.issues.createComment({

diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml
@@ -8,15 +8,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Get npm cache directory
         id: npm-cache
         run: |
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}

diff --git a/.github/workflows/ping-staging-apps.yml b/.github/workflows/ping-staging-apps.yml
@@ -12,10 +12,10 @@ jobs:
     env:
       HEROKU_API_TOKEN: ${{ secrets.HEROKU_API_TOKEN }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: npm ci
       run: npm ci
     - name: npm run build
       run: npm run build
     - name: Run script
-      run: script/ping-staging-apps.js
+      run: script/ping-staging-apps.js
diff --git a/.github/workflows/remove-unused-assets.yml b/.github/workflows/remove-unused-assets.yml
@@ -19,7 +19,7 @@ jobs:
         echo 'The repo is currently frozen! Exiting this workflow.'
         exit 1 # prevents further steps from running
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
     - name: npm ci
       run: npm ci
     - name: Run scripts
@@ -28,13 +28,13 @@ jobs:
         script/remove-extraneous-translation-files.js
     - name: Get script results to use in PR body
       id: results
-      uses: juliangruber/read-file-action@v1
+      uses: juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512
       with:
         path: ./results.md
     - name: Remove script results file
       run: rm -rf ./results.md
     - name: Create pull request
-      uses: peter-evans/create-pull-request@v2
+      uses: peter-evans/create-pull-request@938e6aea6f8dbdaced2064e948cb806c77fe87b8
       with:
         # need to use a token with repo and workflow scopes for this step
         token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
@@ -49,7 +49,7 @@ jobs:
         branch: remove-unused-assets
     - if: ${{ failure() }}
       name: Delete remote branch (if previous steps failed)
-      uses: dawidd6/action-delete-branch@v3
+      uses: dawidd6/action-delete-branch@47743101a121ad657031e6704086271ca81b1911
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         branches: remove-unused-assets
diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml
@@ -27,10 +27,10 @@ jobs:
         exit 1 # prevents further steps from running
 
     - name: Check out repo
-      uses: actions/checkout@v2
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
     - name: Sync repo to branch
-      uses: repo-sync/github-sync@v2
+      uses: repo-sync/github-sync@3832fe8e2be32372e1b3970bbae8e7079edeec88
       env:
         GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
       with:
@@ -40,7 +40,7 @@ jobs:
         github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
     - name: Create pull request
-      uses: repo-sync/pull-request@v2
+      uses: repo-sync/pull-request@ea6773388b83b337e4da9a223293309f2c3670e7
       env:
         GITHUB_TOKEN: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
       with:
@@ -52,21 +52,21 @@ jobs:
         github_token: ${{ secrets.OCTOMERGER_PAT_WITH_REPO_AND_WORKFLOW_SCOPE }}
 
     - name: Find pull request
-      uses: juliangruber/find-pull-request-action@v1
+      uses: juliangruber/find-pull-request-action@64d55773c959748ad30a4184f4dc102af1669f7b
       id: find-pull-request
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         branch: repo-sync
 
     - name: Approve pull request
       if: ${{ steps.find-pull-request.outputs.number }}
-      uses: juliangruber/approve-pull-request-action@v1
+      uses: juliangruber/approve-pull-request-action@c530832d4d346c597332e20e03605aa94fa150a8
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         number: ${{ steps.find-pull-request.outputs.number }}
 
     - name: Send Slack notification if workflow fails
-      uses: rtCamp/action-slack-notify@master
+      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
       if: failure()
       env:
         SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}

diff --git a/.github/workflows/send-eng-issues-to-backlog.yml b/.github/workflows/send-eng-issues-to-backlog.yml
@@ -12,7 +12,7 @@ jobs:
     steps:
     - name: Add issues with engineering label to project board
       if: contains(github.event.issue.labels.*.name, 'engineering') || contains(github.event.issue.labels.*.name, 'design') || contains(github.event.issue.labels.*.name, 'Design')
-      uses: actions/github-script@v2
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
       with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }} 
           script: |

diff --git a/.github/workflows/start-new-engineering-pr-workflow.yml b/.github/workflows/start-new-engineering-pr-workflow.yml
@@ -13,7 +13,7 @@ jobs:
       REGULAR_COLUMN_ID: 10095779
     steps:
     - name: 
-      uses: actions/github-script@v2
+      uses: actions/github-script@44b873bc975058192f5279ebe7579496381f575d
       continue-on-error: true
       with:
           github-token: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}

diff --git a/.github/workflows/sync-algolia-search-indices.yml b/.github/workflows/sync-algolia-search-indices.yml
@@ -12,12 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: checkout
-      uses: actions/checkout@v2
-    - uses: actions/setup-node@v1
+      uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
+    - uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
       with:
         node-version: 14.x
     - name: cache node modules
-      uses: actions/cache@v1
+      uses: actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe
       with:
         path: ~/.npm
         key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -32,7 +32,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       run: npm run sync-search
     - name: Send slack notification if workflow run fails
-      uses: rtCamp/action-slack-notify@v2.1.0
+      uses: rtCamp/action-slack-notify@e17352feaf9aee300bf0ebc1dfbf467d80438815
       if: failure()
       env:
         SLACK_WEBHOOK: ${{ secrets.DOCS_ALERTS_SLACK_WEBHOOK }}

diff --git a/.github/workflows/test-translations.yml b/.github/workflows/test-translations.yml
@@ -12,12 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
         with:
           ref: translations # check out the 'translations' branch
 
       - name: Setup node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
@@ -27,7 +27,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
@@ -52,10 +52,10 @@ jobs:
         test-group: [content, meta, rendering, routing, unit, links-and-images]
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675
 
       - name: Setup node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
         with:
           node-version: 14.x
 
@@ -65,7 +65,7 @@ jobs:
           echo "::set-output name=dir::$(npm config get cache)"
 
       - name: Cache node modules
-        uses: actions/cache@v2
+        uses: actions/cache@d1255ad9362389eac595a9ae406b8e8cb3331f16
         with:
           path: ${{ steps.npm-cache.outputs.dir }}
           key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}