From 2c8ccbf2ee82e072a4f1315b8d102350d3d9d1ce Mon Sep 17 00:00:00 2001
From: Sarisia <sarisiaice@gmail.com>
Date: Tue, 15 Nov 2022 14:42:33 +0000
Subject: [PATCH] chore: pin all actions in workflows fixes #366

---
 .github/workflows/release.yml             | 18 ++++++++++--------
 .github/workflows/test-and-run.yml        | 16 ++++++++--------
 .github/workflows/update-devcontainer.yml |  6 +++---
 3 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5d8f7171..48046179 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,16 +12,16 @@ jobs:
       contents: write
       packages: read
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-      - uses: docker/login-action@v2
+      - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - name: build
-        uses: devcontainers/ci@v0.2
+        uses: devcontainers/ci@3dcee0e5dada9275fbd8e4d76ee9de43998be886
         with:
           imageName: ghcr.io/${{ github.repository }}/devcontainer
           cacheFrom: ghcr.io/${{ github.repository }}/devcontainer
@@ -31,12 +31,14 @@ jobs:
             npm run build
 
       - name: Build and Tag
-        uses: JasonEtco/build-and-tag-action@v2
+        # temporary use own fork until 
+        # uses: JasonEtco/build-and-tag-action@v2
+        uses: sarisia/build-and-tag-action@86c2f7fbe7691ec3529884d45038295c0aa3ce35
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: report result
-        uses: sarisia/actions-status-discord@v1
+        uses: sarisia/actions-status-discord@9d12cc6d7c8d55f9cbe5efa643117f8c7423f4cf
         if: always()
         with:
           webhook: ${{ secrets.DISCORD_WEBHOOK }}
@@ -60,7 +62,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
         with:
           ref: ${{ github.ref_name }}
           
@@ -86,7 +88,7 @@ jobs:
     permissions:
       actions: read
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@f05a81df23035049204b043b50c3322045ce7eb3
         id: ghapi
         with:
           result-encoding: string
@@ -101,7 +103,7 @@ jobs:
             )
             return jobs.filter(job => job.conclusion !== null && job.conclusion !== "success")
                        .length > 0 ? 'failure' : 'success'
-      - uses: sarisia/actions-status-discord@v1
+      - uses: sarisia/actions-status-discord@9d12cc6d7c8d55f9cbe5efa643117f8c7423f4cf
         if: always()
         with:
           webhook: ${{ secrets.DISCORD_WEBHOOK }}
diff --git a/.github/workflows/test-and-run.yml b/.github/workflows/test-and-run.yml
index 0016eeec..92c0cee2 100644
--- a/.github/workflows/test-and-run.yml
+++ b/.github/workflows/test-and-run.yml
@@ -11,16 +11,16 @@ jobs:
       packages: read
       contents: read
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-      - uses: docker/login-action@v2
+      - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - name: build
-        uses: devcontainers/ci@v0.2
+        uses: devcontainers/ci@3dcee0e5dada9275fbd8e4d76ee9de43998be886
         with:
           imageName: ghcr.io/${{ github.repository }}/devcontainer
           cacheFrom: ghcr.io/${{ github.repository }}/devcontainer
@@ -37,16 +37,16 @@ jobs:
     env:
       DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-      - uses: docker/login-action@v2
+      - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - name: build
-        uses: devcontainers/ci@v0.2
+        uses: devcontainers/ci@3dcee0e5dada9275fbd8e4d76ee9de43998be886
         with:
           imageName: ghcr.io/${{ github.repository }}/devcontainer
           cacheFrom: ghcr.io/${{ github.repository }}/devcontainer
@@ -88,7 +88,7 @@ jobs:
     permissions:
       actions: read
     steps:
-      - uses: actions/github-script@v3
+      - uses: actions/github-script@f05a81df23035049204b043b50c3322045ce7eb3
         id: ghapi
         with:
           result-encoding: string
@@ -105,7 +105,7 @@ jobs:
                        .length > 0 ? 'failure' : 'success'
 
       - name: report result
-        uses: sarisia/actions-status-discord@v1
+        uses: sarisia/actions-status-discord@9d12cc6d7c8d55f9cbe5efa643117f8c7423f4cf
         if: always()
         with:
           webhook: ${{ secrets.DISCORD_WEBHOOK }}
diff --git a/.github/workflows/update-devcontainer.yml b/.github/workflows/update-devcontainer.yml
index c11c48e7..a78b457f 100644
--- a/.github/workflows/update-devcontainer.yml
+++ b/.github/workflows/update-devcontainer.yml
@@ -18,15 +18,15 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-      - uses: docker/login-action@v2
+      - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
-      - uses: devcontainers/ci@v0.2
+      - uses: devcontainers/ci@3dcee0e5dada9275fbd8e4d76ee9de43998be886
         with:
           imageName: ghcr.io/${{ github.repository }}/devcontainer
           push: always