diff --git a/.github/workflows/code_review_infra_exp.yaml b/.github/workflows/code_review_infra_exp.yaml index 49a9aa04..91fca979 100644 --- a/.github/workflows/code_review_infra_exp.yaml +++ b/.github/workflows/code_review_infra_exp.yaml @@ -30,7 +30,7 @@ jobs: TURBO_CACHE_DIR: .turbo-cache steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Setup yarn shell: bash @@ -64,7 +64,7 @@ jobs: git ls-files --others '*.tf.json' || echo "No .tf.json files found" - name: Upload generated terraform files - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: terraform-files path: | @@ -160,7 +160,7 @@ jobs: name: Checkout - name: Download generated terraform files - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: terraform-files path: infra/ diff --git a/.github/workflows/run-extractor.yaml b/.github/workflows/run-extractor.yaml index bf770bbe..b76af304 100644 --- a/.github/workflows/run-extractor.yaml +++ b/.github/workflows/run-extractor.yaml @@ -38,7 +38,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Azure Login uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 @@ -146,7 +146,7 @@ jobs: shell: pwsh - name: publish artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: artifacts-from-portal path: ./${{ env.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }} @@ -159,16 +159,16 @@ jobs: pull-requests: write issues: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Download artifacts-from-portal - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: artifacts-from-portal path: "./${{ env.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }}" - name: Create artifacts pull request - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "updated extract from apim instance ${{ env.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH }}" diff --git a/.github/workflows/run-publisher-with-env.yaml b/.github/workflows/run-publisher-with-env.yaml index 8577c1a5..512ce384 100644 --- a/.github/workflows/run-publisher-with-env.yaml +++ b/.github/workflows/run-publisher-with-env.yaml @@ -39,7 +39,7 @@ jobs: COMMIT_ID: ${{ inputs.COMMIT_ID }} steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 2 @@ -51,7 +51,7 @@ jobs: subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} # Run Spectral - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" - run: npm install -g @stoplight/spectral-cli @@ -60,7 +60,7 @@ jobs: # Add this step for each APIM environment and pass specific set of secrets that you want replaced in the env section below - name: "Perform namevalue secret substitution in configuration.${{ inputs.API_MANAGEMENT_ENVIRONMENT}}.yaml" if: (inputs.API_MANAGEMENT_ENVIRONMENT == 'prod' ) - uses: cschleiden/replace-tokens@v1.3 + uses: cschleiden/replace-tokens@4d5a042c84c3568b3858b7af9394923d2d5195c9 # v1.3 with: tokenPrefix: "{#" tokenSuffix: "#}"