Pin, update and replace action (#2180)

* Pin and update actions Pins actions to tagged versions by its hashes as suggested by the OpenSSF Scorecard project. * Replace the unmaintained `create-release` action
2026-04-03 03:00:17 -04:00 · 2025-03-21 16:45:15 +01:00
parent 5fef4f694a
commit 8c923e5eea
3 changed files with 11 additions and 11 deletions
--- a/.github/workflows/gh-pages-releases.yml
+++ b/.github/workflows/gh-pages-releases.yml
@@ -14,7 +14,7 @@ jobs:

    steps:
      - name: Checking out repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ secrets.NODAI_INVOCATION_TOKEN }}
      - name: Run scrape releases script
@@ -31,7 +31,7 @@ jobs:
      - run: git diff --cached --exit-code || git commit -m "Update releases."

      - name: GitHub Push
-        uses: ad-m/github-push-action@v0.6.0
+        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0
        with:
          github_token: ${{ secrets.NODAI_INVOCATION_TOKEN }}
          branch: github-pages
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -17,9 +17,9 @@ jobs:
        python-version: ["3.11"]

    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
      with:
        python-version: ${{ matrix.python-version }}

@@ -35,12 +35,12 @@ jobs:

    - name: Create Release
      id: create_release
-      uses: actions/create-release@v1
+      uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0
      env:
        GITHUB_TOKEN: ${{ secrets.NODAI_INVOCATION_TOKEN }}
      with:
-        tag_name: ${{ env.tag_name }}
-        release_name: nod.ai SHARK ${{ env.tag_name }}
+        tag: ${{ env.tag_name }}
+        name: nod.ai SHARK ${{ env.tag_name }}
        body: |
          Automatic snapshot release of nod.ai SHARK.
        draft: true
@@ -60,7 +60,7 @@ jobs:
  
    - name: Upload Release Assets
      id: upload-release-assets
-      uses: dwenegar/upload-release-assets@v1
+      uses: dwenegar/upload-release-assets@fe47e06814723c7b1bea3a7e46cf93d5f020d0c3 # v3
      env:
        GITHUB_TOKEN: ${{ secrets.NODAI_INVOCATION_TOKEN }}
      with:
@@ -70,7 +70,7 @@ jobs:

    - name: Publish Release
      id: publish_release
-      uses: eregon/publish-release@v1
+      uses: eregon/publish-release@01df127f5e9a3c26935118e22e738d95b59d10ce # v1.0.6
      env:
        GITHUB_TOKEN: ${{ secrets.NODAI_INVOCATION_TOKEN }}
      with:
--- a/.github/workflows/test-studio.yml
+++ b/.github/workflows/test-studio.yml
@@ -39,7 +39,7 @@ jobs:
    runs-on: ${{ matrix.os }}

    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
    
    - name: Set Environment Variables
      run: |
@@ -51,7 +51,7 @@ jobs:
        echo ${{ matrix.python-version }} >> $GITHUB_WORKSPACE/.python-version
    
    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
      with:
        python-version: '${{ matrix.python-version }}'