From 7af6b398753dc112d154b213903b213db2015177 Mon Sep 17 00:00:00 2001 From: Tw93 Date: Mon, 29 Dec 2025 16:53:51 +0800 Subject: [PATCH] chore(ci): pin actions to SHAs and add dependabot for gomod --- .github/dependabot.yml | 5 +++++ .github/workflows/quality.yml | 10 +++++----- .github/workflows/release.yml | 4 ++-- .github/workflows/tests.yml | 12 ++++++------ 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ace460..603f653 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,8 @@ updates: directory: "/" schedule: interval: "weekly" + + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml index 0c202f4..569543e 100644 --- a/.github/workflows/quality.yml +++ b/.github/workflows/quality.yml @@ -15,13 +15,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.head_ref) || github.ref }} token: ${{ secrets.GITHUB_TOKEN }} - name: Cache Homebrew - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: | ~/Library/Caches/Homebrew @@ -35,7 +35,7 @@ jobs: run: brew install shfmt shellcheck - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version: '1.24' @@ -68,12 +68,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.head_ref) || github.ref }} - name: Cache Homebrew - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: | ~/Library/Caches/Homebrew diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 678d08b..078d165 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,10 +13,10 @@ jobs: runs-on: macos-latest steps: - name: Checkout source code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version: "1.24.6" cache: true diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index baf9542..244ad05 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -11,7 +11,7 @@ jobs: name: Unit Tests runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install bats run: brew install bats-core @@ -30,10 +30,10 @@ jobs: name: Go Tests runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version: '1.24' @@ -59,7 +59,7 @@ jobs: name: Integration Tests runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install dependencies run: brew install coreutils @@ -89,7 +89,7 @@ jobs: os: [macos-14, macos-15] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Test on ${{ matrix.os }} run: | @@ -102,7 +102,7 @@ jobs: name: Security Checks runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Check for unsafe rm usage run: |