From e74fea17fde97622a9935081b6538875149e0ae6 Mon Sep 17 00:00:00 2001 From: Julien Doutre <36448022+juliendoutre@users.noreply.github.com> Date: Mon, 16 Mar 2026 14:10:56 +0100 Subject: [PATCH] Pin GitHub Actions --- .github/workflows/bump.yaml | 4 ++-- .github/workflows/ci.yaml | 32 ++++++++++++++++---------------- .github/workflows/publish.yaml | 4 ++-- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/bump.yaml b/.github/workflows/bump.yaml index 4625ce77..f5cfdc3f 100644 --- a/.github/workflows/bump.yaml +++ b/.github/workflows/bump.yaml @@ -25,11 +25,11 @@ jobs: scope: DataDog/build-plugins audience: dd-octo-sts policy: self.bump - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 # Needed for "yarn version" to work. token: ${{ steps.octo-sts.outputs.token }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: 'package.json' diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 29d90ba8..e90d4e05 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,22 +10,22 @@ jobs: FORCE_COLOR: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: 'package.json' - name: Cache build:all id: cache-build - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: packages/published/**/dist key: ${{ matrix.node }}-cache-build-${{ hashFiles('packages/core/**', 'packages/factory/**', 'packages/plugins/**', 'packages/published/**', 'packages/tools/src/rollupConfig.mjs', 'yarn.lock') }} - name: Configure Datadog Test Optimization - uses: datadog/test-visibility-github-action@v2 + uses: datadog/test-visibility-github-action@f76512a963e7375dab9ad7f1abc0cacd41806c5c # v2.6.0 with: languages: js service: build-plugins @@ -53,23 +53,23 @@ jobs: FORCE_COLOR: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: 'package.json' - name: Cache build:all id: cache-build - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: packages/published/**/dist key: node18-cache-build-${{ hashFiles('packages/core/**', 'packages/factory/**', 'packages/plugins/**', 'packages/published/**', 'packages/tools/src/rollupConfig.mjs', 'yarn.lock') }} - name: Cache playwright binaries id: cache-playwright-binaries - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cache/ms-playwright @@ -78,7 +78,7 @@ jobs: key: cache-playwright-binaries-${{ hashFiles('yarn.lock') }} - name: Configure Datadog Test Optimization - uses: datadog/test-visibility-github-action@v2 + uses: datadog/test-visibility-github-action@f76512a963e7375dab9ad7f1abc0cacd41806c5c # v2.6.0 with: languages: js service: build-plugins @@ -103,7 +103,7 @@ jobs: - name: Save playwright cache if: always() && steps.cache-playwright-binaries.outputs.cache-hit != 'true' id: save-playwright-cache - uses: actions/cache/save@v4 + uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: | ~/.cache/ms-playwright @@ -111,7 +111,7 @@ jobs: %USERPROFILE%\AppData\Local\ms-playwright key: cache-playwright-binaries-${{ hashFiles('yarn.lock') }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 if: ${{ failure() }} with: name: playwright @@ -127,23 +127,23 @@ jobs: FORCE_COLOR: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Install Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version-file: 'package.json' - name: Cache build:rollup id: cache-build-rollup - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: packages/published/rollup-plugin/dist-basic key: node18-cache-build-rollup-${{ hashFiles('packages/core/**', 'packages/factory/**', 'packages/plugins/**', 'packages/published/**', 'packages/tools/src/rollupConfig.mjs', 'yarn.lock') }} - name: Cache build:all id: cache-build - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: packages/published/**/dist key: node18-cache-build-${{ hashFiles('packages/core/**', 'packages/factory/**', 'packages/plugins/**', 'packages/published/**', 'packages/tools/src/rollupConfig.mjs', 'yarn.lock') }} @@ -164,7 +164,7 @@ jobs: DD_GITHUB_JOB_NAME: Linting # Needs to be the same as the job to have CI Vis link the spans. DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 if: steps.cache-build.outputs.cache-hit != 'true' with: name: build-reports diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 2c0368e0..deeb1af7 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -24,10 +24,10 @@ jobs: permissions: id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 # Full history needed for yarn version to find ancestor with master/main - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '24' registry-url: 'https://registry.npmjs.org'