From faca88f6a48cc7c8e6104393e49ddf7c2d7d20e3 Mon Sep 17 00:00:00 2001 From: pputman-clabs <99900942+pputman-clabs@users.noreply.github.com> Date: Mon, 23 Sep 2024 13:03:10 -0500 Subject: [PATCH] Pputman/pin dependencies (#11221) * adding permissions to protocol-devchain-anvil.yml workflow * pinning 3rd party actions for security purposes --------- Co-authored-by: pputman12 --- .github/workflows/celo-monorepo.yml | 10 +++++----- .github/workflows/containers.yaml | 2 +- .github/workflows/protocol-devchain-anvil.yml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/celo-monorepo.yml b/.github/workflows/celo-monorepo.yml index cb9ca18efdb..42be3f77241 100644 --- a/.github/workflows/celo-monorepo.yml +++ b/.github/workflows/celo-monorepo.yml @@ -99,7 +99,7 @@ jobs: # Get workdir local changes and fail if there are any change - name: Verify Changed files id: verify-changed-files - uses: tj-actions/verify-changed-files@v20 + uses: tj-actions/verify-changed-files@6ed7632824d235029086612d4330d659005af687 with: fail-if-changed: 'true' fail-message: 'Files changed during build. Please build locally and commit the changes.' @@ -130,7 +130,7 @@ jobs: code-${{ github.sha }} - name: Detect files changed in PR (or commit), and expose as output id: changed-files - uses: tj-actions/changed-files@v43 + uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c with: # Using comma as separator to be able to easily match full paths (using ,) separator: ',' @@ -175,7 +175,7 @@ jobs: with: artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }} - name: Download protocol devchain artifact - uses: dawidd6/action-download-artifact@v6 + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 with: workflow: protocol-devchain.yml name: devchain-${{ env.RELEASE_TAG }} @@ -235,7 +235,7 @@ jobs: rebuild-package: 'true' artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }} - name: Execute matrix command for test - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e with: timeout_minutes: 40 max_attempts: 3 @@ -320,7 +320,7 @@ jobs: with: artifacts_to_cache: ${{ needs.install-dependencies.outputs.artifacts_to_cache }} - name: Execute matrix command for test - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e with: timeout_minutes: 30 max_attempts: 3 diff --git a/.github/workflows/containers.yaml b/.github/workflows/containers.yaml index 856340303de..b92c66f162d 100644 --- a/.github/workflows/containers.yaml +++ b/.github/workflows/containers.yaml @@ -28,7 +28,7 @@ jobs: - uses: actions/checkout@v4 - name: Detect files changed in PR (or commit), and expose as output id: changed-files - uses: tj-actions/changed-files@v43 + uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c with: # Using comma as separator to be able to easily match full paths (using ,) separator: ',' diff --git a/.github/workflows/protocol-devchain-anvil.yml b/.github/workflows/protocol-devchain-anvil.yml index e0344af0877..31001d8c110 100644 --- a/.github/workflows/protocol-devchain-anvil.yml +++ b/.github/workflows/protocol-devchain-anvil.yml @@ -96,7 +96,7 @@ jobs: echo "Pull Request Number: ${{ env.PR_NUMBER }}" - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 + uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 with: version: ${{ env.SUPPORTED_FOUNDRY_VERSION }}