Feat: Hashpin sensitive dependencies on GitHub Actions and enable Dependabot to update them monthly (#3892)

* feat: hashpin sensitive dependencies on GHAs Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> * feat: enable dependabot for monthly updates on GHA Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com> --------- Signed-off-by: Diogo Teles Sant'Anna <diogoteles@google.com>
author: Diogo Teles Sant'Anna <diogoteles@google.com> 2023-12-13 04:17:13 (GMT)
committer: GitHub <noreply@github.com> 2023-12-13 04:17:13 (GMT)
commit: b7423ffbe5826697e293963706c75b2dfe9d2788 (patch)
tree: 607607fb6a15528de5d0eb7cc9ed51a19a1a4f34 /.github/workflows/release-files.yml
parent: e81fb9eddf4643a4b31b155403e1d475b6e5af17 (diff)
download: hdf5-b7423ffbe5826697e293963706c75b2dfe9d2788.zip
hdf5-b7423ffbe5826697e293963706c75b2dfe9d2788.tar.gz
hdf5-b7423ffbe5826697e293963706c75b2dfe9d2788.tar.bz2
1 files changed, 11 insertions, 11 deletions
diff --git a/.github/workflows/release-files.yml b/.github/workflows/release-files.yml
index 5a31544..2505534 100644
--- a/.github/workflows/release-files.yml
+++ b/.github/workflows/release-files.yml
@@ -40,14 +40,14 @@ jobs:
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - name: Get Sources
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
 
       - run: |
           git checkout ${{ inputs.file_sha }}
 
-      - uses: rickstaa/action-create-tag@v1
+      - uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 # v1.7.2
         id: "tag_create"
         with:
           commit_sha: ${{ inputs.file_sha }}
@@ -75,7 +75,7 @@ jobs:
 
       # Get files created by tarball script
       - name: Get doxygen (Linux)
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
               name: docs-doxygen
               path: ${{ github.workspace }}/${{ steps.get-file-base.outputs.FILE_BASE }}.doxygen
@@ -84,32 +84,32 @@ jobs:
         run: zip -r ${{ steps.get-file-base.outputs.FILE_BASE }}.doxygen.zip ./${{ steps.get-file-base.outputs.FILE_BASE }}.doxygen
 
       - name: Get tgz-tarball (Linux)
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
               name: tgz-tarball
               path: ${{ github.workspace }}
 
       - name: Get zip-tarball (Windows)
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
               name: zip-tarball
               path: ${{ github.workspace }}
 
       # Get files created by cmake-ctest script
       - name: Get published binary (Windows)
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
               name: zip-vs2022-binary
               path: ${{ github.workspace }}
 
       - name: Get published binary (MacOS)
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
               name: tgz-osx12-binary
               path: ${{ github.workspace }}
 
       - name: Get published binary (Linux)
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
               name: tgz-ubuntu-2204-binary
               path: ${{ github.workspace }}
@@ -121,7 +121,7 @@ jobs:
       - name: PreRelease tag
         id: create_prerelease
         if: ${{ (inputs.use_environ == 'snapshots') }}
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
         with:
           tag_name: "${{ inputs.use_tag }}"
           prerelease: true
@@ -138,7 +138,7 @@ jobs:
       - name: Release tag
         id: create_release
         if: ${{ (inputs.use_environ == 'release') }}
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
         with:
           tag_name: "${{ inputs.use_tag }}"
           prerelease: false
@@ -158,7 +158,7 @@ jobs:
               ls ${{ runner.workspace }}
 
       - name: dev-only-docs
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ${{ github.workspace }}/${{ steps.get-file-base.outputs.FILE_BASE }}.doxygen
author	Diogo Teles Sant'Anna <diogoteles@google.com>	2023-12-13 04:17:13 (GMT)
committer	GitHub <noreply@github.com>	2023-12-13 04:17:13 (GMT)
commit	b7423ffbe5826697e293963706c75b2dfe9d2788 (patch)
tree	607607fb6a15528de5d0eb7cc9ed51a19a1a4f34 /.github/workflows/release-files.yml
parent	e81fb9eddf4643a4b31b155403e1d475b6e5af17 (diff)
download	hdf5-b7423ffbe5826697e293963706c75b2dfe9d2788.zip hdf5-b7423ffbe5826697e293963706c75b2dfe9d2788.tar.gz hdf5-b7423ffbe5826697e293963706c75b2dfe9d2788.tar.bz2