From ed050c4fedcc6b8344e3e48a6fba4cb0318a815a Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:17 +0200 Subject: [PATCH 1/6] chore: pin actions to SHA in .github/workflows/commitizen.yml --- .github/workflows/commitizen.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/commitizen.yml b/.github/workflows/commitizen.yml index 106b920..18bfb96 100644 --- a/.github/workflows/commitizen.yml +++ b/.github/workflows/commitizen.yml @@ -8,12 +8,12 @@ jobs: check_pr_title: name: check_pr_title if: github.event_name == 'pull_request' - uses: dfinity/ci-tools/.github/workflows/check-pr-title.yaml@main + uses: dfinity/ci-tools/.github/workflows/check-pr-title.yaml@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main check_commit_messages: name: check_commit_messages if: github.event_name == 'merge_group' - uses: dfinity/ci-tools/.github/workflows/check-commit-messages.yaml@main + uses: dfinity/ci-tools/.github/workflows/check-commit-messages.yaml@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main commitizen: name: commitizen:required From 364f4d6df234f8add45e8caccae0d8cf8752ca74 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:19 +0200 Subject: [PATCH 2/6] chore: pin actions to SHA in .github/workflows/create-release-pr.yml --- .github/workflows/create-release-pr.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 4542b2f..bb99a35 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -18,29 +18,29 @@ jobs: contents: write steps: - name: Create GitHub App Token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0 id: generate_token with: app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }} - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: Setup Python - uses: dfinity/ci-tools/actions/setup-python@main + uses: dfinity/ci-tools/actions/setup-python@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Setup Commitizen - uses: dfinity/ci-tools/actions/setup-commitizen@main + uses: dfinity/ci-tools/actions/setup-commitizen@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Setup PNPM - uses: dfinity/ci-tools/actions/setup-pnpm@main + uses: dfinity/ci-tools/actions/setup-pnpm@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Bump version id: bump_version - uses: dfinity/ci-tools/actions/bump-version@main + uses: dfinity/ci-tools/actions/bump-version@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main with: prerelease: ${{ inputs.beta_release == true && 'beta' || '' }} major_version_zero: true @@ -52,7 +52,7 @@ jobs: run: echo "Bumping to version ${{ steps.bump_version.outputs.version }}" - name: Create Pull Request - uses: dfinity/ci-tools/actions/create-pr@main + uses: dfinity/ci-tools/actions/create-pr@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main with: token: ${{ steps.generate_token.outputs.token }} branch_name: 'release/${{ steps.bump_version.outputs.version }}' From 6b4d1051da82e855bda5d6725d11abba8caf65cc Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:21 +0200 Subject: [PATCH 3/6] chore: pin actions to SHA in .github/workflows/generate-changelog.yml --- .github/workflows/generate-changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/generate-changelog.yml b/.github/workflows/generate-changelog.yml index 9258930..96d0761 100644 --- a/.github/workflows/generate-changelog.yml +++ b/.github/workflows/generate-changelog.yml @@ -7,7 +7,7 @@ on: jobs: generate_changelog: - uses: dfinity/ci-tools/.github/workflows/generate-changelog.yaml@main + uses: dfinity/ci-tools/.github/workflows/generate-changelog.yaml@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main with: token_app_id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }} environment: create-prs From 306c548d947cf0a7183ed63f1960495a57b100dd Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:23 +0200 Subject: [PATCH 4/6] chore: pin actions to SHA in .github/workflows/lint.yml --- .github/workflows/lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 08d0f81..7648177 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,10 +10,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup PNPM - uses: dfinity/ci-tools/actions/setup-pnpm@main + uses: dfinity/ci-tools/actions/setup-pnpm@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Check TypeScript Formatting run: pnpm format:check From c26d3df83bf9a61a559cb41157d3c3ae98922e46 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:25 +0200 Subject: [PATCH 5/6] chore: pin actions to SHA in .github/workflows/release.yml --- .github/workflows/release.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2a51406..f3a3755 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,30 +20,30 @@ jobs: id-token: write steps: - name: Checkout Code - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Setup Python - uses: dfinity/ci-tools/actions/setup-python@main + uses: dfinity/ci-tools/actions/setup-python@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Setup Commitizen - uses: dfinity/ci-tools/actions/setup-commitizen@main + uses: dfinity/ci-tools/actions/setup-commitizen@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Setup PNPM - uses: dfinity/ci-tools/actions/setup-pnpm@main + uses: dfinity/ci-tools/actions/setup-pnpm@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Determine if Beta Release id: is_beta - uses: dfinity/ci-tools/actions/is-beta-tag@main + uses: dfinity/ci-tools/actions/is-beta-tag@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Build NPM packages run: pnpm build - name: Generate release notes - uses: dfinity/ci-tools/actions/generate-release-notes@main + uses: dfinity/ci-tools/actions/generate-release-notes@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Publish to npm id: publish - uses: dfinity/ci-tools/actions/npm-publish@main + uses: dfinity/ci-tools/actions/npm-publish@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main with: is_beta: ${{ steps.is_beta.outputs.is_beta_tag }} From b4602a3a701013b69e74782831f716bebf63fd68 Mon Sep 17 00:00:00 2001 From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:27 +0200 Subject: [PATCH 6/6] chore: pin actions to SHA in .github/workflows/test.yml --- .github/workflows/test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b163bee..6b9d586 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,10 +10,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Setup PNPM - uses: dfinity/ci-tools/actions/setup-pnpm@main + uses: dfinity/ci-tools/actions/setup-pnpm@afeee4fbdc0683a88ec5a74ed7f59a2ce0e833ad # main - name: Test run: pnpm test