ci: pin GitHub Actions Git hash

achrinza · achrinza · commit 210e3a9ea8bf · 2022-08-28T21:38:24.000+08:00
see: loopbackio/security#27 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
diff --git a/.github/workflows/continuous-integration.yaml b/.github/workflows/continuous-integration.yaml
@@ -28,9 +28,9 @@ jobs:
             node_version: 14
       fail-fast: false
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
         with:
           node-version: ${{ matrix.node-version }}
       - name: Update NPM
@@ -44,7 +44,7 @@ jobs:
       - name: Run tests
         run: npm test --ignore-scripts
       - name: Publish coverage report to Coveralls
-        uses: coverallsapp/github-action@master
+        uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # tag=v1.1.3
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           flag-name: run-${{ matrix.os }}-node@${{ matrix.node-version }}
@@ -57,7 +57,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Coveralls finished
-      uses: coverallsapp/github-action@master
+      uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # tag=v1.1.3
       with:
         github-token: ${{ secrets.github_token }}
         parallel-finished: true
@@ -66,9 +66,9 @@ jobs:
     name: Code Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
       - name: Use Node.js 14
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
         with:
           node-version: 14
       - name: Bootstrap project
@@ -80,11 +80,11 @@ jobs:
     name: Commit Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
         with:
           fetch-depth: 0
       - name: Use Node.js 14
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
         with:
           node-version: 14
       - name: Bootstrap project
@@ -100,13 +100,13 @@ jobs:
       security-events: write
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2.1.21
       with:
         languages: 'javascript'
         config-file: ./.github/codeql/codeql-config.yaml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2.1.21
