diff --git a/.github/workflows/block-claude-coauthor.yml b/.github/workflows/block-claude-coauthor.yml index 5dbaba9..6a25db3 100644 --- a/.github/workflows/block-claude-coauthor.yml +++ b/.github/workflows/block-claude-coauthor.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3f45aa..7ca8757 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: matrix: os: [ubuntu-latest, macos-latest, windows-latest] steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -57,7 +57,7 @@ jobs: name: Semgrep runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -93,7 +93,7 @@ jobs: name: Swift menubar build runs-on: macos-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/release-menubar.yml b/.github/workflows/release-menubar.yml index 242e901..db08ade 100644 --- a/.github/workflows/release-menubar.yml +++ b/.github/workflows/release-menubar.yml @@ -34,7 +34,7 @@ jobs: runs-on: macos-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -66,7 +66,7 @@ jobs: - name: Upload artifact (for manual runs) if: github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: CodeBurnMenubar-${{ steps.version.outputs.value }} path: mac/.build/dist/CodeBurnMenubar-*.zip @@ -77,7 +77,7 @@ jobs: # On a `v*` tag, the npm + tray workflows are also publishing to the # SAME GitHub release in parallel, so files just stack. if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/mac-v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ github.ref_name }} name: Menubar ${{ steps.version.outputs.value }} diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml index 5cdab6a..bdf6cc1 100644 --- a/.github/workflows/release-npm.yml +++ b/.github/workflows/release-npm.yml @@ -27,7 +27,7 @@ jobs: publish: runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -108,7 +108,7 @@ jobs: - name: Attach SBOM to GitHub release if: startsWith(github.ref, 'refs/tags/v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ github.ref_name }} files: codeburn-sbom.cdx.json @@ -130,7 +130,7 @@ jobs: steps: - name: Mint GitHub App installation token id: app-token - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: ${{ secrets.HOMEBREW_TAP_APP_ID }} private-key: ${{ secrets.HOMEBREW_TAP_APP_PRIVATE_KEY }} @@ -161,7 +161,7 @@ jobs: echo " SHA-256: $SHA" - name: Checkout homebrew tap - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: soumyadebroy3/homebrew-codeburn token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/release-tray.yml b/.github/workflows/release-tray.yml index e148c5d..573eb53 100644 --- a/.github/workflows/release-tray.yml +++ b/.github/workflows/release-tray.yml @@ -31,7 +31,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -66,7 +66,7 @@ jobs: uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable @ 2025 pin — bump SHA to update Rust toolchain action - name: Cache Cargo build - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: path: | ~/.cargo/bin/ @@ -83,7 +83,7 @@ jobs: - name: Upload artifact (manual runs) if: github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: codeburn-tray-${{ steps.version.outputs.value }} path: | @@ -124,7 +124,7 @@ jobs: - name: Create / update GitHub Release if: startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/tray-v') - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: tag_name: ${{ github.ref_name }} name: Tray ${{ steps.version.outputs.value }}