From ca95adb16cbb01c0526d340e4b273a522bc79812 Mon Sep 17 00:00:00 2001
From: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
Date: Sun, 28 Aug 2022 21:46:41 +0800
Subject: [PATCH] ci: pin GitHub Actions Git hash

see: https://github.com/loopbackio/security/issues/27
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
---
 .github/workflows/continuous-integration.yaml | 23 +++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/continuous-integration.yaml b/.github/workflows/continuous-integration.yaml
index 81a3242..d1852e8 100644
--- a/.github/workflows/continuous-integration.yaml
+++ b/.github/workflows/continuous-integration.yaml
@@ -28,9 +28,9 @@ jobs:
             node_version: 16
       fail-fast: false
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
         with:
           node-version: ${{ matrix.node-version }}
       - name: Bootstrap project
@@ -38,7 +38,7 @@ jobs:
       - name: Run tests
         run: npm run-script test:ci
       - name: Publish coverage report to Coveralls
-        uses: coverallsapp/github-action@master
+        uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # tag=v1.1.3
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           flag-name: run-${{ matrix.os }}-node@${{ matrix.node-version }}
@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Coveralls finished
-      uses: coverallsapp/github-action@master
+      uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # tag=v1.1.3
       with:
         github-token: ${{ secrets.github_token }}
         parallel-finished: true
@@ -59,9 +59,9 @@ jobs:
     name: Code Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
       - name: Use Node.js 16
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
         with:
           node-version: 16
       - name: Bootstrap project
@@ -73,11 +73,11 @@ jobs:
     name: Commit Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
         with:
           fetch-depth: 0
       - name: Use Node.js 16
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
         with:
           node-version: 16
       - name: Bootstrap project
@@ -101,13 +101,12 @@ jobs:
       security-events: write
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
-
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2.1.21
       with:
         languages: 'javascript'
         config-file: ./.github/codeql/codeql-config.yaml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2.1.21