verdnatura-mirror
/
loopback-connector
mirror of https://github.com/loopbackio/loopback-connector.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ci: pin GitHub Actions Git hash 

see: https://github.com/loopbackio/security/issues/27
Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
This commit is contained in:
Rifa Achrinza 2022-08-28 21:46:41 +08:00
parent d17b2414f5
commit ca95adb16c
1 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.github/workflows/continuous-integration.yaml vendored
View File

@ -28,9 +28,9 @@ jobs:
node_version: 16 node_version: 16
fail-fast: false fail-fast: false
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
- name: Use Node.js ${{ matrix.node-version }} - name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3 uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
- name: Bootstrap project - name: Bootstrap project
@ -38,7 +38,7 @@ jobs:
- name: Run tests - name: Run tests
run: npm run-script test:ci run: npm run-script test:ci
- name: Publish coverage report to Coveralls - name: Publish coverage report to Coveralls
uses: coverallsapp/github-action@master uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # tag=v1.1.3
with: with:
github-token: ${{ secrets.GITHUB_TOKEN }} github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: run-${{ matrix.os }}-node@${{ matrix.node-version }} flag-name: run-${{ matrix.os }}-node@${{ matrix.node-version }}
@ -50,7 +50,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Coveralls finished - name: Coveralls finished
uses: coverallsapp/github-action@master uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057 # tag=v1.1.3
with: with:
github-token: ${{ secrets.github_token }} github-token: ${{ secrets.github_token }}
parallel-finished: true parallel-finished: true
@ -59,9 +59,9 @@ jobs:
name: Code Lint name: Code Lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
- name: Use Node.js 16 - name: Use Node.js 16
uses: actions/setup-node@v3 uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
with: with:
node-version: 16 node-version: 16
- name: Bootstrap project - name: Bootstrap project
@ -73,11 +73,11 @@ jobs:
name: Commit Lint name: Commit Lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Use Node.js 16 - name: Use Node.js 16
uses: actions/setup-node@v3 uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1
with: with:
node-version: 16 node-version: 16
- name: Bootstrap project - name: Bootstrap project
@ -101,13 +101,12 @@ jobs:
security-events: write security-events: write
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v3 uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@v1 uses: github/codeql-action/init@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2.1.21
with: with:
languages: 'javascript' languages: 'javascript'
config-file: ./.github/codeql/codeql-config.yaml config-file: ./.github/codeql/codeql-config.yaml
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1 uses: github/codeql-action/analyze@c7f292ea4f542c473194b33813ccd4c207a6c725 # tag=v2.1.21