Skip to content

Commit 6f41cf2

Browse files
clintonsteinerclintonsteiner
committed
gha: pin actions
prevent repo-takeover attack vulnerability recommended by https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions
1 parent be6e9ca commit 6f41cf2

File tree

3 files changed

+7
-7
lines changed

3 files changed

+7
-7
lines changed

.github/workflows/bot-pr-new.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
runs-on: ubuntu-latest
2020
steps:
2121
- name: Fetch pull request branch
22-
uses: actions/checkout@v2
22+
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
2323
with:
2424
repository: ${{ github.event.client_payload.pull_request.head.repo.full_name }}
2525
ref: ${{ github.event.client_payload.pull_request.head.sha }}

.github/workflows/ci.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,8 @@ jobs:
1111
name: Notebook format
1212
runs-on: ubuntu-latest
1313
steps:
14-
- uses: actions/setup-python@v1
15-
- uses: actions/checkout@v2
14+
- uses: actions/setup-python@0f07f7f756721ebd886c2462646a35f78a8bc4de # v1.2.4
15+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
1616
- name: Fetch master branch
1717
run: git fetch -u origin master:master
1818
- name: Install tensorflow-docs
@@ -33,8 +33,8 @@ jobs:
3333
name: Notebook lint
3434
runs-on: ubuntu-latest
3535
steps:
36-
- uses: actions/setup-python@v1
37-
- uses: actions/checkout@v2
36+
- uses: actions/setup-python@0f07f7f756721ebd886c2462646a35f78a8bc4de # v1.2.4
37+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
3838
- name: Fetch master branch
3939
run: git fetch -u origin master:master
4040
- name: Install tensorflow-docs
@@ -56,7 +56,7 @@ jobs:
5656
name: Notebook outputs removed
5757
runs-on: ubuntu-latest
5858
steps:
59-
- uses: actions/checkout@v2
59+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
6060
- name: Fetch master branch
6161
run: git fetch -u origin master:master
6262
- name: Check for output cells

.github/workflows/stale.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
pull-requests: write
2121

2222
steps:
23-
- uses: actions/stale@v9
23+
- uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
2424
with:
2525
repo-token: ${{ secrets.GITHUB_TOKEN }}
2626
days-before-issue-stale: 14

0 commit comments

Comments
 (0)