Merge pull request #4 from ava-labs/pin-github-action

chore: pin GitHub Actions to commit SHAs

Author: GeneralZero

.github/workflows/build.yml

@@ -5,13 +5,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2.3.1
+        uses: actions/checkout@28c7f3d2b5162b5ddd3dfd9a45aa55eaf396478b # v2.3.1
         with:
           submodules: recursive
 
       - name: Get changed files
         id: changed-files
-        uses: step-security/changed-files@v45
+        uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 # v45
 
       - name: Check changed files
         run: |

.github/workflows/deploy.yml

@@ -7,31 +7,31 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout	
-        uses: actions/checkout@v2.3.1
+        uses: actions/checkout@28c7f3d2b5162b5ddd3dfd9a45aa55eaf396478b # v2.3.1
         with:
           submodules: recursive
       - name: Build
         run: |
           ./gradlew run
       - name: Set Node.js 18.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3
         with:
           node-version: 18.x
       - name: Run yarn install
-        uses: borales/actions-yarn@v4
+        uses: borales/actions-yarn@31e8b9ba96946b034c571eb19c7cba0d668dc97e # v4
         with:
          dir: 'website'
          cmd: install # will run `yarn install` command
       - name: Run yarn build
-        uses: borales/actions-yarn@v4
+        uses: borales/actions-yarn@31e8b9ba96946b034c571eb19c7cba0d668dc97e # v4
         with:
           dir: 'website'
           cmd: run build # will run `yarn test` command     
       - name: Merge
         run: |
           cp -a output/. website/public/
       - name: Deploy
-        uses: JamesIves/github-pages-deploy-action@4.1.4
+        uses: JamesIves/github-pages-deploy-action@5dc1d5a192aeb5ab5b7d5a77b7d36aea4a7f5c92 # 4.1.4
         with:
           branch: gh-pages
           folder: website/public

.github/workflows/post_merge_comment.yml

@@ -8,7 +8,7 @@ jobs:
     name: Comment after PR merge
     steps:
       - name: Comment PR
-        uses: thollander/actions-comment-pull-request@v2
+        uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           message: |

.github/workflows/pr_checks.yml

@@ -7,26 +7,26 @@ jobs:
   validate_icons:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       with:
         fetch-depth: 0
 
-    - uses: nrwl/nx-set-shas@v3
+    - uses: nrwl/nx-set-shas@0e2d18b530b83b68263ff7b74e46b1ba300c83fc # v3
       id: last_successful_commit_push
       with:
         main-branch-name: master
         workflow-id: 'pr_checks.yml'
 
     - name: Get changed icons
       id: changed-icons
-      uses: step-security/changed-files@v45
+      uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 # v45
       with:
         files: _data/icons/*.json
         base_sha: ${{ steps.last_successful_commit_push.outputs.base }}
 
     - name: Get changed icon blobs
       id: changed-icon-blobs
-      uses: step-security/changed-files@v45
+      uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 # v45
       with:
         files: _data/iconsDownload/*
         base_sha: ${{ steps.last_successful_commit_push.outputs.base }}
@@ -109,19 +109,19 @@ jobs:
   validate_formatting:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       with:
         fetch-depth: 0
 
-    - uses: nrwl/nx-set-shas@v3
+    - uses: nrwl/nx-set-shas@0e2d18b530b83b68263ff7b74e46b1ba300c83fc # v3
       id: last_successful_commit_push
       with:
         main-branch-name: master
         workflow-id: 'pr_checks.yml'
 
     - name: Get changed files
       id: changed-files
-      uses: step-security/changed-files@v45
+      uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 # v45
       with:
         files: _data/*/*.json
         base_sha: ${{ steps.last_successful_commit_push.outputs.base }}

.github/workflows/prettier.yml

@@ -8,8 +8,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repo
-        uses: actions/checkout@v2
-      - uses: actions/cache@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
+      - uses: actions/cache@8492260343ad570701412c2f464a5877dc76bace # v2
         name: Configure npm caching
         with:
           path: ~/.npm

.github/workflows/rebase.yml

@@ -14,12 +14,12 @@ jobs:
       )
     steps:
       - name: Checkout the latest code
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
       - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.7
+        uses: cirrus-actions/rebase@6e572f08c244e2f04f9beb85a943eb618218714d # 1.7
         with:
           autosquash: ${{ contains(github.event.comment.body, '/autosquash') || contains(github.event.comment.body, '/rebase-autosquash') }}
         env:

.github/workflows/stale.yml

@@ -7,7 +7,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@a20b814fb01b71def3bd6f56e7494d667ddf28da # v4
         with:
           stale-issue-message: 'This issue has no activity in a while - it will be closed soon.'
           exempt-issue-labels: enhancement

.github/workflows/validate_json.yml

@@ -9,8 +9,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Check out repo
-      uses: actions/checkout@v2
-    - uses: actions/cache@v2
+      uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
+    - uses: actions/cache@8492260343ad570701412c2f464a5877dc76bace # v2
       name: Configure npm caching
       with:
         path: ~/.npm