From 12efb00e9b7d2e42685fc8b2ac76742d9b6181f2 Mon Sep 17 00:00:00 2001 From: artus9033 Date: Tue, 12 May 2026 17:06:10 +0200 Subject: [PATCH] ci: pin SHA checksums of actions, disable cache in docs & package deploy workflows --- .github/actions/setup/action.yml | 17 +++++++++++++++-- .github/workflows/deploy-docs.yml | 10 ++++++---- .github/workflows/lint-android.yml | 4 ++-- .github/workflows/lint-docs.yml | 4 +++- .github/workflows/lint-objc.yml | 4 ++-- .github/workflows/lint-swift.yml | 4 ++-- .github/workflows/lint-ts.yml | 4 +++- .github/workflows/release.yml | 16 ++++++---------- .github/workflows/test-e2e-android.yaml | 4 +++- .github/workflows/test-e2e-ios.yaml | 4 +++- .github/workflows/test-integration-node.yml | 4 +++- .github/workflows/test-unit-licenses-api.yml | 4 +++- 12 files changed, 51 insertions(+), 28 deletions(-) diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml index 61c64772..ee90d4df 100644 --- a/.github/actions/setup/action.yml +++ b/.github/actions/setup/action.yml @@ -1,13 +1,26 @@ name: Setup description: Setup Node.js and install dependencies +inputs: + enable-cache: + description: When true, enable Yarn dependency caching in actions/setup-node + required: true + type: boolean + runs: using: composite steps: - name: Setup Node.js - uses: actions/setup-node@v5 + if: ${{ inputs.enable-cache }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + cache: yarn + node-version: 24 + + - name: Setup Node.js + if: ${{ !inputs.enable-cache }} + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: - cache: 'yarn' node-version: 24 - name: Install dependencies diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index 4c8b27a7..b2793aa5 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -21,14 +21,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Not needed if lastUpdated is not enabled - name: Setup uses: ./.github/actions/setup + with: + enable-cache: false - name: Setup Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - name: Install dependencies working-directory: docs @@ -40,7 +42,7 @@ jobs: yarn run build - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: docs/doc_build @@ -55,4 +57,4 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 diff --git a/.github/workflows/lint-android.yml b/.github/workflows/lint-android.yml index 9921123d..e05612e7 100644 --- a/.github/workflows/lint-android.yml +++ b/.github/workflows/lint-android.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set Java version - uses: actions/setup-java@v4 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: distribution: 'temurin' java-version: '17' diff --git a/.github/workflows/lint-docs.yml b/.github/workflows/lint-docs.yml index 6fc213f4..9ab26a53 100644 --- a/.github/workflows/lint-docs.yml +++ b/.github/workflows/lint-docs.yml @@ -15,12 +15,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup uses: ./.github/actions/setup + with: + enable-cache: true - name: Run linter run: yarn lint:docs diff --git a/.github/workflows/lint-objc.yml b/.github/workflows/lint-objc.yml index 760295ee..3477a265 100644 --- a/.github/workflows/lint-objc.yml +++ b/.github/workflows/lint-objc.yml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Lint ObjC with clang-format - uses: RafikFarhad/clang-format-github-action@v4 + uses: RafikFarhad/clang-format-github-action@27cc2adf6e733d30c8ce3ca3944f3b2c7b13e1f5 # v6.0.1 with: sources: "packages/react-native-legal/**/*.h,packages/react-native-legal/**/*.m,packages/react-native-legal/**/*.mm" style: file diff --git a/.github/workflows/lint-swift.yml b/.github/workflows/lint-swift.yml index 19014c31..510a6936 100644 --- a/.github/workflows/lint-swift.yml +++ b/.github/workflows/lint-swift.yml @@ -15,12 +15,12 @@ jobs: runs-on: macos-15 steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Install Swift - uses: swift-actions/setup-swift@v2 + uses: swift-actions/setup-swift@7ca6abe6b3b0e8b5421b88be48feee39cbf52c6a # v2.4.0 with: swift-version: '6' diff --git a/.github/workflows/lint-ts.yml b/.github/workflows/lint-ts.yml index 4d61485c..4ac96bfd 100644 --- a/.github/workflows/lint-ts.yml +++ b/.github/workflows/lint-ts.yml @@ -23,12 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup uses: ./.github/actions/setup + with: + enable-cache: true - name: Run linter run: yarn lint:js diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 584b5f12..88510881 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,22 +18,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - - name: Setup Node.js - uses: actions/setup-node@v5 + + - name: Setup + uses: ./.github/actions/setup with: - node-version: 24 - cache: yarn - - - name: Install Dependencies - run: yarn install --immutable + enable-cache: false - name: Create Release Pull Request or Publish to npm id: changesets - uses: changesets/action@v1.7.0 + uses: changesets/action@63a615b9cd06ba9a3e6d13796c7fbcb080a60a0b # v1.8.0 with: version: yarn run version commit: "chore: version packages" diff --git a/.github/workflows/test-e2e-android.yaml b/.github/workflows/test-e2e-android.yaml index 6eb837ef..eabffaf6 100644 --- a/.github/workflows/test-e2e-android.yaml +++ b/.github/workflows/test-e2e-android.yaml @@ -44,12 +44,14 @@ jobs: sudo udevadm trigger --name-match=kvm - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup uses: ./.github/actions/setup + with: + enable-cache: true - name: Install Maestro uses: ./.github/actions/installMaestro diff --git a/.github/workflows/test-e2e-ios.yaml b/.github/workflows/test-e2e-ios.yaml index da6c8d17..07abdb88 100644 --- a/.github/workflows/test-e2e-ios.yaml +++ b/.github/workflows/test-e2e-ios.yaml @@ -38,12 +38,14 @@ jobs: simulator: ['iPhone 16 Pro (18.5)'] steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup uses: ./.github/actions/setup + with: + enable-cache: true - name: Install Maestro uses: ./.github/actions/installMaestro diff --git a/.github/workflows/test-integration-node.yml b/.github/workflows/test-integration-node.yml index 17e10c7b..f94566fc 100644 --- a/.github/workflows/test-integration-node.yml +++ b/.github/workflows/test-integration-node.yml @@ -25,12 +25,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup uses: ./.github/actions/setup + with: + enable-cache: true - name: Run integration tests run: yarn workspace license-kit-node-example test diff --git a/.github/workflows/test-unit-licenses-api.yml b/.github/workflows/test-unit-licenses-api.yml index 8b312199..31f01427 100644 --- a/.github/workflows/test-unit-licenses-api.yml +++ b/.github/workflows/test-unit-licenses-api.yml @@ -22,12 +22,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup uses: ./.github/actions/setup + with: + enable-cache: true - name: Run unit tests run: yarn workspace @callstack/licenses test