diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index c2c8df63..e1308bad 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -20,7 +20,7 @@ jobs: steps: - name: ๐Ÿ“ฅ Checkout code - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} show-progress: false @@ -28,19 +28,19 @@ jobs: fetch-depth: 0 - name: ๐Ÿž Setup Bun - uses: oven-sh/setup-bun@v2.0.2 + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 with: # @todo: update to 1.x once this is fixed: https://github.com/streamyfin/streamyfin/pull/690#discussion_r2089749689 bun-version: '1.2.13' - name: โ˜• Setup JDK - uses: actions/setup-java@v4.7.1 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: 'zulu' java-version: '17' - name: ๐Ÿ’พ Cache Bun dependencies - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: path: ~/.bun/install/cache key: ${{ runner.os }}-bun-cache-${{ hashFiles('bun.lock') }} @@ -53,7 +53,7 @@ jobs: bun run submodule-reload - name: ๐Ÿ’พ Cache Android dependencies - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: path: | android/.gradle @@ -71,7 +71,7 @@ jobs: run: echo "DATE_TAG=$(date +%d-%m-%Y_%H-%M-%S)" >> $GITHUB_ENV - name: ๐Ÿ“ค Upload APK artifact - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: streamyfin-apk-${{ github.sha }}-${{ env.DATE_TAG }} path: | diff --git a/.github/workflows/build-ios.yml b/.github/workflows/build-ios.yml index f5d00a25..4b023b76 100644 --- a/.github/workflows/build-ios.yml +++ b/.github/workflows/build-ios.yml @@ -18,7 +18,7 @@ jobs: steps: - name: ๐Ÿ“ฅ Check out repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} show-progress: false @@ -26,13 +26,13 @@ jobs: fetch-depth: 0 - name: ๐Ÿž Setup Bun - uses: oven-sh/setup-bun@v2.0.2 + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 with: # @todo: update to 1.x once this is fixed: https://github.com/streamyfin/streamyfin/pull/690#discussion_r2089749689 bun-version: '1.2.13' - name: ๐Ÿ’พ Cache Bun dependencies - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 with: path: ~/.bun/install/cache key: ${{ runner.os }}-bun-cache-${{ hashFiles('bun.lock') }} @@ -45,7 +45,7 @@ jobs: npx expo prebuild - name: ๐Ÿ—๏ธ Build iOS app - uses: sparkfabrik/ios-build-action@v2.3.2 + uses: sparkfabrik/ios-build-action@be021d9f600b104d199a500db7ba479149a6b257 # v2.3.2 with: upload-to-testflight: false increment-build-number: false @@ -78,7 +78,7 @@ jobs: run: echo "DATE_TAG=$(date +%d-%m-%Y_%H-%M-%S)" >> $GITHUB_ENV - name: ๐Ÿ“ค Upload IPA artifact - uses: actions/upload-artifact@v4.6.2 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: streamyfin-ipa-${{ github.sha }}-${{ env.DATE_TAG }} path: build-*.ipa diff --git a/.github/workflows/check-lockfile.yml b/.github/workflows/check-lockfile.yml index 4af3a94d..4332a14b 100644 --- a/.github/workflows/check-lockfile.yml +++ b/.github/workflows/check-lockfile.yml @@ -19,7 +19,7 @@ jobs: steps: - name: ๐Ÿ“ฅ Checkout repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} show-progress: false @@ -27,13 +27,13 @@ jobs: fetch-depth: 0 - name: ๐Ÿž Setup Bun - uses: oven-sh/setup-bun@v2.0.2 + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 # @todo: update to 1.x once this is fixed: https://github.com/streamyfin/streamyfin/pull/690#discussion_r2089749689 with: bun-version: '1.2.13' - name: ๐Ÿ’พ Cache Bun dependencies - uses: actions/cache@v4.2.3 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.bun/install/cache diff --git a/.github/workflows/check_spelling.yaml b/.github/workflows/check_spelling.yaml index 1c174500..e6cbea66 100644 --- a/.github/workflows/check_spelling.yaml +++ b/.github/workflows/check_spelling.yaml @@ -30,7 +30,7 @@ jobs: steps: - name: ๐Ÿ“ฅ Checkout repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} show-progress: false diff --git a/.github/workflows/ci-codeql.yml b/.github/workflows/ci-codeql.yml index ebf9ead1..b7abf8c7 100644 --- a/.github/workflows/ci-codeql.yml +++ b/.github/workflows/ci-codeql.yml @@ -24,20 +24,20 @@ jobs: steps: - name: ๐Ÿ“ฅ Checkout repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} show-progress: false fetch-depth: 0 - name: ๐Ÿ Initialize CodeQL - uses: github/codeql-action/init@v3.28.17 + uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 with: languages: ${{ matrix.language }} queries: +security-extended,security-and-quality - name: ๐Ÿ› ๏ธ Autobuild - uses: github/codeql-action/autobuild@v3.28.17 + uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 - name: ๐Ÿงช Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.1 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/conflict.yml b/.github/workflows/conflict.yml index 2699ccb7..6bc62e73 100644 --- a/.github/workflows/conflict.yml +++ b/.github/workflows/conflict.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - name: ๐Ÿšฉ Apply merge conflict label - uses: eps1lon/actions-label-merge-conflict@v3.0.3 + uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3 with: dirtyLabel: 'merge-conflict' commentOnDirty: 'This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.' diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 411e4bbc..bd4b76a8 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -17,12 +17,12 @@ jobs: pull-requests: write contents: read steps: - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 id: lint_pr_title env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: marocchino/sticky-pull-request-comment@v2.9.2 + - uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2 if: always() && (steps.lint_pr_title.outputs.error_message != null) with: header: pr-title-lint-error @@ -36,7 +36,7 @@ jobs: ``` - if: ${{ steps.lint_pr_title.outputs.error_message == null }} - uses: marocchino/sticky-pull-request-comment@v2.9.2 + uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2 with: header: pr-title-lint-error delete: true @@ -48,13 +48,13 @@ jobs: contents: read steps: - name: Checkout Repository - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - name: Dependency Review - uses: actions/dependency-review-action@v4.7.1 + uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1 with: fail-on-severity: high deny-licenses: GPL-3.0, AGPL-3.0 @@ -72,19 +72,19 @@ jobs: - "check" steps: - name: "๐Ÿ“ฅ Checkout PR code" - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} submodules: recursive fetch-depth: 0 - name: "๐ŸŸข Setup Node.js" - uses: actions/setup-node@v4.4.0 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: '20.x' - name: "๐Ÿž Setup Bun" - uses: oven-sh/setup-bun@v2.0.2 + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 with: # @todo: update to 1.x once this is fixed: https://github.com/streamyfin/streamyfin/pull/690#discussion_r2089749689 bun-version: '1.2.13' diff --git a/.github/workflows/notification.yml b/.github/workflows/notification.yml index 2b882073..86e92ab8 100644 --- a/.github/workflows/notification.yml +++ b/.github/workflows/notification.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: ๐Ÿ›Ž๏ธ Notify Discord - uses: Ilshidur/action-discord@0.3.2 + uses: Ilshidur/action-discord@0c4b27844ba47cb1c7bee539c8eead5284ce9fa9 # 0.3.2 env: DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }} DISCORD_AVATAR: https://avatars.githubusercontent.com/u/193271640 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ec7177cd..fe0c2526 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -15,7 +15,7 @@ jobs: steps: - name: ๐Ÿ”„ Mark/Close Stale Issues - uses: actions/stale@v9.1.0 + uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: # Global settings repo-token: ${{ secrets.GITHUB_TOKEN }}