daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tools: use hashes instead of tags for external actions (#43284) 

Using tags is a security risk, as they can be updated to point to
anything else.

Refs: https://github.com/nodejs/corepack/pull/117#discussion_r886913592

PR-URL: https://github.com/nodejs/node/pull/43284
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
pull/43350/head
Antoine du Hamel 2022-06-05 21:45:18 +02:00 committed by GitHub
parent 815e74b80d
commit c7c8d8683a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/authors.yml vendored
View File

@ -16,7 +16,9 @@ jobs:
fetch-depth: '0' # This is required to actually get all the authors
persist-credentials: false
- run: tools/update-authors.mjs # Run the AUTHORS tool
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:

4
.github/workflows/find-inactive-collaborators.yml vendored
View File

@ -30,7 +30,9 @@ jobs:
run: tools/find-inactive-collaborators.mjs
- name: Open pull request
uses: gr2m/create-or-update-pull-request-action@v1
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:

4
.github/workflows/find-inactive-tsc.yml vendored
View File

@ -39,7 +39,9 @@ jobs:
run: tools/find-inactive-tsc.mjs >> $GITHUB_ENV
- name: Open pull request
uses: gr2m/create-or-update-pull-request-action@v1
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:

4
.github/workflows/license-builder.yml vendored
View File

@ -15,7 +15,9 @@ jobs:
with:
persist-credentials: false
- run: ./tools/license-builder.sh # Run the license builder tool
- uses: gr2m/create-or-update-pull-request-action@v1.x # Create a PR or update the Action's existing PR
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:

2
.github/workflows/linters.yml vendored
View File

@ -164,7 +164,7 @@ jobs:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: mszostok/codeowners-validator@v0.6.0
- uses: mszostok/codeowners-validator@7f3f5e28c6d7b8dfae5731e54ce2272ca384592f
with:
checks: files,duppatterns
lint-pr-url:

2
.github/workflows/notify-force-push.yml vendored
View File

@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Slack Notification
uses: rtCamp/action-slack-notify@master
uses: rtCamp/action-slack-notify@12e36fc18b0689399306c2e0b3e0f2978b7f1ee7
env:
SLACK_COLOR: '#DE512A'
SLACK_ICON: https://github.com/nodejs.png?size=48

4
.github/workflows/tools.yml vendored
View File

@ -80,7 +80,9 @@ jobs:
with:
persist-credentials: false
- run: ${{ matrix.run }}
- uses: gr2m/create-or-update-pull-request-action@v1 # Create a PR or update the Action's existing PR
- uses: gr2m/create-or-update-pull-request-action@466b1b84c3291c6c69bc56377a6de54a1f4a297c
# Creates a PR or update the Action's existing PR, or
# no-op if the base branch is already up-to-date.
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with: