jcarr
/
gemini-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: pin GitHub Actions to SHAs (#2987) 

Co-authored-by: Jack Wotherspoon <jackwoth@google.com>
This commit is contained in:
Pascal Birchler 2025-07-11 18:46:06 +02:00 committed by GitHub
parent 23197151c2
commit ed00612cf7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/ci.yml vendored
View File

@ -20,10 +20,10 @@ jobs:
node-version: [20.x, 22.x, 24.x] node-version: [20.x, 22.x, 24.x]
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Node.js ${{ matrix.node-version }} - name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
cache: 'npm' cache: 'npm'
@ -46,7 +46,7 @@ jobs:
run: npm run typecheck run: npm run typecheck
- name: Upload build artifacts - name: Upload build artifacts
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with: with:
name: build-artifacts-${{ matrix.node-version }} name: build-artifacts-${{ matrix.node-version }}
path: | path: |
@ -65,16 +65,16 @@ jobs:
node-version: [20.x, 22.x, 24.x] # Should match the build job's matrix node-version: [20.x, 22.x, 24.x] # Should match the build job's matrix
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Node.js ${{ matrix.node-version }} - name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
cache: 'npm' cache: 'npm'
- name: Download build artifacts - name: Download build artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with: with:
name: build-artifacts-${{ matrix.node-version }} name: build-artifacts-${{ matrix.node-version }}
path: . # Download to the root, this will include package-lock.json and packages/*/dist path: . # Download to the root, this will include package-lock.json and packages/*/dist
@ -92,7 +92,7 @@ jobs:
- name: Publish Test Report (for non-forks) - name: Publish Test Report (for non-forks)
if: always() && (github.event.pull_request.head.repo.full_name == github.repository) if: always() && (github.event.pull_request.head.repo.full_name == github.repository)
uses: dorny/test-reporter@v2 uses: dorny/test-reporter@890a17cecf52a379fc869ab770a71657660be727 # v2
with: with:
name: Test Results (Node ${{ matrix.node-version }}) name: Test Results (Node ${{ matrix.node-version }})
path: packages/*/junit.xml path: packages/*/junit.xml
@ -101,13 +101,13 @@ jobs:
- name: Upload Test Results Artifact (for forks) - name: Upload Test Results Artifact (for forks)
if: always() && (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository) if: always() && (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository)
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with: with:
name: test-results-fork-${{ matrix.node-version }} name: test-results-fork-${{ matrix.node-version }}
path: packages/*/junit.xml path: packages/*/junit.xml
- name: Upload coverage reports - name: Upload coverage reports
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
if: always() if: always()
with: with:
name: coverage-reports-${{ matrix.node-version }} name: coverage-reports-${{ matrix.node-version }}
@ -127,10 +127,10 @@ jobs:
node-version: [22.x] # Reduce noise by only posting the comment once node-version: [22.x] # Reduce noise by only posting the comment once
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download coverage reports artifact - name: Download coverage reports artifact
uses: actions/download-artifact@v4 uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with: with:
name: coverage-reports-${{ matrix.node-version }} name: coverage-reports-${{ matrix.node-version }}
path: coverage_artifact # Download to a specific directory path: coverage_artifact # Download to a specific directory

2
.github/workflows/community-report.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
steps: steps:
- name: Generate GitHub App Token 🔑 - name: Generate GitHub App Token 🔑
id: generate_token id: generate_token
uses: actions/create-github-app-token@v2 uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with: with:
app-id: ${{ secrets.APP_ID }} app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }} private-key: ${{ secrets.PRIVATE_KEY }}

8
.github/workflows/e2e.yml vendored
View File

@ -16,10 +16,10 @@ jobs:
sandbox: [sandbox:none, sandbox:docker] sandbox: [sandbox:none, sandbox:docker]
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Node.js - name: Set up Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: 20.x node-version: 20.x
cache: 'npm' cache: 'npm'
@ -32,11 +32,11 @@ jobs:
- name: Set up Docker - name: Set up Docker
if: matrix.sandbox == 'sandbox:docker' if: matrix.sandbox == 'sandbox:docker'
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
- name: Set up Podman - name: Set up Podman
if: matrix.sandbox == 'sandbox:podman' if: matrix.sandbox == 'sandbox:podman'
uses: redhat-actions/podman-login@v1 uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
with: with:
registry: docker.io registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}

2
.github/workflows/gemini-automated-issue-triage.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
steps: steps:
- name: Generate GitHub App Token - name: Generate GitHub App Token
id: generate_token id: generate_token
uses: actions/create-github-app-token@v2 uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with: with:
app-id: ${{ secrets.APP_ID }} app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }} private-key: ${{ secrets.PRIVATE_KEY }}

2
.github/workflows/gemini-scheduled-issue-triage.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
steps: steps:
- name: Generate GitHub App Token - name: Generate GitHub App Token
id: generate_token id: generate_token
uses: actions/create-github-app-token@v2 uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with: with:
app-id: ${{ secrets.APP_ID }} app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }} private-key: ${{ secrets.PRIVATE_KEY }}

4
.github/workflows/gemini-scheduled-pr-triage.yml vendored
View File

@ -19,11 +19,11 @@ jobs:
prs_needing_comment: ${{ steps.run_triage.outputs.prs_needing_comment }} prs_needing_comment: ${{ steps.run_triage.outputs.prs_needing_comment }}
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Generate GitHub App Token - name: Generate GitHub App Token
id: generate_token id: generate_token
uses: actions/create-github-app-token@v2 uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with: with:
app-id: ${{ secrets.APP_ID }} app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }} private-key: ${{ secrets.PRIVATE_KEY }}

6
.github/workflows/release.yml vendored
View File

@ -48,7 +48,7 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with: with:
ref: ${{ github.sha }} ref: ${{ github.sha }}
fetch-depth: 0 fetch-depth: 0
@ -69,7 +69,7 @@ jobs:
echo "is_dry_run=${is_dry_run}" >> $GITHUB_OUTPUT echo "is_dry_run=${is_dry_run}" >> $GITHUB_OUTPUT
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '20' node-version: '20'
cache: 'npm' cache: 'npm'
@ -130,7 +130,7 @@ jobs:
npm run prepare:package npm run prepare:package
- name: Configure npm for publishing - name: Configure npm for publishing
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '20' node-version: '20'
registry-url: 'https://wombat-dressing-room.appspot.com' registry-url: 'https://wombat-dressing-room.appspot.com'