jcarr
/
gemini-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: pin GitHub Actions to SHAs (#2987) 

Co-authored-by: Jack Wotherspoon <jackwoth@google.com>
This commit is contained in:
Pascal Birchler 2025-07-11 18:46:06 +02:00 committed by GitHub
parent 23197151c2
commit ed00612cf7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/ci.yml vendored
View File

@ -20,10 +20,10 @@ jobs:
node-version: [20.x, 22.x, 24.x]
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
@ -46,7 +46,7 @@ jobs:
run: npm run typecheck
- name: Upload build artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: build-artifacts-${{ matrix.node-version }}
path: |
@ -65,16 +65,16 @@ jobs:
node-version: [20.x, 22.x, 24.x] # Should match the build job's matrix
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Download build artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: build-artifacts-${{ matrix.node-version }}
path: . # Download to the root, this will include package-lock.json and packages/*/dist
@ -92,7 +92,7 @@ jobs:
- name: Publish Test Report (for non-forks)
if: always() && (github.event.pull_request.head.repo.full_name == github.repository)
uses: dorny/test-reporter@v2
uses: dorny/test-reporter@890a17cecf52a379fc869ab770a71657660be727 # v2
with:
name: Test Results (Node ${{ matrix.node-version }})
path: packages/*/junit.xml
@ -101,13 +101,13 @@ jobs:
- name: Upload Test Results Artifact (for forks)
if: always() && (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository)
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: test-results-fork-${{ matrix.node-version }}
path: packages/*/junit.xml
- name: Upload coverage reports
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
if: always()
with:
name: coverage-reports-${{ matrix.node-version }}
@ -127,10 +127,10 @@ jobs:
node-version: [22.x] # Reduce noise by only posting the comment once
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Download coverage reports artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: coverage-reports-${{ matrix.node-version }}
path: coverage_artifact # Download to a specific directory

2
.github/workflows/community-report.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
steps:
- name: Generate GitHub App Token 🔑
id: generate_token
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}

8
.github/workflows/e2e.yml vendored
View File

@ -16,10 +16,10 @@ jobs:
sandbox: [sandbox:none, sandbox:docker]
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 20.x
cache: 'npm'
@ -32,11 +32,11 @@ jobs:
- name: Set up Docker
if: matrix.sandbox == 'sandbox:docker'
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
- name: Set up Podman
if: matrix.sandbox == 'sandbox:podman'
uses: redhat-actions/podman-login@v1
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}

2
.github/workflows/gemini-automated-issue-triage.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
steps:
- name: Generate GitHub App Token
id: generate_token
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}

2
.github/workflows/gemini-scheduled-issue-triage.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
steps:
- name: Generate GitHub App Token
id: generate_token
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}

4
.github/workflows/gemini-scheduled-pr-triage.yml vendored
View File

@ -19,11 +19,11 @@ jobs:
prs_needing_comment: ${{ steps.run_triage.outputs.prs_needing_comment }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Generate GitHub App Token
id: generate_token
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}

6
.github/workflows/release.yml vendored
View File

@ -48,7 +48,7 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
ref: ${{ github.sha }}
fetch-depth: 0
@ -69,7 +69,7 @@ jobs:
echo "is_dry_run=${is_dry_run}" >> $GITHUB_OUTPUT
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: '20'
cache: 'npm'
@ -130,7 +130,7 @@ jobs:
npm run prepare:package
- name: Configure npm for publishing
uses: actions/setup-node@v4
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: '20'
registry-url: 'https://wombat-dressing-room.appspot.com'