From 4d9784f2466c55e40e0507a04f13affb89c5a019 Mon Sep 17 00:00:00 2001 From: Mahangu Weerasinghe Date: Sun, 7 Jun 2026 16:09:12 +0530 Subject: [PATCH] chore: pin third-party GitHub Actions to commit SHAs Tracking: DEVPROD-1072 --- .github/dependabot.yml | 22 ++++++++++++++++++++++ .github/workflows/ci.yml | 2 +- .github/workflows/plugin-ci.yml | 4 ++-- .github/workflows/plugin-maintain-main.yml | 4 ++-- .github/workflows/plugin-release.yml | 4 ++-- 5 files changed, 29 insertions(+), 7 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..7ddd384 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,22 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 10 + groups: + actions-minor-patch: + patterns: + - "*" + update-types: + - "minor" + - "patch" + actions-major: + patterns: + - "*" + update-types: + - "major" + cooldown: + default-days: 7 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d7f581..5de3528 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@v6 - name: Set up PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: '8.3' coverage: none diff --git a/.github/workflows/plugin-ci.yml b/.github/workflows/plugin-ci.yml index 106fbbe..1982f3b 100644 --- a/.github/workflows/plugin-ci.yml +++ b/.github/workflows/plugin-ci.yml @@ -50,14 +50,14 @@ jobs: persist-credentials: false - name: Set up PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ inputs.php-version }} coverage: none - name: Set up Bun if: ${{ inputs.bun-install }} - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 - name: Install Composer dependencies if: ${{ inputs.composer-install }} diff --git a/.github/workflows/plugin-maintain-main.yml b/.github/workflows/plugin-maintain-main.yml index ce62be9..b2c22f5 100644 --- a/.github/workflows/plugin-maintain-main.yml +++ b/.github/workflows/plugin-maintain-main.yml @@ -72,14 +72,14 @@ jobs: fetch-depth: 0 - name: Set up PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ inputs.php-version }} coverage: none - name: Set up Bun if: ${{ inputs.bun-install }} - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 - name: Set up WP CLI run: | diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index 766cdad..3b9f79d 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -82,14 +82,14 @@ jobs: persist-credentials: false - name: Set up PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ inputs.php-version }} coverage: none - name: Set up Bun if: ${{ inputs.bun-install }} - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 - name: Set up WP CLI if: ${{ inputs.i18n-command != '' }}