From 5a1a8aae104cfd3841c912462d580034d708ffdc Mon Sep 17 00:00:00 2001 From: Anthony Scemama Date: Wed, 16 Nov 2022 22:55:42 +0100 Subject: [PATCH] Fix security issues in CI --- .github/workflows/gh-pages.yml | 4 ++-- .github/workflows/test-build.yml | 18 +++++++++--------- .github/workflows/vfc_test_workflow.yml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 48829e9..3ab97e6 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -14,7 +14,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 - name: install extra repository run: sudo add-apt-repository ppa:kelleyk/emacs @@ -41,7 +41,7 @@ jobs: run: ls -sh ./share/doc/qmckl/html/ - name: Deploy - uses: JamesIves/github-pages-deploy-action@4.1.0 + uses: JamesIves/github-pages-deploy-action@3dbacc7e69578703f91f077118b3475862cb09b8 with: branch: gh-pages folder: ./share/doc/qmckl/html/ diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index 8324410..56ec4f1 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -14,7 +14,7 @@ jobs: name: Standard steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 - name: Install dependencies run: sudo apt-get install emacs autoconf libhdf5-dev @@ -43,7 +43,7 @@ jobs: - name: Archive test log file if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: test-report-ubuntu path: test-suite.log @@ -75,7 +75,7 @@ jobs: name: Debug steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 - name: Install dependencies run: sudo apt-get install emacs autoconf libhdf5-dev @@ -103,7 +103,7 @@ jobs: - name: Archive test log file if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: test-report-ubuntu-debug path: _build_debug/test-suite.log @@ -114,7 +114,7 @@ jobs: name: HPC steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 - name: Install dependencies run: sudo apt-get install emacs autoconf libhdf5-dev @@ -142,7 +142,7 @@ jobs: - name: Archive test log file if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: test-report-ubuntu-debug path: _build_hpc/test-suite.log @@ -153,7 +153,7 @@ jobs: # name: x86 MacOS latest # # steps: -# - uses: actions/checkout@v2 +# - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # - name: install dependencies # run: brew install emacs hdf5 automake pkg-config # @@ -183,7 +183,7 @@ jobs: # # - name: Archive TREXIO test log file # if: failure() -# uses: actions/upload-artifact@v2 +# uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # with: # name: test-report-trexio-macos # path: trexio/test-suite.log @@ -200,7 +200,7 @@ jobs: # # - name: Archive test log file # if: failure() -# uses: actions/upload-artifact@v2 +# uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # with: # name: test-report-macos # path: test-suite.log diff --git a/.github/workflows/vfc_test_workflow.yml b/.github/workflows/vfc_test_workflow.yml index 83d6074..406ca19 100644 --- a/.github/workflows/vfc_test_workflow.yml +++ b/.github/workflows/vfc_test_workflow.yml @@ -24,7 +24,7 @@ jobs: contents: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 with: fetch-depth: 0 @@ -65,7 +65,7 @@ jobs: git push - name: Upload raw results as artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 with: name: ${{github.sha}}.vfcraw path: ./*.vfcraw.h5