gradle/actions
1
0
Fork 0
mirror of https://github.com/gradle/actions.git synced 2025-04-19 01:09:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

[StepSecurity] Pin versions for GitHub Actions

Browse Source 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
This commit is contained in:
StepSecurity Bot 2025-04-09 15:24:35 +00:00
parent bf2c378a9b
commit 03fea1a038
No known key found for this signature in database
GPG Key ID: 567913FD34425A27
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/ci-update-dist.yml vendored
View File

@ -54,7 +54,7 @@ jobs:
cp -r sources/dist .
- name: Import GPG key to sign commits
uses: crazy-max/ghaction-import-gpg@v6
uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
with:
gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}

2
.github/workflows/integ-test-dependency-graph.yml vendored
View File

@ -178,7 +178,7 @@ jobs:
runs-on: "ubuntu-latest"
steps:
- name: Download dependency-graph artifact
uses: actions/download-artifact@v4
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
with:
path: downloaded-dependency-graphs
pattern: dependency-graph_*dependency-graph-generate-submit-and-upload.json

2
.github/workflows/update-checksums-file.yml vendored
View File

@ -38,7 +38,7 @@ jobs:
working-directory: sources
- name: Import GPG key to sign commits
uses: crazy-max/ghaction-import-gpg@v6
uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
with:
gpg_private_key: ${{ secrets.GH_BOT_PGP_PRIVATE_KEY }}
passphrase: ${{ secrets.GH_BOT_PGP_PASSPHRASE }}