From dc3262dda80e97f1c7865b3b122e99240e30b738 Mon Sep 17 00:00:00 2001 From: priya-kinthali <147703874+priya-kinthali@users.noreply.github.com> Date: Mon, 22 Jun 2026 22:29:12 +0530 Subject: [PATCH] pin actions to commit SHAs in workflows (#744) * fix basic validation with npm command * Revert "fix basic validation with npm command" This reverts commit 27a0803a2ab96426d0c31f6d2d725ea6fbc20c2f. * pin workflow actions to full commit SHAs with patch * update cooldown * update redundant global.json test and rollForward fields * update cooldown for npm section --- .github/dependabot.yml | 4 + .github/workflows/e2e-tests.yml | 84 ++++++------------- .../workflows/publish-immutable-actions.yml | 4 +- .../workflows/release-new-action-version.yml | 2 +- .github/workflows/test-dotnet.yml | 2 +- 5 files changed, 34 insertions(+), 62 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 853bc0a..a6d80f0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,6 +12,8 @@ updates: # Check the npm registry for updates every day (weekdays) schedule: interval: 'weekly' + cooldown: + default-days: 7 # Enable version updates for GitHub Actions - package-ecosystem: 'github-actions' @@ -20,3 +22,5 @@ updates: directory: '/' schedule: interval: 'weekly' + cooldown: + default-days: 7 diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index cd70472..889c210 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -27,7 +27,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -57,7 +57,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -92,7 +92,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -123,7 +123,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -149,7 +149,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -180,7 +180,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -208,7 +208,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -239,7 +239,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -247,7 +247,7 @@ jobs: shell: bash run: | mkdir subdirectory - echo '{"sdk":{"version": "9.0.308","rollForward": "latestFeature"}}' > ./subdirectory/global.json + echo '{"sdk":{"version": "9.0.308"}}' > ./subdirectory/global.json - name: Setup dotnet uses: ./ with: @@ -265,7 +265,7 @@ jobs: operating-system: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -290,7 +290,7 @@ jobs: operating-system: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -315,7 +315,7 @@ jobs: operating-system: [ubuntu-latest, windows-latest, macos-latest] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -332,38 +332,6 @@ jobs: shell: pwsh run: __tests__/verify-dotnet.ps1 -Patterns "^10.0.1(?!00)" - test-setup-global-json-only: - runs-on: ${{ matrix.operating-system }} - strategy: - fail-fast: false - matrix: - operating-system: - [ - ubuntu-22.04, - ubuntu-latest, - windows-latest, - macos-latest, - macos-15-intel - ] - steps: - - name: Checkout - uses: actions/checkout@v6 - - name: Clear toolcache - shell: pwsh - run: __tests__/clear-toolcache.ps1 ${{ runner.os }} - - name: Write global.json - shell: bash - run: | - mkdir subdirectory - echo '{"sdk":{"version": "10.0.101","rollForward": "latestFeature"}}' > ./subdirectory/global.json - - name: Setup dotnet - uses: ./ - with: - global-json-file: ./subdirectory/global.json - - name: Verify dotnet - shell: pwsh - run: __tests__/verify-dotnet.ps1 -Patterns "^10.0" - test-global-json-with-comments: runs-on: ${{ matrix.operating-system }} strategy: @@ -379,7 +347,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -387,7 +355,7 @@ jobs: shell: bash run: | mkdir subdirectory - echo '/* should support comments */ {"sdk":{"version": "10.0.101","rollForward": "latestFeature"}} // should support comments' > ./subdirectory/global.json + echo '/* should support comments */ {"sdk":{"version": "10.0.101"}} // should support comments' > ./subdirectory/global.json - name: Setup dotnet uses: ./ with: @@ -411,7 +379,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -442,7 +410,7 @@ jobs: NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -480,7 +448,7 @@ jobs: NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -514,7 +482,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -547,7 +515,7 @@ jobs: ] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -587,7 +555,7 @@ jobs: http_proxy: http://squid-proxy:3128 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -610,7 +578,7 @@ jobs: no_proxy: github.com,download.visualstudio.microsoft.com,api.nuget.org,builds.dotnet.microsoft.com,ci.dot.net steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -642,7 +610,7 @@ jobs: higher-version: ['10.0.101'] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -671,7 +639,7 @@ jobs: [ubuntu-latest, windows-latest, macos-15-intel, macos-latest] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -710,7 +678,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh @@ -738,7 +706,7 @@ jobs: operating-system: [ubuntu-latest] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} @@ -758,7 +726,7 @@ jobs: operating-system: [macos-latest] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }} diff --git a/.github/workflows/publish-immutable-actions.yml b/.github/workflows/publish-immutable-actions.yml index 7f49c64..be5cb08 100644 --- a/.github/workflows/publish-immutable-actions.yml +++ b/.github/workflows/publish-immutable-actions.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checking out - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Publish id: publish - uses: actions/publish-immutable-action@v0.0.4 + uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 diff --git a/.github/workflows/release-new-action-version.yml b/.github/workflows/release-new-action-version.yml index 25192b6..9cf96ca 100644 --- a/.github/workflows/release-new-action-version.yml +++ b/.github/workflows/release-new-action-version.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Update the ${{ env.TAG_NAME }} tag id: update-major-tag - uses: actions/publish-action@v0.4.0 + uses: actions/publish-action@23f4c6f12633a2da8f44938b71fde9afec138fb4 # v0.4.0 with: source-tag: ${{ env.TAG_NAME }} slack-webhook: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/test-dotnet.yml b/.github/workflows/test-dotnet.yml index 96985dc..fe5f955 100644 --- a/.github/workflows/test-dotnet.yml +++ b/.github/workflows/test-dotnet.yml @@ -28,7 +28,7 @@ jobs: dotnet-version: ['8.0', '9.0', '10.0'] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Clear toolcache shell: pwsh run: __tests__/clear-toolcache.ps1 ${{ runner.os }}