Skip to content

Commit 0ea85da

Browse files
gabibguti
authored and
mgol
committed
Build: Reference GitHub Actions by commit SHAs
The SHAs are verified to come from the original repositories and not forks. For reference: https://github.com/actions/checkout/releases/tag/v3.5.2 actions/checkout@8e5e7e5 https://github.com/actions/cache/releases/tag/v3.3.1 actions/cache@88522ab https://github.com/actions/setup-node/releases/tag/v3.6.0 actions/setup-node@64ed1c7 Fixes gh-5266 Closes gh-5269 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com> (cherry picked from commit 784b9ba)
1 parent b84146c commit 0ea85da

File tree

Image for: File tree

1 file changed

Image for: 1 file changed
+3
-3
lines changed

1 file changed

Image for: 1 file changed
+3
-3
lines changed

‎.github/workflows/node.js.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,18 +42,18 @@ jobs:
4242
BROWSERS: "FirefoxHeadless"
4343
steps:
4444
- name: Checkout
45-
uses: actions/checkout@v3
45+
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
4646

4747
- name: Cache
48-
uses: actions/cache@v3
48+
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
4949
with:
5050
path: ~/.npm
5151
key: ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-npm-lock-${{ hashFiles('**/package-lock.json') }}
5252
restore-keys: |
5353
${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-npm-lock-
5454
5555
- name: Use Node.js ${{ matrix.NODE_VERSION }}
56-
uses: actions/setup-node@v3.6.0
56+
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
5757
with:
5858
node-version: ${{ matrix.NODE_VERSION }}
5959

0 commit comments

Image for: 0 commit comments
Comments
 (0)