diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index 5e28332c2a2..d02487a2bab 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -24,7 +24,7 @@ jobs: ) steps: - name: Backport - uses: zephyrproject-rtos/action-backport@v2.0.3-3 + uses: zephyrproject-rtos/action-backport@7e74f601d11eaca577742445e87775b5651a965f # v2.0.3-3 with: github_token: ${{ secrets.ZB_GITHUB_TOKEN }} issue_labels: Backport diff --git a/.github/workflows/bsim-tests-publish.yaml b/.github/workflows/bsim-tests-publish.yaml index 5a4fbc0b39f..b9c5fc60f31 100644 --- a/.github/workflows/bsim-tests-publish.yaml +++ b/.github/workflows/bsim-tests-publish.yaml @@ -13,12 +13,12 @@ jobs: steps: - name: Download artifacts - uses: dawidd6/action-download-artifact@v8 + uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 with: run_id: ${{ github.event.workflow_run.id }} - name: Publish BabbleSim Test Results - uses: EnricoMi/publish-unit-test-result-action@v2 + uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 with: check_name: BabbleSim Test Results comment_mode: off diff --git a/.github/workflows/bsim-tests.yaml b/.github/workflows/bsim-tests.yaml index 66d47c68a1c..6bcb36c4c2c 100644 --- a/.github/workflows/bsim-tests.yaml +++ b/.github/workflows/bsim-tests.yaml @@ -91,7 +91,7 @@ jobs: echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV - name: Check common triggering files - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1 id: check-common-files with: files: | @@ -110,7 +110,7 @@ jobs: modules/hal_nordic/** - name: Check if Bluethooth files changed - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1 id: check-bluetooth-files with: files: | @@ -119,7 +119,7 @@ jobs: subsys/bluetooth/ - name: Check if Networking files changed - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1 id: check-networking-files with: files: | @@ -132,7 +132,7 @@ jobs: include/zephyr/net/ieee802154* - name: Check if UART files changed - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1 id: check-uart-files with: files: | @@ -186,7 +186,7 @@ jobs: junit.html - name: Publish Unit Test Results - uses: EnricoMi/publish-unit-test-result-action@v2 + uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 with: check_name: Bsim Test Results files: "junit.xml" diff --git a/.github/workflows/bug_snapshot.yaml b/.github/workflows/bug_snapshot.yaml index f10dc718b6e..670965a1e39 100644 --- a/.github/workflows/bug_snapshot.yaml +++ b/.github/workflows/bug_snapshot.yaml @@ -41,7 +41,7 @@ jobs: echo "BUGS_PICKLE_PATH=${BUGS_PICKLE_PATH}" >> ${GITHUB_ENV} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ vars.AWS_BUILDS_ZEPHYR_BUG_SNAPSHOT_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_BUILDS_ZEPHYR_BUG_SNAPSHOT_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/codecov.yaml b/.github/workflows/codecov.yaml index 5707610ae87..d798bdca74c 100644 --- a/.github/workflows/codecov.yaml +++ b/.github/workflows/codecov.yaml @@ -220,7 +220,7 @@ jobs: - name: Upload coverage to Codecov if: always() - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 with: env_vars: OS,PYTHON fail_ci_if_error: false diff --git a/.github/workflows/daily_test_version.yml b/.github/workflows/daily_test_version.yml index 3a43ac64300..111a4d630a7 100644 --- a/.github/workflows/daily_test_version.yml +++ b/.github/workflows/daily_test_version.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ vars.AWS_TESTING_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/doc-build.yml b/.github/workflows/doc-build.yml index cb7ed10de38..a73c913dffa 100644 --- a/.github/workflows/doc-build.yml +++ b/.github/workflows/doc-build.yml @@ -65,7 +65,7 @@ jobs: git log --graph --oneline HEAD...${PR_HEAD} - name: Setup Zephyr project - uses: zephyrproject-rtos/action-zephyr-setup@v1 + uses: zephyrproject-rtos/action-zephyr-setup@f7b70269a8eb01f70c8e710891e4c94972a2f6b4 # v1.0.6 with: app-path: zephyr toolchains: 'all' diff --git a/.github/workflows/doc-publish-pr.yml b/.github/workflows/doc-publish-pr.yml index d75bcad7856..d50eb677941 100644 --- a/.github/workflows/doc-publish-pr.yml +++ b/.github/workflows/doc-publish-pr.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Download artifacts id: download-artifacts - uses: dawidd6/action-download-artifact@v8 + uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 with: workflow: doc-build.yml run_id: ${{ github.event.workflow_run.id }} @@ -40,7 +40,7 @@ jobs: - name: Check PR number if: steps.download-artifacts.outputs.found_artifact == 'true' id: check-pr - uses: carpentries/actions/check-valid-pr@v0.14.0 + uses: carpentries/actions/check-valid-pr@e27aa6c531dadd357d2aa4c9a21e90849e23e963 # v0.14.0 with: pr: ${{ env.PR_NUM }} sha: ${{ github.event.workflow_run.head_sha }} @@ -63,7 +63,7 @@ jobs: - name: Configure AWS Credentials if: steps.download-artifacts.outputs.found_artifact == 'true' - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ vars.AWS_BUILDS_ZEPHYR_PR_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_BUILDS_ZEPHYR_PR_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/doc-publish.yml b/.github/workflows/doc-publish.yml index 89349ed6697..21c18ad5d64 100644 --- a/.github/workflows/doc-publish.yml +++ b/.github/workflows/doc-publish.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Download artifacts - uses: dawidd6/action-download-artifact@v8 + uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 with: workflow: doc-build.yml run_id: ${{ github.event.workflow_run.id }} @@ -37,7 +37,7 @@ jobs: fi - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ vars.AWS_DOCS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_DOCS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/footprint-tracking.yml b/.github/workflows/footprint-tracking.yml index 78f761cb545..c90c679f663 100644 --- a/.github/workflows/footprint-tracking.yml +++ b/.github/workflows/footprint-tracking.yml @@ -77,7 +77,7 @@ jobs: west update 2>&1 1> west.update.log || west update 2>&1 1> west.update2.log - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ vars.AWS_TESTING_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/greet_first_time_contributor.yml b/.github/workflows/greet_first_time_contributor.yml index 5f62c03d6de..08c0702b70e 100644 --- a/.github/workflows/greet_first_time_contributor.yml +++ b/.github/workflows/greet_first_time_contributor.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: zephyrproject-rtos/action-first-interaction@v1.1.1-zephyr-5 + - uses: zephyrproject-rtos/action-first-interaction@7e6446f8439d8b4399169880c36a3a12b5747699 # v1.1.1-zephyr-5 with: repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/hello_world_multiplatform.yaml b/.github/workflows/hello_world_multiplatform.yaml index f267688b1f0..5887211acaa 100644 --- a/.github/workflows/hello_world_multiplatform.yaml +++ b/.github/workflows/hello_world_multiplatform.yaml @@ -56,7 +56,7 @@ jobs: python-version: 3.11 - name: Setup Zephyr project - uses: zephyrproject-rtos/action-zephyr-setup@v1 + uses: zephyrproject-rtos/action-zephyr-setup@f7b70269a8eb01f70c8e710891e4c94972a2f6b4 # v1.0.6 with: app-path: zephyr toolchains: all diff --git a/.github/workflows/issue_count.yml b/.github/workflows/issue_count.yml index 7d6ed6dfc3e..47adf45b62a 100644 --- a/.github/workflows/issue_count.yml +++ b/.github/workflows/issue_count.yml @@ -27,7 +27,7 @@ jobs: sudo apt-get update sudo apt-get install discount - - uses: brcrista/summarize-issues@v4 + - uses: brcrista/summarize-issues@54c549b7d38b7db39e5c6e06fd9617e12e5c3491 # v4 with: title: 'Issues Report for ${{ github.repository }}' configPath: 'issues-report-config.json' @@ -42,7 +42,7 @@ jobs: path: ${{ env.OUTPUT_FILE_NAME }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ vars.AWS_TESTING_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_TESTING_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/license_check.yml b/.github/workflows/license_check.yml index 7d2d083faae..e77b2581b1a 100644 --- a/.github/workflows/license_check.yml +++ b/.github/workflows/license_check.yml @@ -13,7 +13,7 @@ jobs: fetch-depth: 0 - name: Scan the code id: scancode - uses: zephyrproject-rtos/action_scancode@v4 + uses: zephyrproject-rtos/action_scancode@23ef91ce31cd4b954366a7b71eea47520da9b380 # v4 with: directory-to-scan: 'scan/' - name: Artifact Upload diff --git a/.github/workflows/manifest.yml b/.github/workflows/manifest.yml index 8cfd17695af..50d98a3d8bf 100644 --- a/.github/workflows/manifest.yml +++ b/.github/workflows/manifest.yml @@ -26,7 +26,7 @@ jobs: west init -l . || true - name: Manifest - uses: zephyrproject-rtos/action-manifest@v1.7.0 + uses: zephyrproject-rtos/action-manifest@cb8f6fba6f20b5f8649bd573e80a7583a239894c # v1.7.0 with: github-token: ${{ secrets.ZB_GITHUB_TOKEN }} manifest-path: 'west.yml' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c7e71324c1d..af36dfa71b1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: echo "TRIMMED_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT - name: REUSE Compliance Check - uses: fsfe/reuse-action@v5 + uses: fsfe/reuse-action@bb774aa972c2a89ff34781233d275075cbddf542 # v5.0.0 with: args: spdx -o zephyr-${{ steps.get_version.outputs.VERSION }}.spdx diff --git a/.github/workflows/stale-workflow-queue-cleanup.yml b/.github/workflows/stale-workflow-queue-cleanup.yml index ec1a4cc716f..ba1e06fe6b2 100644 --- a/.github/workflows/stale-workflow-queue-cleanup.yml +++ b/.github/workflows/stale-workflow-queue-cleanup.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Delete stale queued workflow runs - uses: MajorScruffy/delete-old-workflow-runs@v0.3.0 + uses: MajorScruffy/delete-old-workflow-runs@78b5af714fefaefdf74862181c467b061782719e # v0.3.0 with: repository: ${{ github.repository }} # Remove any workflow runs in "queued" state for more than 1 day diff --git a/.github/workflows/twister-publish.yaml b/.github/workflows/twister-publish.yaml index 77078f8fdbc..2cd2e75c22a 100644 --- a/.github/workflows/twister-publish.yaml +++ b/.github/workflows/twister-publish.yaml @@ -27,7 +27,7 @@ jobs: - name: Download Artifacts id: download-artifacts - uses: dawidd6/action-download-artifact@v8 + uses: dawidd6/action-download-artifact@20319c5641d495c8a52e688b7dc5fada6c3a9fbc # v8 with: path: artifacts workflow: twister.yml diff --git a/.github/workflows/twister.yaml b/.github/workflows/twister.yaml index 8a605cc6ce6..4c523d7dfc8 100644 --- a/.github/workflows/twister.yaml +++ b/.github/workflows/twister.yaml @@ -247,7 +247,7 @@ jobs: junit.xml - name: Publish Unit Test Results - uses: EnricoMi/publish-unit-test-result-action@v2 + uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 with: check_name: Unit Test Results files: "**/twister.xml"