From db669e4a667afc81f8ef6d712ac49543e663ecee Mon Sep 17 00:00:00 2001
From: Dilum Aluthge <dilum@aluthge.com>
Date: Tue, 2 Jul 2024 03:18:07 -0400
Subject: [PATCH] CI: Pin all GitHub Actions to full-length commit hashes
 (#163)

---
 .github/dependabot.yml             |  2 +-
 .github/workflows/CI.yml           | 22 +++++++++++-----------
 .github/workflows/CompatHelper.yml |  4 ++--
 .github/workflows/Register.yml     |  2 +-
 .github/workflows/TagBot.yml       |  2 +-
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3a36d0c..134d3f5 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,7 +3,7 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "monthly"
     open-pull-requests-limit: 99
     labels:
       - "dependencies"
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 8d7cc32..8c57533 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -64,16 +64,16 @@ jobs:
           - version: "1.7"
             os: windows-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
-      - uses: julia-actions/setup-julia@3645a07f58c7f83b9f82ac8e0bb95583e69149e6
+      - uses: julia-actions/setup-julia@3645a07f58c7f83b9f82ac8e0bb95583e69149e6 # v2.2.0
         with:
           version: ${{ matrix.version }}
-      - uses: julia-actions/cache@580d2b69d895343992af2cbad49c32a0149c2cde
+      - uses: julia-actions/cache@580d2b69d895343992af2cbad49c32a0149c2cde # v2.0.1
 
-      - uses: r-lib/actions/setup-r@929c772977a3a13c8733b363bf5a2f685c25dd91
+      - uses: r-lib/actions/setup-r@929c772977a3a13c8733b363bf5a2f685c25dd91 # v2.9.0
         with:
           use-public-rspm: true
           r-version: "4.3"
@@ -81,16 +81,16 @@ jobs:
         if: matrix.os == 'ubuntu-latest'
 
       # TODO: use quarto_jll for integration tests once modern enough versions are available
-      - uses: quarto-dev/quarto-actions/setup@v2
+      - uses: quarto-dev/quarto-actions/setup@c1b50d36cf3c22b3dc7e530bd1b36634e824e545 # v2.1.4
         with:
           version: pre-release
 
-      - uses: julia-actions/julia-buildpkg@90dd6f23eb49626e4e6612cb9d64d456f86e6a1c
-      - uses: julia-actions/julia-runtest@79a7e100883947123f8263c5f06e6c0ea3eb972f
+      - uses: julia-actions/julia-buildpkg@90dd6f23eb49626e4e6612cb9d64d456f86e6a1c # v1.6.0
+      - uses: julia-actions/julia-runtest@79a7e100883947123f8263c5f06e6c0ea3eb972f # v1.9.3
         with:
           depwarn: "yes"
-      - uses: julia-actions/julia-processcoverage@03114f09f119417c3242a9fb6e0b722676aedf38
-      - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673
+      - uses: julia-actions/julia-processcoverage@03114f09f119417c3242a9fb6e0b722676aedf38 # v1.2.2
+      - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
         with:
           verbose: true
           files: lcov.info
@@ -102,10 +102,10 @@ jobs:
     timeout-minutes: 20
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
-      - uses: julia-actions/setup-julia@3645a07f58c7f83b9f82ac8e0bb95583e69149e6
+      - uses: julia-actions/setup-julia@3645a07f58c7f83b9f82ac8e0bb95583e69149e6 # v2.2.0
         with:
           version: "1"
       - run: |
diff --git a/.github/workflows/CompatHelper.yml b/.github/workflows/CompatHelper.yml
index a6eb334..fb1ae8b 100644
--- a/.github/workflows/CompatHelper.yml
+++ b/.github/workflows/CompatHelper.yml
@@ -10,7 +10,7 @@ jobs:
   CompatHelper:
     runs-on: ubuntu-latest
     steps:
-      - uses: julia-actions/setup-julia@3645a07f58c7f83b9f82ac8e0bb95583e69149e6
+      - uses: julia-actions/setup-julia@3645a07f58c7f83b9f82ac8e0bb95583e69149e6 # v2.2.0
         with:
           version: '1'
       - name: "Install CompatHelper"
@@ -30,4 +30,4 @@ jobs:
           )
         shell: julia --color=yes {0}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/Register.yml b/.github/workflows/Register.yml
index cf256fd..d855c17 100644
--- a/.github/workflows/Register.yml
+++ b/.github/workflows/Register.yml
@@ -11,6 +11,6 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: julia-actions/RegisterAction@d391a7f14ee6db8ad3f8cd26f6da1a6c6fd5b7fb
+      - uses: julia-actions/RegisterAction@d391a7f14ee6db8ad3f8cd26f6da1a6c6fd5b7fb # v0.3.2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/TagBot.yml b/.github/workflows/TagBot.yml
index c6c7688..0eeeec8 100644
--- a/.github/workflows/TagBot.yml
+++ b/.github/workflows/TagBot.yml
@@ -25,6 +25,6 @@ jobs:
     if: github.event_name == 'workflow_dispatch' || github.actor == 'JuliaTagBot'
     runs-on: ubuntu-latest
     steps:
-      - uses: JuliaRegistries/TagBot@aa5545ecce2ae3b2cd7d3a8a0a286ec6bf25838f
+      - uses: JuliaRegistries/TagBot@aa5545ecce2ae3b2cd7d3a8a0a286ec6bf25838f # v1.18.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}