diff --git a/.github/actions/ci/action.yml b/.github/actions/ci/action.yml index cd20915..dd2ed98 100644 --- a/.github/actions/ci/action.yml +++ b/.github/actions/ci/action.yml @@ -20,7 +20,7 @@ outputs: runs: using: composite steps: - - uses: haskell-actions/setup@v2 + - uses: haskell-actions/setup@f9150cb1d140e9a9271700670baa38991e6fa25c # v2 with: ghc-version: ${{ inputs.ghc-version }} enable-stack: true diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml index a1be2ec..732308a 100644 --- a/.github/actions/publish/action.yml +++ b/.github/actions/publish/action.yml @@ -19,7 +19,7 @@ runs: shell: bash run: echo "STACK_DIR=$(stack --no-terminal path --dist-dir --resolver=${{ inputs.resolver }})" >> $GITHUB_ENV - - uses: haskell-actions/hackage-publish@v1 + - uses: haskell-actions/hackage-publish@0fa2122fae62cebe8ba3b0fe9b036cc736337230 # v1 with: hackageToken: ${{ inputs.token }} packagesPath: ${{ env.STACK_DIR }} diff --git a/.github/actions/update-cabal/action.yml b/.github/actions/update-cabal/action.yml index 34e96ed..4793056 100644 --- a/.github/actions/update-cabal/action.yml +++ b/.github/actions/update-cabal/action.yml @@ -12,7 +12,7 @@ inputs: runs: using: composite steps: - - uses: haskell-actions/setup@v2 + - uses: haskell-actions/setup@f9150cb1d140e9a9271700670baa38991e6fa25c # v2 with: ghc-version: ${{ inputs.ghc-version }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 27d919f..73cef2b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,21 +91,21 @@ jobs: with: ghc-version: '9.4.7' - - uses: haskell-actions/setup@v2 + - uses: haskell-actions/setup@f9150cb1d140e9a9271700670baa38991e6fa25c # v2 with: ghc-version: '9.4.7' - name: 'Set up HLint' - uses: haskell-actions/hlint-setup@v2 + uses: haskell-actions/hlint-setup@fe9cd1cd1af94a23900c06738e73f6ddb092966a # v2 with: version: 3.5 - name: 'Run HLint' - uses: haskell-actions/hlint-run@v2 + uses: haskell-actions/hlint-run@eaca4cfbf4a69f4eb875df38b6bc3e1657020378 # v2 with: fail-on: warning - - uses: haskell-actions/run-fourmolu@v10 + - uses: haskell-actions/run-fourmolu@5a9f41fa092841e52e6c57dde5600e586fa766a4 # v10 with: version: "0.10.1.0" pattern: | diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index 353804f..d0340da 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -49,7 +49,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0 with: base64-subjects: "${{ needs.build-publish.outputs.package-hashes }}" upload-assets: ${{ !inputs.dry_run }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 2b95b66..7756729 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -19,7 +19,7 @@ jobs: package-hashes: ${{ steps.ci.outputs.package-hashes }} steps: - - uses: googleapis/release-please-action@v4 + - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4 id: release - uses: actions/checkout@v4 @@ -80,7 +80,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@5a775b367a56d5bd118a224a811bba288150a563 # v2.0.0 with: base64-subjects: "${{ needs.release-package.outputs.package-hashes }}" upload-assets: true