diff --git a/.github/workflows/claude-bot.yml b/.github/workflows/claude-bot.yml index 94ba377c..e0110e35 100644 --- a/.github/workflows/claude-bot.yml +++ b/.github/workflows/claude-bot.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check if actor is an org member id: check - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const org = 'seqeralabs'; @@ -58,12 +58,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 # TODO: why not v6? + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # TODO: why not v6? with: fetch-depth: 1 - name: Run Claude Code Action - uses: anthropics/claude-code-action@v1 + uses: anthropics/claude-code-action@dde2242db6af13460b916652159b6ba19a598f30 # v1 timeout-minutes: 60 with: anthropic_api_key: ${{ secrets.ENG_ANTHROPIC_API_KEY }} diff --git a/.github/workflows/security-bot.yml b/.github/workflows/security-bot.yml index 7893bc62..8aeb834a 100644 --- a/.github/workflows/security-bot.yml +++ b/.github/workflows/security-bot.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Check if actor is an org member id: check - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const org = 'seqeralabs'; @@ -44,13 +44,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 # TODO: why not v6? + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # TODO: why not v6? with: ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: 2 - name: Run Claude Code Security Action - uses: anthropics/claude-code-security-review@main + uses: anthropics/claude-code-security-review@0c6a49f1fa56a1d472575da86a94dbc1edb78eda # main timeout-minutes: 60 with: comment-pr: true