From 7facd7a5b409a51283bcedcc0ca431ce6cefc8cf Mon Sep 17 00:00:00 2001 From: caohuilin Date: Wed, 20 May 2026 10:04:36 +0800 Subject: [PATCH 1/2] feat: add renovate pinDigests config --- .github/renovate.json5 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 9ee76e9bf85..ef2db253909 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -11,6 +11,12 @@ }, "ignoreScripts": false, "packageRules": [ + { + "matchDepTypes": [ + "action" + ], + "pinDigests": true + }, // ignore all major update { "matchUpdateTypes": ["lockFileMaintenance", "pin", "digest"], From 8d70defd7cd36acb1332cfb9cfe2e3dd124a4f58 Mon Sep 17 00:00:00 2001 From: caohuilin Date: Wed, 20 May 2026 10:09:53 +0800 Subject: [PATCH 2/2] feat: workflow use hash --- .github/workflows/check-dependencies.yml | 6 +++--- .github/workflows/diff.yml | 2 +- .github/workflows/integration-test-Linux.yml | 8 ++++---- .github/workflows/integration-test-Windows.yml | 6 +++--- .github/workflows/issue-label.yml | 2 +- .github/workflows/lint-Linux.yml | 4 ++-- .github/workflows/test-builder-e2e.yml | 6 +++--- .github/workflows/type-check.yml | 8 ++++---- .github/workflows/ut-Windows.yml | 4 ++-- .github/workflows/ut-macOS.yml | 4 ++-- 10 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/check-dependencies.yml b/.github/workflows/check-dependencies.yml index 72c86310061..ea8baa42622 100644 --- a/.github/workflows/check-dependencies.yml +++ b/.github/workflows/check-dependencies.yml @@ -14,15 +14,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 - name: Install Pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 - name: Setup Node.js 22 - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: 22 cache: 'pnpm' diff --git a/.github/workflows/diff.yml b/.github/workflows/diff.yml index d6573a197d9..6c03dc59864 100644 --- a/.github/workflows/diff.yml +++ b/.github/workflows/diff.yml @@ -43,7 +43,7 @@ jobs: RSDOCTOR=1 pnpm run build - name: Report Compressed Size - uses: web-infra-dev/rsdoctor-action@main + uses: web-infra-dev/rsdoctor-action@8fd3b03827afc9de3acf17810be26bb87b6ca6b5 # main with: github_token: ${{ secrets.GITHUB_TOKEN }} file_path: 'benchmark/bundle-diff/dist/rsdoctor-data.json' diff --git a/.github/workflows/integration-test-Linux.yml b/.github/workflows/integration-test-Linux.yml index 008814b1f93..f0e153003bc 100644 --- a/.github/workflows/integration-test-Linux.yml +++ b/.github/workflows/integration-test-Linux.yml @@ -23,12 +23,12 @@ jobs: run: echo "$RUNNER_CONTEXT" - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 - name: Install Pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 - name: Check skip CI run: echo "RESULT=$(node ./scripts/skipCI.js)" >> "$GITHUB_OUTPUT" @@ -38,14 +38,14 @@ jobs: run: echo "${{steps.skip-ci.outputs.RESULT}}" - name: Setup Node.js 22.x - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: 22.x cache: 'pnpm' - name: Nx Cache id: nx-cache - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: .nx/cache key: nx-${{ github.ref_name }}-${{ github.sha }} diff --git a/.github/workflows/integration-test-Windows.yml b/.github/workflows/integration-test-Windows.yml index b0be0a91461..87b350de9bb 100644 --- a/.github/workflows/integration-test-Windows.yml +++ b/.github/workflows/integration-test-Windows.yml @@ -28,7 +28,7 @@ jobs: git config --system core.longpaths true - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 @@ -44,14 +44,14 @@ jobs: run: echo "${{steps.skip-ci.outputs.RESULT}}" - name: Setup Node.js 22.x - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: 22.x cache: 'pnpm' - name: Nx Cache id: nx-cache - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: .nx/cache key: nx-${{ github.ref_name }}-${{ github.sha }} diff --git a/.github/workflows/issue-label.yml b/.github/workflows/issue-label.yml index cda7eaef00a..7bcc8a52e38 100644 --- a/.github/workflows/issue-label.yml +++ b/.github/workflows/issue-label.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Label issues - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 with: github-token: ${{ secrets.REPO_SCOPED_TOKEN }} script: | diff --git a/.github/workflows/lint-Linux.yml b/.github/workflows/lint-Linux.yml index 061bcb10806..a469bd2db7c 100644 --- a/.github/workflows/lint-Linux.yml +++ b/.github/workflows/lint-Linux.yml @@ -24,7 +24,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: # This makes Actions fetch only one branch to release fetch-depth: 1 @@ -33,7 +33,7 @@ jobs: run: npm i -g --force corepack && corepack enable - name: Setup Node.js 22 - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: "22" cache: 'pnpm' diff --git a/.github/workflows/test-builder-e2e.yml b/.github/workflows/test-builder-e2e.yml index c592730fc51..7d38673572a 100644 --- a/.github/workflows/test-builder-e2e.yml +++ b/.github/workflows/test-builder-e2e.yml @@ -14,13 +14,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 - name: Nx Cache id: nx-cache - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: .nx/cache key: nx-${{ github.ref_name }}-${{ github.sha }} @@ -32,7 +32,7 @@ jobs: run: npm i -g --force corepack && corepack enable - name: Setup Node.js 22 - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: '22' cache: 'pnpm' diff --git a/.github/workflows/type-check.yml b/.github/workflows/type-check.yml index d7f20e99292..23d3a899327 100644 --- a/.github/workflows/type-check.yml +++ b/.github/workflows/type-check.yml @@ -19,15 +19,15 @@ jobs: run: echo "$RUNNER_CONTEXT" - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 - name: Install Pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 - name: Setup Node.js 22 - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: 22 cache: 'pnpm' @@ -42,7 +42,7 @@ jobs: - name: Nx Cache id: nx-cache if: ${{steps.skip-ci.outputs.RESULT != 'true'}} - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: .nx/cache key: nx-${{ github.base_ref }}-${{ github.ref_name }}-${{ github.sha }} diff --git a/.github/workflows/ut-Windows.yml b/.github/workflows/ut-Windows.yml index 243547c7ef0..a83b662ea4c 100644 --- a/.github/workflows/ut-Windows.yml +++ b/.github/workflows/ut-Windows.yml @@ -24,7 +24,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 @@ -40,7 +40,7 @@ jobs: run: echo "${{steps.skip-ci.outputs.RESULT}}" - name: Setup Node.js 22 - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: "22" cache: 'pnpm' diff --git a/.github/workflows/ut-macOS.yml b/.github/workflows/ut-macOS.yml index e9cd1d30646..c0a78cd5354 100644 --- a/.github/workflows/ut-macOS.yml +++ b/.github/workflows/ut-macOS.yml @@ -24,7 +24,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 @@ -39,7 +39,7 @@ jobs: run: echo "${{steps.skip-ci.outputs.RESULT}}" - name: Setup Node.js 22 - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version: "22" cache: 'pnpm'