diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index cfe189d7fd80..3a93eb4fd624 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -20,7 +20,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs diff --git a/.github/workflows/basic-eval.yml b/.github/workflows/basic-eval.yml index 57dd0a90752f..9008ca208e17 100644 --- a/.github/workflows/basic-eval.yml +++ b/.github/workflows/basic-eval.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 - uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14 with: diff --git a/.github/workflows/check-by-name.yml b/.github/workflows/check-by-name.yml index 00a8cb5e878f..bf6acf3701da 100644 --- a/.github/workflows/check-by-name.yml +++ b/.github/workflows/check-by-name.yml @@ -87,7 +87,7 @@ jobs: exit 1 fi echo "mergedSha=$mergedSha" >> "$GITHUB_ENV" - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # pull_request_target checks out the base branch by default ref: ${{ env.mergedSha }} diff --git a/.github/workflows/check-maintainers-sorted.yaml b/.github/workflows/check-maintainers-sorted.yaml index e42a7bfbfa4b..eb7d22ea66bb 100644 --- a/.github/workflows/check-maintainers-sorted.yaml +++ b/.github/workflows/check-maintainers-sorted.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/editorconfig.yml b/.github/workflows/editorconfig.yml index 5c7f1ea52eae..168e5bccaea4 100644 --- a/.github/workflows/editorconfig.yml +++ b/.github/workflows/editorconfig.yml @@ -24,7 +24,7 @@ jobs: - name: print list of changed files run: | cat "$HOME/changed_files" - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixos.yml b/.github/workflows/manual-nixos.yml index d3079a03450a..545f0c95c47b 100644 --- a/.github/workflows/manual-nixos.yml +++ b/.github/workflows/manual-nixos.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/manual-nixpkgs.yml b/.github/workflows/manual-nixpkgs.yml index ac19743cdd60..9d675c385feb 100644 --- a/.github/workflows/manual-nixpkgs.yml +++ b/.github/workflows/manual-nixpkgs.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest if: github.repository_owner == 'NixOS' steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/nix-parse.yml b/.github/workflows/nix-parse.yml index 35363cd8cee3..da2e942414e2 100644 --- a/.github/workflows/nix-parse.yml +++ b/.github/workflows/nix-parse.yml @@ -24,7 +24,7 @@ jobs: if [[ -s "$HOME/changed_files" ]]; then echo "CHANGED_FILES=$HOME/changed_files" > "$GITHUB_ENV" fi - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: # pull_request_target checks out the base branch by default ref: refs/pull/${{ github.event.pull_request.number }}/merge diff --git a/.github/workflows/periodic-merge-24h.yml b/.github/workflows/periodic-merge-24h.yml index bd7aadfbade1..6adada59c5a5 100644 --- a/.github/workflows/periodic-merge-24h.yml +++ b/.github/workflows/periodic-merge-24h.yml @@ -41,7 +41,7 @@ jobs: into: staging-23.11 name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 diff --git a/.github/workflows/periodic-merge-6h.yml b/.github/workflows/periodic-merge-6h.yml index 61a489ad7156..6f188ee28d17 100644 --- a/.github/workflows/periodic-merge-6h.yml +++ b/.github/workflows/periodic-merge-6h.yml @@ -39,7 +39,7 @@ jobs: into: staging name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }} uses: devmasx/merge-branch@854d3ac71ed1e9deb668e0074781b81fdd6e771f # 1.4.0 diff --git a/.github/workflows/update-terraform-providers.yml b/.github/workflows/update-terraform-providers.yml index ee63cbc374c5..9b7ec5cc59b0 100644 --- a/.github/workflows/update-terraform-providers.yml +++ b/.github/workflows/update-terraform-providers.yml @@ -16,7 +16,7 @@ jobs: if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 with: nix_path: nixpkgs=channel:nixpkgs-unstable