diff --git a/.github/workflows/coding-standards.yml b/.github/workflows/coding-standards.yml
index 3c4d9c0cb7..8109118f9b 100644
--- a/.github/workflows/coding-standards.yml
+++ b/.github/workflows/coding-standards.yml
@@ -55,10 +55,10 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up PHP
- uses: shivammathur/setup-php@v2
+ uses: shivammathur/setup-php@afefcaf556d98dc7896cca380e181decb609ca44 # v2.10.0
with:
php-version: '7.4'
coverage: none
@@ -70,7 +70,7 @@ jobs:
composer --version
- name: Install Composer dependencies
- uses: ramsey/composer-install@v1
+ uses: ramsey/composer-install@92a7904348d4ad30236f3611e33b7f0c6f9edd70 # v1.1.0
with:
composer-options: "--no-progress --no-ansi --no-interaction"
@@ -108,7 +108,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Log debug information
run: |
@@ -118,12 +118,12 @@ jobs:
svn --version
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Cache NodeJS modules
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
env:
cache-name: cache-node-modules
with:
diff --git a/.github/workflows/end-to-end-tests.yml b/.github/workflows/end-to-end-tests.yml
index f8c5c4bb10..fb3f281c5e 100644
--- a/.github/workflows/end-to-end-tests.yml
+++ b/.github/workflows/end-to-end-tests.yml
@@ -48,7 +48,7 @@ jobs:
steps:
- name: Cancel previous runs of this workflow (pull requests only)
if: ${{ github.event_name == 'pull_request' }}
- uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d
+ uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d # v0.8.0
- name: Configure environment variables
run: |
@@ -56,7 +56,7 @@ jobs:
echo "PHP_FPM_GID=$(id -g)" >> $GITHUB_ENV
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Log debug information
run: |
@@ -70,12 +70,12 @@ jobs:
locale -a
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Cache NodeJS modules
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
env:
cache-name: cache-node-modules
with:
diff --git a/.github/workflows/javascript-tests.yml b/.github/workflows/javascript-tests.yml
index 315d6c4885..a2d4758a36 100644
--- a/.github/workflows/javascript-tests.yml
+++ b/.github/workflows/javascript-tests.yml
@@ -52,10 +52,10 @@ jobs:
steps:
- name: Cancel previous runs of this workflow (pull requests only)
if: ${{ github.event_name == 'pull_request' }}
- uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d
+ uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d # v0.8.0
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Log debug information
run: |
@@ -65,12 +65,12 @@ jobs:
svn --version
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Cache NodeJS modules
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
env:
cache-name: cache-node-modules
with:
diff --git a/.github/workflows/php-compatibility.yml b/.github/workflows/php-compatibility.yml
index 5656b8c5fa..0ca0761297 100644
--- a/.github/workflows/php-compatibility.yml
+++ b/.github/workflows/php-compatibility.yml
@@ -49,10 +49,10 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Set up PHP
- uses: shivammathur/setup-php@v2
+ uses: shivammathur/setup-php@afefcaf556d98dc7896cca380e181decb609ca44 # v2.10.0
with:
php-version: '7.4'
coverage: none
@@ -64,7 +64,7 @@ jobs:
composer --version
- name: Install Composer dependencies
- uses: ramsey/composer-install@v1
+ uses: ramsey/composer-install@92a7904348d4ad30236f3611e33b7f0c6f9edd70 # v1.1.0
with:
composer-options: "--no-progress --no-ansi --no-interaction"
diff --git a/.github/workflows/phpunit-tests.yml b/.github/workflows/phpunit-tests.yml
index dc6989bc2f..56b5835ece 100644
--- a/.github/workflows/phpunit-tests.yml
+++ b/.github/workflows/phpunit-tests.yml
@@ -41,7 +41,7 @@ jobs:
steps:
- name: Cancel previous runs of this workflow (pull requests only)
if: ${{ github.event_name == 'pull_request' }}
- uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d
+ uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d # v0.8.0
# Runs the PHPUnit tests for WordPress.
#
@@ -116,15 +116,15 @@ jobs:
echo "PHP_FPM_GID=$(id -g)" >> $GITHUB_ENV
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Use cached Node modules
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
env:
cache-name: cache-node-modules
with:
@@ -142,7 +142,7 @@ jobs:
- name: Cache Composer dependencies
if: ${{ env.COMPOSER_INSTALL == true || env.LOCAL_PHP == '8.0-fpm' }}
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
env:
cache-name: cache-composer-dependencies
with:
@@ -237,7 +237,7 @@ jobs:
- name: Checkout the WordPress Test Reporter
if: ${{ github.repository == 'WordPress/wordpress-develop' && github.ref == 'refs/heads/master' && matrix.report }}
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
with:
repository: 'WordPress/phpunit-test-runner'
path: 'test-runner'
diff --git a/.github/workflows/test-coverage.yml b/.github/workflows/test-coverage.yml
index 839b59269e..0ecfc8e784 100644
--- a/.github/workflows/test-coverage.yml
+++ b/.github/workflows/test-coverage.yml
@@ -48,7 +48,7 @@ jobs:
echo "PHP_FPM_GID=$(id -g)" >> $GITHUB_ENV
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Checkout the WordPress Importer plugin
run: svn checkout -r 2387243 https://plugins.svn.wordpress.org/wordpress-importer/trunk/ tests/phpunit/data/plugins/wordpress-importer
@@ -67,12 +67,12 @@ jobs:
locale -a
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Cache NodeJS modules
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
env:
cache-name: cache-node-modules
with:
@@ -118,7 +118,7 @@ jobs:
run: npm run test:${{ env.PHPUNIT_SCRIPT }} -- --verbose -c phpunit.xml.dist --coverage-clover wp-code-coverage-single-clover-${{ github.sha }}.xml
- name: Upload single site report to Codecov
- uses: codecov/codecov-action@v1
+ uses: codecov/codecov-action@e156083f13aff6830c92fc5faa23505779fbf649 # v1.2.1
with:
file: wp-code-coverage-single-clover-${{ github.sha }}.xml
flags: single,php
@@ -127,7 +127,7 @@ jobs:
run: npm run test:${{ env.PHPUNIT_SCRIPT }} -- --verbose -c tests/phpunit/multisite.xml --coverage-clover wp-code-coverage-multisite-clover-${{ github.sha }}.xml
- name: Upload multisite report to Codecov
- uses: codecov/codecov-action@v1
+ uses: codecov/codecov-action@e156083f13aff6830c92fc5faa23505779fbf649 # v1.2.1
with:
file: wp-code-coverage-multisite-clover-${{ github.sha }}.xml
flags: multisite,php
diff --git a/.github/workflows/test-npm.yml b/.github/workflows/test-npm.yml
index 89960761dd..bdcd9d249d 100644
--- a/.github/workflows/test-npm.yml
+++ b/.github/workflows/test-npm.yml
@@ -40,7 +40,7 @@ jobs:
steps:
- name: Cancel previous runs of this workflow (pull requests only)
if: ${{ github.event_name == 'pull_request' }}
- uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d
+ uses: styfle/cancel-workflow-action@3d86a7cc43670094ac248017207be0295edbc31d # v0.8.0
# Verifies that installing NPM dependencies and building WordPress works as expected.
#
@@ -65,7 +65,7 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Log debug information
run: |
@@ -76,12 +76,12 @@ jobs:
svn --version
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Cache NodeJS modules (Ubuntu & MacOS)
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
if: ${{ matrix.os != 'windows-latest' }}
with:
path: ~/.npm
@@ -93,7 +93,7 @@ jobs:
run: echo "::set-output name=dir::$(npm config get cache)"
- name: Cache NodeJS modules (Windows only)
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
if: ${{ matrix.os == 'windows-latest' }}
with:
path: ${{ steps.npm-cache.outputs.dir }}
@@ -135,7 +135,7 @@ jobs:
needs: prepare-workflow
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4
- name: Log debug information
run: |
@@ -146,12 +146,12 @@ jobs:
svn --version
- name: Install NodeJS
- uses: actions/setup-node@v2
+ uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea # v2.1.5
with:
node-version: 14
- name: Cache NodeJS modules
- uses: actions/cache@v2
+ uses: actions/cache@26968a09c0ea4f3e233fdddbafd1166051a095f6 # v2.1.4
if: ${{ matrix.os != 'windows-latest' }}
with:
path: ~/.npm
diff --git a/.github/workflows/welcome-new-contributors.yml b/.github/workflows/welcome-new-contributors.yml
index 366cf446e4..f475a432a0 100644
--- a/.github/workflows/welcome-new-contributors.yml
+++ b/.github/workflows/welcome-new-contributors.yml
@@ -11,7 +11,7 @@ jobs:
if: ${{ github.repository == 'WordPress/wordpress-develop' }}
steps:
- - uses: bubkoo/welcome-action@8dbbac2540d155744c90e4e37da6b05ffc9c5e2c
+ - uses: bubkoo/welcome-action@8dbbac2540d155744c90e4e37da6b05ffc9c5e2c # v1.0.3
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FIRST_PR_COMMENT: >