Removed decoupled version comments in github actions (#5240)

The dependenabot is correctly updating the version of the github actions with commit hash. However, the version comments that was placed initially is not updated. As such the version has been decoupled. For example, the checkout action ec3a7ce113134d7a93b817d10a8272cb61118579 is actually on v3.0 yet the comment is still on v2.4.0. This PR removes the decoupled version comments to avoid confusion. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2025-11-01 18:53:43 -04:00 · 2022-03-07 06:49:39 -08:00
parent ca4073da67
commit 4b864a97d1
1 changed files with 4 additions and 4 deletions
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -22,12 +22,12 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
        with:
          persist-credentials: false

      - name: "Run analysis"
-        uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1  # v1.0.2
+        uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1
        with:
          results_file: results.sarif
          results_format: sarif
@@ -42,7 +42,7 @@ jobs:

      # Upload the results as artifacts (optional).
      - name: "Upload artifact"
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535  # v2.3.1
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
        with:
          name: SARIF file
          path: results.sarif
@@ -50,6 +50,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5  # v1.0.26
+        uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5
        with:
          sarif_file: results.sarif