From 4b864a97d10630f0d267e626df0f9617a6df5530 Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Mon, 7 Mar 2022 06:49:39 -0800 Subject: [PATCH] Removed decoupled version comments in github actions (#5240) The dependenabot is correctly updating the version of the github actions with commit hash. However, the version comments that was placed initially is not updated. As such the version has been decoupled. For example, the checkout action ec3a7ce113134d7a93b817d10a8272cb61118579 is actually on v3.0 yet the comment is still on v2.4.0. This PR removes the decoupled version comments to avoid confusion. Signed-off-by: Yong Tang --- .github/workflows/scorecards.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7750c0dac..233ad488c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -22,12 +22,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 + uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.2 + uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 with: results_file: results.sarif results_format: sarif @@ -42,7 +42,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v2.3.1 + uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 with: name: SARIF file path: results.sarif @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # v1.0.26 + uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 with: sarif_file: results.sarif