From 550ed6ffedf5b9d9254ab5bfe5ee17d45efe4756 Mon Sep 17 00:00:00 2001
From: homksei <aleksei.khomenko@intel.com>
Date: Wed, 3 Jul 2024 09:46:08 +0200
Subject: [PATCH] chore(github): pin some dependencies by hash

* Update `github-action-renovate-config-validator` action to specific commit hash
* Pin actions in workflows by hash
---
 .github/workflows/docker-validation-ci.yml      |  2 +-
 .github/workflows/docker-validation-nightly.yml |  2 +-
 .github/workflows/nightly-build.yml             | 12 ++++++------
 .github/workflows/pr-checklist.yml              |  4 ++--
 .github/workflows/renovate-validation.yml       |  4 ++--
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/docker-validation-ci.yml b/.github/workflows/docker-validation-ci.yml
index 0ea073b1d59..48ab3be5fe0 100644
--- a/.github/workflows/docker-validation-ci.yml
+++ b/.github/workflows/docker-validation-ci.yml
@@ -21,6 +21,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Build docker image
         run: docker build . --file dev/docker/onedal-dev.Dockerfile --tag onedal-dev:latest
diff --git a/.github/workflows/docker-validation-nightly.yml b/.github/workflows/docker-validation-nightly.yml
index f07c65f9149..2346ea6a197 100644
--- a/.github/workflows/docker-validation-nightly.yml
+++ b/.github/workflows/docker-validation-nightly.yml
@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Build docker image
         run: docker build . --file dev/docker/onedal-dev.Dockerfile --tag onedal-dev:latest
       - name: Building oneDAL
diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml
index e5ab12187e0..a975ac59217 100644
--- a/.github/workflows/nightly-build.yml
+++ b/.github/workflows/nightly-build.yml
@@ -37,7 +37,7 @@ jobs:
 
     steps:
       - name: Checkout oneDAL
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: oneapi-src/oneDAL
       - name: Install DPC++
@@ -57,7 +57,7 @@ jobs:
           source /opt/intel/oneapi/compiler/latest/env/vars.sh
           .ci/scripts/build.sh --compiler icx  --optimizations avx2 --target onedal
       - name: Archive build
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.0.0
         with:
           name: __release_lnx
           path: ./__release_lnx
@@ -70,7 +70,7 @@ jobs:
 
     steps:
       - name: Checkout oneDAL
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           repository: oneapi-src/oneDAL
       - name: Install DPC++
@@ -113,17 +113,17 @@ jobs:
           for /D %%s in (.\oneapi\*) do for /f "tokens=2 delims=[]" %%H in ('dir /al %%s\ ^| findstr /i /c:"latest"') do rmdir %%s\latest & mklink /D %%s\latest .\%%~nxH
           tar -cvzf oneapi.tar.gz .\oneapi
       - name: Archive build
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.0.0
         with:
           name: __release_win
           path: .\__release_win_vc
       - name: Archive Intel BaseKit
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.0.0
         with:
           name: intel_oneapi_basekit
           path: .\oneapi.tar.gz
       - name: Archive Intel OpenCL CPU runtime
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.0.0
         with:
           name: opencl_rt_installer
           path: .\opencl_rt.msi
diff --git a/.github/workflows/pr-checklist.yml b/.github/workflows/pr-checklist.yml
index d81fc88eb7a..c9192a41da1 100644
--- a/.github/workflows/pr-checklist.yml
+++ b/.github/workflows/pr-checklist.yml
@@ -34,10 +34,10 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Get pull request details
       id: pr
-      uses: actions/github-script@v7
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.0
       with:
         script: |
           const pr_desc = await github.rest.pulls.get({
diff --git a/.github/workflows/renovate-validation.yml b/.github/workflows/renovate-validation.yml
index 0391f232c5f..a7605576968 100644
--- a/.github/workflows/renovate-validation.yml
+++ b/.github/workflows/renovate-validation.yml
@@ -27,8 +27,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Validate
-        uses: suzuki-shunsuke/github-action-renovate-config-validator@v1.1.0
+        uses: suzuki-shunsuke/github-action-renovate-config-validator@36a15b83e37bf3221dc9c02ff5ffdaefb51ca1cf # v1.1.0
         with:
           config_file_path: .github/renovate.json