gui.do / barazo-web
Barazo default frontend barazo.forum
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge pull request #53 from barazo-forum/fix/pin-actions-and-permissions

fix(ci): pin GitHub Actions to commit SHAs

authored by

Guido X Jansen and committed by
GitHub e5ba603a 3c5334a2

+30 -27
+21 -18
.github/workflows/ci.yml
··· 10 10 group: ${{ github.workflow }}-${{ github.ref }} 11 11 cancel-in-progress: true 12 12 13 + permissions: 14 + contents: read 15 + 13 16 jobs: 14 17 lint: 15 18 name: Lint 16 19 runs-on: ubuntu-latest 17 20 steps: 18 21 - name: Checkout 19 - uses: actions/checkout@v4 22 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 20 23 21 24 - name: Install pnpm 22 - uses: pnpm/action-setup@v4 25 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 23 26 with: 24 27 version: 10 25 28 26 29 - name: Setup Node.js 27 - uses: actions/setup-node@v4 30 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 28 31 with: 29 32 node-version: '24' 30 33 cache: 'pnpm' ··· 48 51 runs-on: ubuntu-latest 49 52 steps: 50 53 - name: Checkout 51 - uses: actions/checkout@v4 54 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 52 55 53 56 - name: Install pnpm 54 - uses: pnpm/action-setup@v4 57 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 55 58 with: 56 59 version: 10 57 60 58 61 - name: Setup Node.js 59 - uses: actions/setup-node@v4 62 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 60 63 with: 61 64 node-version: '24' 62 65 cache: 'pnpm' ··· 77 80 runs-on: ubuntu-latest 78 81 steps: 79 82 - name: Checkout 80 - uses: actions/checkout@v4 83 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 81 84 82 85 - name: Install pnpm 83 - uses: pnpm/action-setup@v4 86 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 84 87 with: 85 88 version: 10 86 89 87 90 - name: Setup Node.js 88 - uses: actions/setup-node@v4 91 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 89 92 with: 90 93 node-version: '24' 91 94 cache: 'pnpm' ··· 107 110 needs: [lint, typecheck, test] 108 111 steps: 109 112 - name: Checkout 110 - uses: actions/checkout@v4 113 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 111 114 112 115 - name: Install pnpm 113 - uses: pnpm/action-setup@v4 116 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 114 117 with: 115 118 version: 10 116 119 117 120 - name: Setup Node.js 118 - uses: actions/setup-node@v4 121 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 119 122 with: 120 123 node-version: '24' 121 124 cache: 'pnpm' ··· 132 135 run: pnpm build 133 136 134 137 - name: Upload build artifacts 135 - uses: actions/upload-artifact@v4 138 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 136 139 with: 137 140 name: build 138 141 path: | ··· 146 149 needs: build 147 150 steps: 148 151 - name: Checkout 149 - uses: actions/checkout@v4 152 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 150 153 151 154 - name: Install pnpm 152 - uses: pnpm/action-setup@v4 155 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 153 156 with: 154 157 version: 10 155 158 156 159 - name: Setup Node.js 157 - uses: actions/setup-node@v4 160 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 158 161 with: 159 162 node-version: '24' 160 163 cache: 'pnpm' ··· 204 207 205 208 - name: Upload Playwright report 206 209 if: always() 207 - uses: actions/upload-artifact@v4 210 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 208 211 with: 209 212 name: playwright-report 210 213 path: playwright-report/ ··· 212 215 213 216 - name: Upload Lighthouse report 214 217 if: always() 215 - uses: actions/upload-artifact@v4 218 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 216 219 with: 217 220 name: lighthouse-report 218 221 path: .lighthouseci/
+1 -1
.github/workflows/cla.yml
··· 17 17 steps: 18 18 - name: 'CLA Assistant' 19 19 if: (github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA' || github.event_name == 'pull_request_target') 20 - uses: contributor-assistant/github-action@v2.5.2 20 + uses: contributor-assistant/github-action@fdca7a016082d9130c3cd91a236ddf956ec35f1d # v2.5.2 21 21 env: 22 22 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 23 23 PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_BOT_TOKEN }}
+6 -6
.github/workflows/docker.yml
··· 22 22 23 23 steps: 24 24 - name: Checkout 25 - uses: actions/checkout@v4 25 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 26 26 27 27 - name: Set up Docker Buildx 28 - uses: docker/setup-buildx-action@v3 28 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 29 29 30 30 - name: Login to Container Registry 31 - uses: docker/login-action@v3 31 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 32 32 with: 33 33 registry: ${{ env.REGISTRY }} 34 34 username: ${{ github.actor }} ··· 36 36 37 37 - name: Extract metadata 38 38 id: meta 39 - uses: docker/metadata-action@v5 39 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 40 40 with: 41 41 images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 42 42 tags: | ··· 49 49 50 50 - name: Build and push Docker image 51 51 id: build 52 - uses: docker/build-push-action@v5 52 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 53 53 with: 54 54 context: . 55 55 push: true ··· 60 60 platforms: linux/amd64,linux/arm64 61 61 62 62 - name: Generate artifact attestation 63 - uses: actions/attest-build-provenance@v1 63 + uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1 64 64 with: 65 65 subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 66 66 subject-digest: ${{ steps.build.outputs.digest }}
+2 -2
src/components/topic-view.test.tsx
··· 48 48 49 49 it('renders reply count', () => { 50 50 render(<TopicView topic={topic} />) 51 - expect(screen.getByText(`${topic.replyCount}`, { exact: false })).toBeInTheDocument() 51 + expect(screen.getByLabelText(`${topic.replyCount} replies`)).toBeInTheDocument() 52 52 }) 53 53 54 54 it('renders reaction count', () => { 55 55 render(<TopicView topic={topic} />) 56 - expect(screen.getByText(`${topic.reactionCount}`, { exact: false })).toBeInTheDocument() 56 + expect(screen.getByLabelText(`${topic.reactionCount} reactions`)).toBeInTheDocument() 57 57 }) 58 58 59 59 it('uses article element with aria-labelledby', () => {