wpallstars/wp-plugin-starter-template-for-ai-coding
Template
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: pin all GitHub Actions to full commit SHAs (resolves SonarCloud S7637) (#90)

Browse Source 
Pin all floating version tags (@v1, @v2, @v3, @v4, @master) to full commit
SHAs across all workflow files to eliminate supply chain security risk.

Actions pinned:
- actions/checkout@v3 -> f43a0e5 (v3.6.0) in release.yml, sync-wiki.yml
- actions/checkout@v4 -> 34e1148 (v4) in tests.yml
- shivammathur/setup-php@v2 -> accd612 (v2) in all workflows
- actions/setup-node@v4 -> 49933ea (v4) in playground-tests*.yml, wordpress-tests.yml
- actions/upload-artifact@v4 -> ea165f8 (v4) in playground-tests*.yml, wordpress-tests.yml
- softprops/action-gh-release@v1 -> de2c0eb (v1) in release.yml
- codacy/codacy-analysis-cli-action@v4 -> 562ee3e (v4) in code-quality.yml
- github/codeql-action/upload-sarif@v3 -> 603b797 (v3) in code-quality.yml
- swissspidy/wp-performance-action@v2.0.3 -> b7e3ffc (v2.0.3) in playground-tests.yml
- SonarSource/sonarqube-scan-action@master -> 9598b8a in sonarcloud.yml

Closes #89
This commit is contained in:
Marcus Quinn
2026-03-18 04:58:57 +00:00
committed by GitHub
parent d6dcda908c
commit 9fdfa7a8a9
9 changed files with 27 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/code-quality.yml vendored
View File

@@ -20,7 +20,7 @@ jobs:
clean: 'true' clean: 'true'
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: '8.1' php-version: '8.1'
extensions: mbstring, intl, zip extensions: mbstring, intl, zip
@@ -47,7 +47,7 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: '8.1' php-version: '8.1'
extensions: mbstring, intl, zip extensions: mbstring, intl, zip
@@ -68,7 +68,7 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: '8.1' php-version: '8.1'
extensions: mbstring, intl, zip extensions: mbstring, intl, zip
@@ -119,7 +119,7 @@ jobs:
# #
# - name: SonarCloud Scan # - name: SonarCloud Scan
# if: steps.check_sonar_token.outputs.skip != 'true' # if: steps.check_sonar_token.outputs.skip != 'true'
# uses: SonarSource/sonarqube-scan-action@master # uses: SonarSource/sonarqube-scan-action@9598b8a83feef37de07f549027fab50ecffe6a6e # master
# env: # env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -152,7 +152,7 @@ jobs:
fi fi
- name: Run Codacy Analysis CLI - name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@v4 uses: codacy/codacy-analysis-cli-action@562ee3e92b8e92df8b67e0a5ff8aa8e261919c08 # v4
with: with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true verbose: true
@@ -167,7 +167,7 @@ jobs:
- name: Upload SARIF results file - name: Upload SARIF results file
if: steps.check_codacy_token.outputs.skip_upload != 'true' if: steps.check_codacy_token.outputs.skip_upload != 'true'
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@603b797f8b14b413fe025cd935a91c16c4782713 # v3
with: with:
sarif_file: results.sarif sarif_file: results.sarif
continue-on-error: true continue-on-error: true

2
.github/workflows/phpunit.yml vendored
View File

@@ -42,7 +42,7 @@ jobs:
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: ${{ matrix.php }} php-version: ${{ matrix.php }}
extensions: dom, curl, libxml, mbstring, zip, pdo, mysql, pdo_mysql, bcmath, soap, intl, gd, exif, iconv extensions: dom, curl, libxml, mbstring, zip, pdo, mysql, pdo_mysql, bcmath, soap, intl, gd, exif, iconv

4
.github/workflows/playground-tests-fix.yml vendored
View File

@@ -36,7 +36,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '20' node-version: '20'
cache: 'npm' cache: 'npm'
@@ -98,7 +98,7 @@ jobs:
- name: Upload Cypress artifacts - name: Upload Cypress artifacts
if: always() if: always()
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with: with:
name: cypress-playground-results name: cypress-playground-results
path: | path: |

12
.github/workflows/playground-tests.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
cache: 'npm' cache: 'npm'
@@ -67,7 +67,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '20' node-version: '20'
cache: 'npm' cache: 'npm'
@@ -142,7 +142,7 @@ jobs:
- name: Upload Cypress artifacts - name: Upload Cypress artifacts
if: always() if: always()
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with: with:
name: cypress-single-site-results name: cypress-single-site-results
path: | path: |
@@ -163,7 +163,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '20' node-version: '20'
cache: 'npm' cache: 'npm'
@@ -239,7 +239,7 @@ jobs:
- name: Upload Cypress artifacts - name: Upload Cypress artifacts
if: always() if: always()
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with: with:
name: cypress-multisite-results name: cypress-multisite-results
path: | path: |
@@ -261,7 +261,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: WordPress Performance Tests - name: WordPress Performance Tests
uses: swissspidy/wp-performance-action@v2.0.3 uses: swissspidy/wp-performance-action@b7e3ffcf0fc4a48b62492e021e0ebeb51430ff11 # v2.0.3
with: with:
plugins: | plugins: |
./ ./

6
.github/workflows/release.yml vendored
View File

@@ -14,10 +14,10 @@ jobs:
contents: write contents: write
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v3 uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: '7.4' php-version: '7.4'
extensions: mbstring, intl, zip extensions: mbstring, intl, zip
@@ -62,7 +62,7 @@ jobs:
- name: Create Release - name: Create Release
id: create_release id: create_release
uses: softprops/action-gh-release@v1 uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
with: with:
files: wp-plugin-starter-template-for-ai-coding-${{ env.VERSION }}.zip files: wp-plugin-starter-template-for-ai-coding-${{ env.VERSION }}.zip
name: v${{ env.VERSION }} - WordPress Plugin Starter Template name: v${{ env.VERSION }} - WordPress Plugin Starter Template

2
.github/workflows/sonarcloud.yml vendored
View File

@@ -49,7 +49,7 @@ jobs:
- name: SonarCloud Scan - name: SonarCloud Scan
if: steps.check_token.outputs.skip != 'true' if: steps.check_token.outputs.skip != 'true'
uses: SonarSource/sonarqube-scan-action@master uses: SonarSource/sonarqube-scan-action@9598b8a83feef37de07f549027fab50ecffe6a6e # master
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONARCLOUD_GITHUB }} SONAR_TOKEN: ${{ secrets.SONARCLOUD_GITHUB }}

2
.github/workflows/sync-wiki.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
contents: write contents: write
steps: steps:
- name: Checkout source code - name: Checkout source code
uses: actions/checkout@v3 uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Configure Git - name: Configure Git
run: | run: |

8
.github/workflows/tests.yml vendored
View File

@@ -17,12 +17,12 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with: with:
clean: 'true' clean: 'true'
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: ${{ matrix.php-versions }} php-version: ${{ matrix.php-versions }}
extensions: mbstring, intl, zip extensions: mbstring, intl, zip
@@ -43,12 +43,12 @@ jobs:
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with: with:
clean: 'true' clean: 'true'
- name: Setup PHP - name: Setup PHP
uses: shivammathur/setup-php@v2 uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2
with: with:
php-version: '7.4' php-version: '7.4'
extensions: mbstring, intl, zip extensions: mbstring, intl, zip

6
.github/workflows/wordpress-tests.yml vendored
View File

@@ -37,7 +37,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: ${{ matrix.node-version }} node-version: ${{ matrix.node-version }}
cache: 'npm' cache: 'npm'
@@ -73,7 +73,7 @@ jobs:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node.js - name: Setup Node.js
uses: actions/setup-node@v4 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '20' node-version: '20'
cache: 'npm' cache: 'npm'
@@ -124,7 +124,7 @@ jobs:
- name: Upload Cypress artifacts - name: Upload Cypress artifacts
if: always() if: always()
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with: with:
name: cypress-results name: cypress-results
path: | path: |