Merge pull request #31 from CVEProject/hotfix/2025-03-18_use_commit_hashes_for_external_github_actions

Hotfix/2025 03 18 use commit hashes for external GitHub actions

Author: hkong-mitre

github-actions/baseline.yml

@@ -53,32 +53,3 @@ jobs:
           name: ${{ needs.generate-name.outputs.v_current_run_timestamp }}_all_CVEs_at_midnight.zip
           path: ./cves.zip
           overwrite: true
-  # create_release:
-  #   needs: [generate-name, create_artifacts]
-  #   environment: development
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     # - name: create release
-  #     #   id: create_release
-  #     #   uses: actions/create-release@v1
-  #     #   env:
-  #     #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #     #   with:
-  #     #     tag_name: cve_${{ needs.generate-name.outputs.v_current_run_timestamp }}
-  #     #     release_name: CVE Release ${{ needs.generate-name.outputs.v_current_run_timestamp }}
-  #     #     draft: false
-  #     #     prerelease: false
-  #     #     # make_latest: true
-  #     # - name: Update release notes
-  #     #   run: echo "CVEs updated" > release_notes.md
-  #     - name: create release with source code as artifacts
-  #       uses: softprops/action-gh-release@v1
-  #       with:
-  #         name: CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }}
-  #         # body: Descriptions for CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }} goes here
-  #         body_path: ./release_notes.md
-  #         tag_name: cve_${{ needs.generate-name.outputs.v_current_run_timestamp }}
-  #         files: |
-  #           release_notes.md
-  #           ${{ needs.generate-name.outputs.v_current_run_timestamp }}_all_CVEs_at_midnight.zip
-  #           recent_activities.json

github-actions/delta-yesterday.yml

@@ -55,7 +55,7 @@ jobs:
         run: |
           ls
       - name: create release with source code as artifacts
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
         with:
           name: CVE ${{ env.timestamp }} at End of Day
           body_path: ./release_notes.md

github-actions/release.yml

@@ -61,7 +61,7 @@ jobs:
         with:
           node-version: 18
       - name: Download artifact from baseline workflow
-        uses: dawidd6/action-download-artifact@v6
+        uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
         with:
           workflow: baseline.yml
           workflow_conclusion: success
@@ -72,7 +72,7 @@ jobs:
           ls ./.github/workflows/dist
           node ./.github/workflows/dist/index.js delta
       - name: create release with source code as artifacts
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
         with:
           name: CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }}
           # body: Descriptions for CVE ${{ needs.generate-name.outputs.v_current_run_timestamp }} goes here