From 5315d925ef95aae7014a42bfc6fee162559788d3 Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Thu, 16 Nov 2023 10:07:42 +1300 Subject: [PATCH] feat: Pin actions to hashes Done with pin-github-action 1.8.0 using `npx pin-github-action .github/workflows/*.yml`. Dependabot should support updating in the same fashion . --- .github/workflows/push.yml | 24 ++++++++++++------------ .github/workflows/release-please.yml | 20 ++++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 6912474f..22b5489e 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -6,16 +6,16 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: linz/action-typescript@v3 + - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 # Only build containers on branches otherwise container builds are duplicated deploy-nonprod-containers - name: Set up Docker Buildx if: ${{ github.ref != 'refs/heads/master' }} - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - name: Build container if: ${{ github.ref != 'refs/heads/master' }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 with: context: . platforms: linux/amd64 @@ -46,7 +46,7 @@ jobs: name: nonprod steps: - - uses: linz/action-typescript@v3 + - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 - name: Download actionlint run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile @@ -65,21 +65,21 @@ jobs: - name: Set up Docker Qemu id: qemu - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 with: images: ${{ github.repository }} labels: | org.opencontainers.image.version=${{ steps.version.outputs.version }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -87,7 +87,7 @@ jobs: - name: Configure AWS Credentials if: ${{env.AWS_CI_ROLE != ''}} - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4 with: aws-region: ap-southeast-2 mask-aws-account-id: true @@ -96,11 +96,11 @@ jobs: - name: Login to Amazon ECR if: ${{env.AWS_CI_ROLE != ''}} id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1 - name: Setup docker tags id: tags - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 with: result-encoding: string script: | @@ -115,7 +115,7 @@ jobs: return tags.join(', ') - name: Build and push container - uses: docker/build-push-action@v5 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 with: context: . tags: ${{ steps.tags.outputs.result }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 0831bfd4..3945e477 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -10,7 +10,7 @@ jobs: outputs: release_created: ${{ steps.release.outputs.release_created }} steps: - - uses: google-github-actions/release-please-action@v3 + - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3 id: release with: release-type: node @@ -29,7 +29,7 @@ jobs: packages: write if: ${{ needs.release-please.outputs.release_created }} steps: - - uses: linz/action-typescript@v3 + - uses: linz/action-typescript@dee99184c4305aea6c380a52db9b2d7abaaa3e78 # v3 - name: Setup GIT version id: version @@ -42,28 +42,28 @@ jobs: - name: Set up Docker Qemu id: qemu - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5 with: images: ${{ github.repository }} labels: | org.opencontainers.image.version=${{ steps.version.outputs.version }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4 with: aws-region: ap-southeast-2 mask-aws-account-id: true @@ -71,11 +71,11 @@ jobs: - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1 - name: Setup docker tags id: tags - uses: actions/github-script@v6 + uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 with: result-encoding: string script: | @@ -94,7 +94,7 @@ jobs: return tags.join(', ') - name: Build and push container - uses: docker/build-push-action@v5 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5 with: context: . tags: ${{ steps.tags.outputs.result }}