Skip to content

Commit

Permalink
chore: pin all actions in workflows (#108)
Browse files Browse the repository at this point in the history 
Signed-off-by: Christopher Phillips <[email protected]>
  • Loading branch information
@spiffcs
spiffcs authored Sep 18, 2023
1 parent cc4be36 commit 80b91dd
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 30 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,16 +30,16 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0

- name: Install Go
uses: actions/setup-go@v4
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
with:
go-version-file: go.mod

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 #v2.3.6
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -50,7 +50,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@83f0fe6c4988d98a455712a27f0255212bba9bd4 #2.3.6

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -64,4 +64,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 #v2.3.6
20 changes: 10 additions & 10 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
environment: release
runs-on: ubuntu-latest # This OS choice is arbitrary. None of the steps in this job are specific to either Linux or macOS.
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0

# we don't want to release commits that have been pushed and tagged, but not necessarily merged onto main
- name: Ensure tagged commit is on main
Expand All @@ -26,7 +26,7 @@ jobs:
git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!"
- name: Check static analysis results
uses: fountainhead/[email protected]
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 #v1.1.0
id: static-analysis
with:
token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -35,7 +35,7 @@ jobs:
ref: ${{ github.event.pull_request.head.sha || github.sha }}

- name: Check unit test results
uses: fountainhead/[email protected]
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 #v1.1.0
id: unit
with:
token: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -55,24 +55,24 @@ jobs:
runs-on: ubuntu-20.04
steps:

- uses: actions/setup-go@v3
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
with:
go-version: ${{ env.GO_VERSION }}

- uses: actions/checkout@v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
with:
fetch-depth: 0

- name: Restore tool cache
id: tool-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ${{ github.workspace }}/.tmp
key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }}

- name: Restore go cache
id: go-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
Expand All @@ -88,11 +88,11 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- uses: anchore/sbom-action@v0
- uses: anchore/sbom-action@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 #v0.14.3
with:
artifact-name: sbom.spdx.json

- uses: 8398a7/action-slack@v3
- uses: 8398a7/action-slack@047b09b154480ed39076984b64f324fff010d703 #v3.9.3
with:
status: ${{ job.status }}
fields: repo,workflow,action,eventName
Expand All @@ -101,7 +101,7 @@ jobs:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
if: ${{ success() }}

- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3
with:
name: artifacts
path: dist/**/*
30 changes: 15 additions & 15 deletions .github/workflows/validations.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,22 @@ jobs:
name: "Static analysis"
runs-on: ubuntu-20.04
steps:
- uses: actions/setup-go@v3
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
with:
go-version: ${{ env.GO_VERSION }}

- uses: actions/checkout@v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0

- name: Restore tool cache
id: tool-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ${{ github.workspace }}/.tmp
key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }}

- name: Restore go cache
id: go-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
Expand All @@ -53,22 +53,22 @@ jobs:
name: "Unit tests"
runs-on: ubuntu-20.04
steps:
- uses: actions/setup-go@v3
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
with:
go-version: ${{ env.GO_VERSION }}

- uses: actions/checkout@v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0

- name: Restore tool cache
id: tool-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ${{ github.workspace }}/.tmp
key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }}

- name: Restore go cache
id: go-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
Expand All @@ -87,15 +87,15 @@ jobs:

- name: Restore test-fixture cache
id: unit-fixture-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: internal/git/test-fixtures/repos
key: ${{ runner.os }}-unit-fixture-cache-${{ hashFiles( 'internal/git/test-fixtures/cache.fingerprint' ) }}

- name: Run unit tests
run: make unit

- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #3.1.3
with:
name: unit-test-results
path: test/results/**/*
Expand All @@ -104,22 +104,22 @@ jobs:
name: "Build snapshot artifacts"
runs-on: ubuntu-20.04
steps:
- uses: actions/setup-go@v3
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0
with:
go-version: ${{ env.GO_VERSION }}

- uses: actions/checkout@v4
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0

- name: Restore tool cache
id: tool-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ${{ github.workspace }}/.tmp
key: ${{ runner.os }}-tool-${{ hashFiles('Makefile') }}

- name: Restore go cache
id: go-cache
uses: actions/[email protected]
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
Expand All @@ -133,7 +133,7 @@ jobs:
- name: Build snapshot artifacts
run: make snapshot

- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 #v3.1.3
with:
name: artifacts
path: snapshot/**/*

0 comments on commit 80b91dd

Please sign in to comment.