From 82645ae3e3bb7c67d67ccc59082d7bef3e5cfec7 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:35:52 -0700 Subject: [PATCH 01/10] chore(ci): update comment in dependency review action --- .github/workflows/dependency-review.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index cea9a68..f032c19 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -1,9 +1,14 @@ # Dependency Review Action # -# This Action will scan dependency manifest files that change as part of a Pull Reqest, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# This workflow scans dependency manifest files that change as part of a pull +# reqest, surfacing known-vulnerable versions of the packages declared or +# updated in the PR. +# If the workflow run is marked as required, PRs introducing known-vulnerable +# packages will be blocked from merging. # # Source repository: https://github.com/actions/dependency-review-action # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +# name: 'Dependency Review' on: [pull_request] From c0acb382a675348a2517870a803d491cd3bca257 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:36:04 -0700 Subject: [PATCH 02/10] chore(deps): use commit id for action/setup-go version --- .github/workflows/go.yml | 4 ++-- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/release.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index cbbad32..b3440b6 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -13,8 +13,8 @@ jobs: runs-on: ubuntu-latest steps: - - name: Set up Go 1.x - uses: actions/setup-go@v4 + - name: Set up Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ^1.19 id: go diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 2459963..ea92cd8 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -12,7 +12,7 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/setup-go@v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.19 - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f1cfabf..3f39ad4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,7 +16,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.19 - name: Run GoReleaser From ea25765174232700e63dc8bb72dfb328f930c826 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:55:30 -0700 Subject: [PATCH 03/10] deps(gha): upgrade docker/setup-buildx-action to v3.0.0 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 278f8d1..6b9d520 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -44,7 +44,7 @@ jobs: # by default the docker-container builder driver. # Recommended for build multi-platform images, export cache, etc. - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Log into ${{ env.REGISTRY }} if: github.event_name != 'pull_request' From e5b0ae753e66c00825b5fb7c777dc78dbb0ffd95 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:56:28 -0700 Subject: [PATCH 04/10] deps(gha): upgrade docker/metadata-action to v5.0.0 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 6b9d520..a5d2001 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -31,7 +31,7 @@ jobs: # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From efe75d22ca63c80fda48e04b1405a6f255423c32 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:58:35 -0700 Subject: [PATCH 05/10] deps(gha): upgrade docker/login-action to v3.0.0 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a5d2001..8b2a737 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -48,7 +48,7 @@ jobs: - name: Log into ${{ env.REGISTRY }} if: github.event_name != 'pull_request' - uses: docker/login-action@v2 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} From 4299dfa6c7458de4379059bb693a4a6e34b64215 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:59:35 -0700 Subject: [PATCH 06/10] deps(gha): upgrade docker/build-push-action to v5.0.0 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 8b2a737..5f06207 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -57,7 +57,7 @@ jobs: # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: context: . push: ${{ github.event_name != 'pull_request' }} From 8afc203834f00a8bb342e42c3de7f5fea3cda8c7 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:59:35 -0700 Subject: [PATCH 07/10] deps(gha): upgrade docker/setup-qemu-action to v3.0.0 Release notes: https://github.com/docker/setup-qemu-action/releases/tag/v3.0.0 --- .github/workflows/docker-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5f06207..eebae81 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -38,7 +38,7 @@ jobs: # This action can be useful if you want to add emulation # support with QEMU to be able to build against more platforms. - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 # This action will create and boot a builder using # by default the docker-container builder driver. From 8830a5cfddeb2f8256d2546a5bf48ebf801cc149 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 15:07:11 -0700 Subject: [PATCH 08/10] deps(gha): use commit id for dependency-review-action --- .github/workflows/dependency-review.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index f032c19..a5a38f0 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -22,4 +22,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 + uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0 From 76f648b01ad33fbd03ef5333a25fb0bcdbf281e7 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 15:07:11 -0700 Subject: [PATCH 09/10] deps(gha): upgrade goreleaser-action to v5.0.0 Use commit id to specify version Release notes: https://github.com/goreleaser/goreleaser-action/releases/tag/v5.0.0 --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3f39ad4..4fe85b1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: with: go-version: 1.19 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: distribution: goreleaser version: latest From dee2bdeb1aac04817e121ab64fe33f380cb8fd56 Mon Sep 17 00:00:00 2001 From: Julio <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 15:07:11 -0700 Subject: [PATCH 10/10] deps(gha): use commit id for golangci-lint-action Pin to v3.7.0 Release notes: https://github.com/golangci/golangci-lint-action/releases/tag/v3.7.0 --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index ea92cd8..c4aec33 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -17,7 +17,7 @@ jobs: go-version: 1.19 - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. version: v1.48