From 722c9f5417b8b3124e1fc449763f8659bd5ac92e Mon Sep 17 00:00:00 2001 From: Joonas Bergius Date: Mon, 16 Dec 2024 11:28:32 -0600 Subject: [PATCH] chore(ci): Pin GitHub Actions dependencies Signed-off-by: Joonas Bergius --- .github/workflows/chart.yml | 16 +++++++-------- .github/workflows/e2e.yml | 8 ++++---- .github/workflows/release.yml | 36 ++++++++++++++++----------------- .github/workflows/test.yml | 8 ++++---- .github/workflows/wit-wadm.yaml | 4 ++-- 5 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.github/workflows/chart.yml b/.github/workflows/chart.yml index cae5e501..b0a56b82 100644 --- a/.github/workflows/chart.yml +++ b/.github/workflows/chart.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -30,18 +30,18 @@ jobs: git fetch origin main:main - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: ${{ env.HELM_VERSION }} # Used by helm chart-testing below - name: Set up Python - uses: actions/setup-python@v5.3.0 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: '3.12.2' - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: version: v3.10.1 yamllint_version: 1.35.1 @@ -52,7 +52,7 @@ jobs: ct lint --config charts/wadm/ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.11.0 + uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 with: version: "v0.22.0" @@ -79,10 +79,10 @@ jobs: packages: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: ${{ env.HELM_VERSION }} @@ -91,7 +91,7 @@ jobs: helm package charts/wadm -d .helm-charts - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 858ddf92..a2892caf 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -18,16 +18,16 @@ jobs: test: [e2e_multiple_hosts, e2e_upgrades, e2e_shared] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install latest Rust stable toolchain - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@1ff72ee08e3cb84d84adba594e0a297990fc1ed3 # stable with: toolchain: stable components: clippy, rustfmt # Cache: rust - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 with: key: 'ubuntu-22.04-rust-cache' @@ -47,7 +47,7 @@ jobs: # if the previous step fails, upload logs - name: Upload logs for debugging - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if: ${{ failure() && steps.test.outcome == 'failure' }} with: name: e2e-logs-${{ matrix.test }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b245a889..622c5511 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,7 +61,7 @@ jobs: buildOutputPath: 'target/x86_64-pc-windows-msvc/release/wadm.exe', } steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: set the release version (tag) if: ${{ startsWith(github.ref, 'refs/tags/v') }} @@ -78,19 +78,19 @@ jobs: run: echo "version=$RELEASE_VERSION" >> $GITHUB_OUTPUT - name: Install Zig - uses: goto-bus-stop/setup-zig@v2 + uses: goto-bus-stop/setup-zig@abea47f85e598557f500fa1fd2ab7464fcb39406 # v2.2.1 with: version: 0.13.0 - name: Install latest Rust stable toolchain - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@1ff72ee08e3cb84d84adba594e0a297990fc1ed3 # stable with: toolchain: stable components: clippy, rustfmt target: ${{ matrix.config.target }} - name: Install cargo zigbuild - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@ed8c79bccf0b1cb1544a358f81684d3acaa5133f # v2.46.11 with: tool: cargo-zigbuild @@ -98,7 +98,7 @@ jobs: run: | ${{ matrix.config.buildCommand }} --release --bin wadm --target ${{ matrix.config.target }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: wadm-${{ env.RELEASE_VERSION }}-${{ matrix.config.uploadArtifactSuffix }} if-no-files-found: error @@ -116,7 +116,7 @@ jobs: RELEASE_VERSION: ${{ needs.build.outputs.version_output }} steps: - name: Download release assets - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - name: Prepare release run: | @@ -128,7 +128,7 @@ jobs: done - name: Create github release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: token: ${{ secrets.GITHUB_TOKEN }} prerelease: false @@ -147,9 +147,9 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install latest Rust stable toolchain - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@1ff72ee08e3cb84d84adba594e0a297990fc1ed3 # stable with: toolchain: stable @@ -185,15 +185,15 @@ jobs: env: RELEASE_VERSION: ${{ needs.build.outputs.version_output }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: ./artifacts pattern: '*linux*' @@ -210,7 +210,7 @@ jobs: done - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -226,7 +226,7 @@ jobs: echo "RELEASE_VERSION_DOCKER_TAG=${RELEASE_VERSION#v}" >> $GITHUB_ENV - name: Build and push (tag) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: ${{ startsWith(github.ref, 'refs/tags/v') }} with: push: true @@ -241,7 +241,7 @@ jobs: ghcr.io/${{ env.OWNER }}/wadm:${{ env.RELEASE_VERSION_DOCKER_TAG }} - name: Build and push wolfi (tag) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: ${{ startsWith(github.ref, 'refs/tags/v') }} with: push: true @@ -257,7 +257,7 @@ jobs: ghcr.io/${{ env.OWNER }}/wadm:${{ env.RELEASE_VERSION_DOCKER_TAG }}-wolfi - name: Build and push (main) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: ${{ github.ref == 'refs/heads/main' }} with: push: true @@ -269,7 +269,7 @@ jobs: tags: ghcr.io/${{ env.OWNER }}/wadm:canary - name: Build and push (main) - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: ${{ github.ref == 'refs/heads/main' }} with: push: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9ef0ced2..9821652d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,16 +18,16 @@ jobs: nats_version: [2.10.7] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install latest Rust stable toolchain - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@1ff72ee08e3cb84d84adba594e0a297990fc1ed3 # stable with: toolchain: stable components: clippy, rustfmt # Cache: rust - - uses: Swatinem/rust-cache@v2 + - uses: Swatinem/rust-cache@82a92a6e8fbeee089604da2575dc567ae9ddeaab # v2.7.5 with: key: '${{ matrix.os }}-rust-cache' @@ -40,7 +40,7 @@ jobs: exit 1 fi - name: Install wash - uses: wasmCloud/common-actions/install-wash@main + uses: wasmCloud/common-actions/install-wash@bc9f2b3966835575aa6f70faafd9efb8e24992c4 # main # GH Actions doesn't currently support passing args to service containers and there is no way # to use an environment variable to turn on jetstream for nats, so we manually start it here diff --git a/.github/workflows/wit-wadm.yaml b/.github/workflows/wit-wadm.yaml index 29b6f668..1ab6e81f 100644 --- a/.github/workflows/wit-wadm.yaml +++ b/.github/workflows/wit-wadm.yaml @@ -14,7 +14,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: sparse-checkout: | wit @@ -29,7 +29,7 @@ jobs: run: | tar cvzf ${{ steps.ctx.outputs.tarball }} -C wit wadm/wit - name: Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: files: ${{ steps.ctx.outputs.tarball }} make_latest: "false"