Skip to content

Commit

Permalink
chore: pin actions to digests (#1032)
Browse files Browse the repository at this point in the history 
* chore: pin actions to digests

* chore: regenerate
  • Loading branch information
@pmalek
pmalek authored Jan 16, 2025
1 parent da5d52d commit 24bf834
Show file tree
Hide file tree
Showing 6 changed files with 72 additions and 72 deletions.
22 changes: 11 additions & 11 deletions .github/workflows/__build-workflow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ jobs:
run: exit 1

- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0

Expand Down Expand Up @@ -132,13 +132,13 @@ jobs:
version: ${{ steps.meta.outputs.version }}

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies)
run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com"

- name: Cache Docker layers
uses: actions/cache@v4
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
Expand All @@ -147,14 +147,14 @@ jobs:
- name: Log in to the Container registry
if: ${{ inputs.push }}
uses: docker/[email protected]
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.username }}
password: ${{ secrets.dockerhub-token }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 # v3.8.0
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # v3.8.0

- name: Add standard tags
if: ${{ inputs.tag != '' }}
Expand Down Expand Up @@ -190,7 +190,7 @@ jobs:

# Setup Golang to use go pkg cache which is utilized in Dockerfile's cache mount.
- name: Setup golang
uses: actions/setup-go@v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand All @@ -205,7 +205,7 @@ jobs:

- name: Build image
id: build
uses: docker/[email protected]
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
with:
context: .
build-contexts: ${{ inputs.additional-build-contexts }}
Expand Down Expand Up @@ -251,7 +251,7 @@ jobs:
${{ inputs.image-name }}:${{ steps.meta.outputs.version }} -version | ${{ inputs.verify-image-script }} ${{ github.repository }}
- name: Upload artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
with:
name: image-${{ matrix.os }}-${{ matrix.arch }}
path: /tmp/image.tar
Expand All @@ -269,12 +269,12 @@ jobs:
- build

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies)
run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 # v3.8.0
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # v3.8.0

- name: Add standard tags
if: ${{ inputs.tag != '' }}
Expand Down Expand Up @@ -310,7 +310,7 @@ jobs:

- name: Log in to the Container registry
if: ${{ inputs.push }}
uses: docker/[email protected]
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ inputs.registry }}
username: ${{ inputs.username }}
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/__release-workflow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
run: exit 1

- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0

Expand Down Expand Up @@ -131,15 +131,15 @@ jobs:
name: "test-integration-current-kubernetes (WEBHOOK_ENABLED=${{ matrix.webhook-enabled }})"
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0

- name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies)
run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com"

- name: Setup golang
uses: actions/setup-go@v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand Down Expand Up @@ -176,7 +176,7 @@ jobs:

- name: upload diagnostics
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
with:
name: diagnostics-integration-webhook-enabled-${{ matrix.webhook-enabled }}
path: /tmp/ktf-diag*
Expand All @@ -189,15 +189,15 @@ jobs:
- build-push-images
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0

- name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies)
run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com"

- name: Setup golang
uses: actions/setup-go@v5
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand Down Expand Up @@ -234,7 +234,7 @@ jobs:

- name: upload diagnostics
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4
with:
name: diagnostics-e2e
path: /tmp/ktf-diag*
Expand Down Expand Up @@ -265,15 +265,15 @@ jobs:
# Use the branch set via inputs as a base for the release.
# If anything needs to be fixed before the release, it should be done on the base branch
# before the release workflow is triggered.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
fetch-depth: 0
ref: ${{ inputs.base }}

- name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies)
run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com"

- uses: actions/setup-go@v5
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5
with:
go-version-file: go.mod

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/release-bot.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: search for release command in commit message
id: commit_parser
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7
with:
script: |
const commitMessage = context.payload.head_commit.message
Expand Down Expand Up @@ -55,7 +55,7 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- name: Read version from VERSION file
run: |
Expand Down Expand Up @@ -134,7 +134,7 @@ jobs:
if: ${{ needs.look_for_release.outputs.release_found == 'true' && needs.semver.outputs.patch != '0' && needs.semver.outputs.prerelease == '' && needs.look_for_release.outputs.release_latest == 'true' && github.ref_name != 'main' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

- uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10
with:
Expand Down
Loading

0 comments on commit 24bf834

Please sign in to comment.