-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pin 3rd party actions by hashes (#980)
- Loading branch information
1 parent
21c6aa9
commit da5d52d
Showing
5 changed files
with
38 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -85,7 +85,7 @@ jobs: | |
| prerelease: ${{ steps.semver_parser.outputs.prerelease }} | ||
|
|
||
| steps: | ||
| - uses: mukunku/[email protected] | ||
| - uses: mukunku/tag-exists-action@bdad1eaa119ce71b150b952c97351c75025c06a9 # v1.6.0 | ||
| id: check-tag | ||
| if: ${{ inputs.tag != '' }} | ||
| name: check if tag already exists | ||
|
|
@@ -106,7 +106,7 @@ jobs: | |
| - name: Parse semver string | ||
| id: semver_parser | ||
| if: ${{ inputs.tag != '' }} | ||
| uses: booxmedialtd/[email protected] | ||
| uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 | ||
| with: | ||
| input_string: ${{ inputs.tag }} | ||
| version_extractor_regex: 'v(.*)$' | ||
|
|
@@ -154,7 +154,7 @@ jobs: | |
| password: ${{ secrets.dockerhub-token }} | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| uses: docker/setup-buildx-action@v3 # v3.8.0 | ||
|
|
||
| - name: Add standard tags | ||
| if: ${{ inputs.tag != '' }} | ||
|
|
@@ -173,7 +173,7 @@ jobs: | |
| - name: Docker meta | ||
| id: meta | ||
| uses: docker/[email protected] | ||
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | ||
| with: | ||
| images: | | ||
| ${{ inputs.registry }}/${{ inputs.image-name }} | ||
|
|
@@ -231,7 +231,7 @@ jobs: | |
| outputs: | | ||
| ${{ !inputs.push && 'type=docker,dest=/tmp/image.tar' }} | ||
| - uses: docker/setup-qemu-action@v3 | ||
| - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.3.0 | ||
| with: | ||
| platforms: ${{ matrix.arch }} | ||
|
|
||
|
|
@@ -274,7 +274,7 @@ jobs: | |
| - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) | ||
| run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| uses: docker/setup-buildx-action@v3 # v3.8.0 | ||
|
|
||
| - name: Add standard tags | ||
| if: ${{ inputs.tag != '' }} | ||
|
|
@@ -293,7 +293,7 @@ jobs: | |
| - name: Docker metadata | ||
| id: meta | ||
| uses: docker/[email protected] | ||
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | ||
| with: | ||
| images: | | ||
| ${{ inputs.registry }}/${{ inputs.image-name }} | ||
|
|
@@ -324,7 +324,7 @@ jobs: | |
| # When building with `inputs.tag` set, `steps.meta.outputs.tags` contains multiple entries, so it cannot be used | ||
| # directly in sources. Instead, the sources are constructed using the `inputs.registry`, `inputs.image-name` and | ||
| # `needs.semver.outputs.fullversion`. | ||
| - uses: int128/docker-manifest-create-action@v2 | ||
| - uses: int128/docker-manifest-create-action@736aaa0f6ae97b2fb7f43e8dcef3ab47a02ea96e # v2.8.0 | ||
| if: ${{ inputs.tag != '' }} | ||
| with: | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
|
|
@@ -335,7 +335,7 @@ jobs: | |
| # When building on schedule, `steps.meta.outputs.tags` contains multiple entries, so it cannot be used | ||
| # directly in sources. Instead, the sources are constructed using the `inputs.registry`, `inputs.image-name` and | ||
| # the current date. | ||
| - uses: int128/docker-manifest-create-action@v2 | ||
| - uses: int128/docker-manifest-create-action@736aaa0f6ae97b2fb7f43e8dcef3ab47a02ea96e # v2.8.0 | ||
| if: ${{ inputs.tag == '' && github.event_name == 'schedule' }} | ||
| with: | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
|
|
@@ -345,7 +345,7 @@ jobs: | |
| # When building on push (e.g. on main), `steps.meta.outputs.tags` contains only a single entry, so it can be used | ||
| # directly in sources. | ||
| - uses: int128/docker-manifest-create-action@v2 | ||
| - uses: int128/docker-manifest-create-action@736aaa0f6ae97b2fb7f43e8dcef3ab47a02ea96e # v2.8.0 | ||
| if: ${{ inputs.tag == '' && github.event_name == 'push' }} | ||
| with: | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -81,7 +81,7 @@ jobs: | |
| prerelease: ${{ steps.semver_parser.outputs.prerelease }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: mukunku/[email protected] | ||
| - uses: mukunku/tag-exists-action@bdad1eaa119ce71b150b952c97351c75025c06a9 # v1.6.0 | ||
| id: check-tag | ||
| name: Check if tag already exists | ||
| with: | ||
|
|
@@ -100,7 +100,7 @@ jobs: | |
|
|
||
| - name: Parse semver string | ||
| id: semver_parser | ||
| uses: booxmedialtd/[email protected] | ||
| uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 | ||
| with: | ||
| input_string: ${{ inputs.tag }} | ||
| version_extractor_regex: 'v(.*)$' | ||
|
|
@@ -143,7 +143,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -161,7 +161,7 @@ jobs: | |
| - name: Get Kong Enterprise License | ||
| if: steps.check-op-service-account-token.outputs.provided == 'true' | ||
| id: get-license | ||
| uses: Kong/kong-license@master | ||
| uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b | ||
| with: | ||
| # OP (1Password) token is used to fetch the Kong Enterprise License from 1Password. | ||
| op-token: ${{ secrets.op-service-account-token }} | ||
|
|
@@ -201,7 +201,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -219,7 +219,7 @@ jobs: | |
| - name: Get Kong Enterprise License | ||
| if: steps.check-op-service-account-token.outputs.provided == 'true' | ||
| id: get-license | ||
| uses: Kong/kong-license@master | ||
| uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b | ||
| with: | ||
| # OP (1Password) token is used to fetch the Kong Enterprise License from 1Password. | ||
| op-token: ${{ secrets.op-service-account-token }} | ||
|
|
@@ -284,7 +284,7 @@ jobs: | |
| echo "VERSION=${VERSION}" >> $GITHUB_ENV | ||
| echo ${VERSION} > VERSION | ||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -64,13 +64,13 @@ jobs: | |
| - name: Parse semver string | ||
| id: semver_parser | ||
| uses: booxmedialtd/[email protected] | ||
| uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 | ||
| with: | ||
| input_string: ${{ env.VERSION }} | ||
| version_extractor_regex: '(.*)$' | ||
|
|
||
| - name: check if tag already exists | ||
| uses: mukunku/[email protected] | ||
| uses: mukunku/tag-exists-action@bdad1eaa119ce71b150b952c97351c75025c06a9 # v1.6.0 | ||
| id: tag_exists | ||
| with: | ||
| tag: ${{ steps.commit_parser.outputs.release_version }} | ||
|
|
@@ -88,7 +88,7 @@ jobs: | |
| if: ${{ needs.look_for_release.outputs.release_found == 'true' }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: ncipollo/release-action@v1 | ||
| - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | ||
| with: | ||
| body: | | ||
| #### Download Kong Gateway Operator ${{ needs.semver.outputs.version }}: | ||
|
|
@@ -117,7 +117,7 @@ jobs: | |
| if: ${{ needs.look_for_release.outputs.release_found == 'true' && needs.semver.outputs.patch == '0' && needs.semver.outputs.prerelease == '' }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: peterjgrainger/[email protected] | ||
| - uses: peterjgrainger/action-create-branch@10c7d268152480ae859347db45dc69086cef1d9c # v3.0.0 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
|
|
@@ -136,7 +136,7 @@ jobs: | |
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: carloscastrojumo/[email protected] | ||
| - uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10 | ||
| with: | ||
| branch: main | ||
| title: '[cherry-pick] ${{ needs.semver.outputs.version }} - ${{ github.sha }}' | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -32,7 +32,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -53,15 +53,15 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
| - name: Verify manifests consistency | ||
| run: make verify.manifests | ||
|
|
||
| - name: Verify generators consistency | ||
| uses: nick-fields/retry@v3 | ||
| uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 | ||
| with: | ||
| timeout_minutes: 3 | ||
| max_attempts: 3 | ||
|
|
@@ -79,9 +79,9 @@ jobs: | |
| go-version-file: go.mod | ||
|
|
||
| - name: Create k8s KinD Cluster | ||
| uses: helm/[email protected] | ||
| uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -108,9 +108,9 @@ jobs: | |
| go-version-file: go.mod | ||
|
|
||
| - name: Create k8s KinD Cluster | ||
| uses: helm/[email protected] | ||
| uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -152,7 +152,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -186,7 +186,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -228,7 +228,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -277,7 +277,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -332,7 +332,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -382,7 +382,7 @@ jobs: | |
| with: | ||
| go-version-file: go.mod | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -435,7 +435,7 @@ jobs: | |
| TAG: e2e-${{ github.sha }} | ||
| run: make docker.build | ||
|
|
||
| - uses: jdx/mise-action@v2 | ||
| - uses: jdx/mise-action@5083fe46898c414b2475087cc79da59e7da859e8 # v2.1.11 | ||
| with: | ||
| install: false | ||
|
|
||
|
|
@@ -484,7 +484,7 @@ jobs: | |
|
|
||
| - name: Upload test results to BuildPulse for flaky test detection | ||
| if: ${{ !cancelled() }} | ||
| uses: buildpulse/[email protected] | ||
| uses: buildpulse/buildpulse-action@d0d30f53585cf16b2e01811a5a753fd47968654a # v0.11.0 | ||
| with: | ||
| account: 962416 | ||
| repository: 477814940 | ||
|
|
||