From c675ba4048609cbf733c1344afee73782cf0849c Mon Sep 17 00:00:00 2001 From: "Akihiko (Aki) Kuroda" <16141898+akihikokuroda@users.noreply.github.com> Date: Tue, 6 Aug 2024 08:13:01 -0400 Subject: [PATCH] add sha to checkout action (#1438) * add sha to checkout action * add sha to upload-artifact and setup-python actions * add sha to docker actions * add sha to some actions * temp fix --- .github/actions/helm-lint/action.yaml | 6 +++--- .github/actions/icr-build-and-push-images/action.yaml | 2 +- .github/workflows/build-containers-test.yaml | 6 +++--- .github/workflows/client-pypi-release.yaml | 6 +++--- .github/workflows/client-verify.yaml | 4 ++-- .github/workflows/docs-verify.yaml | 6 +++--- .github/workflows/gateway-verify.yaml | 4 ++-- .github/workflows/helm-verify.yaml | 2 +- .github/workflows/icr-image-build-and-push.yaml | 8 ++++---- .github/workflows/kubernetes-deploy.yaml | 4 ++-- .github/workflows/notebook-local-verify.yaml | 4 ++-- .github/workflows/proxy-verify.yaml | 4 ++-- .github/workflows/publish-docs.yaml | 6 +++--- .github/workflows/publish-helm.yaml | 10 +++++----- .github/workflows/update-component-versions.yaml | 4 ++-- 15 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/actions/helm-lint/action.yaml b/.github/actions/helm-lint/action.yaml index 5acb4858b..f824bf1fe 100644 --- a/.github/actions/helm-lint/action.yaml +++ b/.github/actions/helm-lint/action.yaml @@ -5,19 +5,19 @@ runs: using: composite steps: - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v4.2.0 #4.2.0 with: version: v3.12.1 # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and # yamllint (https://github.com/adrienverge/yamllint) which require Python - - uses: actions/setup-python@v4 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: '3.10' check-latest: true - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 #2.6.1 - name: Run chart-testing (list-changed) shell: bash diff --git a/.github/actions/icr-build-and-push-images/action.yaml b/.github/actions/icr-build-and-push-images/action.yaml index e73ee0bb1..1c6703916 100644 --- a/.github/actions/icr-build-and-push-images/action.yaml +++ b/.github/actions/icr-build-and-push-images/action.yaml @@ -26,7 +26,7 @@ runs: using: "composite" steps: - name: Build and push image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 #6.5.0 with: platforms: ${{inputs.platforms}} context: . diff --git a/.github/workflows/build-containers-test.yaml b/.github/workflows/build-containers-test.yaml index 3c20639c0..d291c48a4 100644 --- a/.github/workflows/build-containers-test.yaml +++ b/.github/workflows/build-containers-test.yaml @@ -24,9 +24,9 @@ jobs: - "3.11" steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Setup buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db #3..6.1 - name: Config python value run: | python_version=${{ matrix.python }} @@ -40,7 +40,7 @@ jobs: echo "python_version=$python_version" >> "$GITHUB_ENV" fi - name: Build ${{ matrix.dockerfile }} using python ${{ matrix.python }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 #6.5.0 with: context: . file: ./${{ matrix.dockerfile }} diff --git a/.github/workflows/client-pypi-release.yaml b/.github/workflows/client-pypi-release.yaml index b2ce04448..d8875bd3d 100644 --- a/.github/workflows/client-pypi-release.yaml +++ b/.github/workflows/client-pypi-release.yaml @@ -13,8 +13,8 @@ jobs: name: Build and Publish Release Artifacts runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 name: Install Python with: python-version: '3.11' @@ -26,7 +26,7 @@ jobs: python setup.py sdist python setup.py bdist_wheel shell: bash - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 #4.3.5 with: path: ./client/dist/qiskit_serverless* - name: Publish to PyPi diff --git a/.github/workflows/client-verify.yaml b/.github/workflows/client-verify.yaml index 8aae58187..4fa2eb6fb 100644 --- a/.github/workflows/client-verify.yaml +++ b/.github/workflows/client-verify.yaml @@ -22,10 +22,10 @@ jobs: working-directory: ./client steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: ${{ matrix.python-version }} cache: 'pip' diff --git a/.github/workflows/docs-verify.yaml b/.github/workflows/docs-verify.yaml index 2983cf729..b31e1fde8 100644 --- a/.github/workflows/docs-verify.yaml +++ b/.github/workflows/docs-verify.yaml @@ -10,8 +10,8 @@ jobs: verify_docs_build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: '3.11' - name: Install dependencies @@ -25,7 +25,7 @@ jobs: tox -edocs - name: Upload docs artifact if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 #4.3.5 with: name: html_docs path: ./docs/_build/html/ diff --git a/.github/workflows/gateway-verify.yaml b/.github/workflows/gateway-verify.yaml index de4af5fe2..d5233dfd4 100644 --- a/.github/workflows/gateway-verify.yaml +++ b/.github/workflows/gateway-verify.yaml @@ -22,10 +22,10 @@ jobs: working-directory: ./gateway steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: ${{ matrix.python-version }} cache: 'pip' diff --git a/.github/workflows/helm-verify.yaml b/.github/workflows/helm-verify.yaml index 2e4d54763..318135941 100644 --- a/.github/workflows/helm-verify.yaml +++ b/.github/workflows/helm-verify.yaml @@ -15,7 +15,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/icr-image-build-and-push.yaml b/.github/workflows/icr-image-build-and-push.yaml index ed4566be8..5156da444 100644 --- a/.github/workflows/icr-image-build-and-push.yaml +++ b/.github/workflows/icr-image-build-and-push.yaml @@ -29,19 +29,19 @@ jobs: platforms: linux/amd64,linux/arm64 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Login to IBM Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #3.3.0 with: registry: icr.io username: iamapikey password: ${{ secrets.IBMCLOUD_API_KEY }} - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #3.2.0 with: platforms: 'arm64,amd64' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db #3.6.1 - name: Build and push on dispatch if : github.event_name == 'workflow_dispatch' uses: ./.github/actions/icr-build-and-push-images diff --git a/.github/workflows/kubernetes-deploy.yaml b/.github/workflows/kubernetes-deploy.yaml index 39c36c943..a161bfffb 100644 --- a/.github/workflows/kubernetes-deploy.yaml +++ b/.github/workflows/kubernetes-deploy.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 45 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Install Kind run: | curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/download/v0.20.0/kind-$(uname)-amd64" @@ -56,7 +56,7 @@ jobs: GATEWAY=$(kubectl get pod -l app.kubernetes.io/name=gateway -o name) kubectl wait --for=condition=Ready "$GATEWAY" --timeout 5m - name: setup python - uses: actions/setup-python@v4 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: "3.11" - name: Install dependencies diff --git a/.github/workflows/notebook-local-verify.yaml b/.github/workflows/notebook-local-verify.yaml index 9b65636d4..d66ae10fe 100644 --- a/.github/workflows/notebook-local-verify.yaml +++ b/.github/workflows/notebook-local-verify.yaml @@ -12,8 +12,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: '3.11' - name: patch notebooks diff --git a/.github/workflows/proxy-verify.yaml b/.github/workflows/proxy-verify.yaml index 823c08a3f..3a90d7e51 100644 --- a/.github/workflows/proxy-verify.yaml +++ b/.github/workflows/proxy-verify.yaml @@ -22,10 +22,10 @@ jobs: working-directory: ./proxy steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: ${{ matrix.python-version }} cache: 'pip' diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index 65eca4a7c..006f7c5c5 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -15,8 +15,8 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f #5.1.1 with: python-version: '3.11' - name: Install dependencies @@ -29,7 +29,7 @@ jobs: run: | tox -edocs - name: Deploy docs - uses: peaceiris/actions-gh-pages@v3 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e #4.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/_build/html/ diff --git a/.github/workflows/publish-helm.yaml b/.github/workflows/publish-helm.yaml index ca1ef556c..de19d9c7a 100644 --- a/.github/workflows/publish-helm.yaml +++ b/.github/workflows/publish-helm.yaml @@ -16,29 +16,29 @@ jobs: - 'qiskit-serverless' steps: - name: Set up Helm - uses: azure/setup-helm@v3 + uses: azure/setup-helm@v4.2.0 #4.2.0 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 - name: Build Helm Package id: package run: | helm package ./charts/${{ matrix.release }} -u echo "VERSION=${GITHUB_REF_NAME/v}" >> $GITHUB_OUTPUT - name: Upload Helm Package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 #4.3.5 with: name: helm-package path: ./${{ matrix.release }}-${{ steps.package.outputs.VERSION }}.tgz - name: Get release id: get_release - uses: bruceadams/get-release@v1.3.2 + uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f #1.3.2 env: GITHUB_TOKEN: ${{ github.token }} - name: Upload Release Asset id: upload-release-asset - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 #1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/update-component-versions.yaml b/.github/workflows/update-component-versions.yaml index 0eedb35a0..2963f269d 100644 --- a/.github/workflows/update-component-versions.yaml +++ b/.github/workflows/update-component-versions.yaml @@ -14,7 +14,7 @@ jobs: update_component_versions: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7 with: fetch-depth: 0 fetch-tags: true @@ -62,7 +62,7 @@ jobs: sed -i "s/${OLDNUM}-py310/${NEWNUM}-py310/g" docs/deployment/deploying_custom_image_function.rst - name: Create PR id: cpr - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@cd5c7e4b8bff84befe9c12e7cffbecfda02c7ce9 #6.1.0 with: branch: "update-version-${{ github.event.inputs.new_version }}" title: "update-version-${{ github.event.inputs.new_version }}"