Skip to content

Commit

Permalink
- Pin dependencies (#435)
Browse files Browse the repository at this point in the history
  • Loading branch information
blumilkbot authored May 27, 2024
1 parent 1367012 commit 5267934
Show file tree
Hide file tree
Showing 11 changed files with 36 additions and 36 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/check-pr-title.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ jobs:
runs-on: ubuntu-22.04

steps:
- uses: blumilksoftware/[email protected]
- uses: blumilksoftware/action-pr-title@e05fc76a1cc45b33644f1de51218be43ac121dd0 # v1.2.0
14 changes: 7 additions & 7 deletions .github/workflows/deploy-to-beta-manually.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
run: echo "BRANCH_NAME=$GITHUB_REF_NAME" >> $GITHUB_ENV

- name: checkout
uses: actions/[email protected]
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
ref: ${{ env.BRANCH_NAME }}
Expand All @@ -37,10 +37,10 @@ jobs:
run: echo "DEPLOYMENT_PROJECT_VERSION=$(bash ./environment/prod/deployment/scripts/version.sh --long)" >> $GITHUB_ENV

- name: set up Docker Buildx
uses: docker/[email protected]
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0

- name: login to GitHub Container Registry
uses: docker/[email protected]
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ env.DOCKER_REGISTRY_USER_NAME }}
Expand All @@ -51,14 +51,14 @@ jobs:

- name: Docker meta
id: meta
uses: docker/[email protected]
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.DOCKER_IMAGE_NAME }}
tags: type=raw,value=beta
context: git

- name: build and push image
uses: docker/[email protected]
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./environment/prod/app/Dockerfile
Expand All @@ -70,7 +70,7 @@ jobs:
cache-to: type=gha, ref=${{ env.DOCKER_IMAGE_NAME }}-beta-build-cache, mode=max

- name: copy files via ssh
uses: appleboy/[email protected]
uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7
with:
timeout: 10s
command_timeout: 10m
Expand All @@ -84,7 +84,7 @@ jobs:
rm: true

- name: run deployment script over ssh
uses: appleboy/[email protected]
uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 # v1.0.3
with:
timeout: 10s
command_timeout: 10m
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/deploy-to-prod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,16 +20,16 @@ jobs:
DOCKER_REGISTRY_PROJECT_NAME: ${{ github.event.repository.name }}
steps:
- name: checkout
uses: actions/[email protected]
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

- name: set deployment project version
run: echo "DEPLOYMENT_PROJECT_VERSION=$(bash ./environment/prod/deployment/scripts/version.sh --long)" >> $GITHUB_ENV

- name: set up Docker Buildx
uses: docker/[email protected]
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0

- name: login to GitHub Container Registry
uses: docker/[email protected]
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ env.DOCKER_REGISTRY_USER_NAME }}
Expand All @@ -40,7 +40,7 @@ jobs:

- name: Docker meta
id: meta
uses: docker/[email protected]
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
images: ${{ env.DOCKER_IMAGE_NAME }}
tags: |
Expand All @@ -49,7 +49,7 @@ jobs:
context: workflow

- name: build and push image
uses: docker/[email protected]
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./environment/prod/app/Dockerfile
Expand All @@ -61,7 +61,7 @@ jobs:
cache-to: type=gha, ref=${{ env.DOCKER_IMAGE_NAME }}-prod-build-cache, mode=max

- name: copy files via ssh
uses: appleboy/[email protected]
uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7
with:
timeout: 10s
command_timeout: 10m
Expand All @@ -74,7 +74,7 @@ jobs:
target: ${{ secrets.TOBY_VPS_LIVE_APP_PATH }}
rm: true

- uses: appleboy/[email protected]
- uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 # v1.0.3
with:
timeout: 10s
command_timeout: 10m
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/run-command-on-beta.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: run php artisan command
uses: appleboy/[email protected]
uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 # v1.0.3
with:
timeout: 10s
command_timeout: 10m
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/test-and-lint-js.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,17 @@ jobs:
runs-on: ubuntu-22.04

steps:
- uses: actions/[email protected]
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

- name: Cache dependencies
uses: actions/[email protected]
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: node_modules
key: ${{ runner.os }}-npm-dependencies-${{ hashFiles('package.lock') }}
restore-keys: ${{ runner.os }}-npm-dependencies

- name: Set up node
uses: actions/[email protected]
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: 22

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/test-and-lint-php.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
runs-on: ubuntu-22.04
services:
pgsql:
image: postgres:15
image: postgres:15@sha256:4b4da96c37fefd6f28c3f58e7470bbc6d2cb34ac5641b9df7221d962eb4bc55d
env:
POSTGRES_DB: toby
POSTGRES_USER: toby
Expand All @@ -34,20 +34,20 @@ jobs:
- 5432:5432

steps:
- uses: actions/[email protected]
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

- name: Validate composer.json and composer.lock
run: composer validate

- name: Cache dependencies
uses: actions/[email protected]
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: vendor
key: ${{ runner.os }}-composer-dependencies-${{ hashFiles('composer.lock') }}
restore-keys: ${{ runner.os }}-composer-dependencies

- name: Setup PHP
uses: shivammathur/[email protected]
uses: shivammathur/setup-php@c665c7a15b5295c2488ac8a87af9cb806cd72198 # 2.30.4
with:
php-version: 8.3
extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, pdo_pgsql, intl, gd
Expand Down
8 changes: 4 additions & 4 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ services:
condition: service_healthy

database:
image: postgres:15
image: postgres:15@sha256:4b4da96c37fefd6f28c3f58e7470bbc6d2cb34ac5641b9df7221d962eb4bc55d
container_name: toby-db-dev
environment:
- PGPASSWORD=${DOCKER_DEV_DB_ROOT_PASSWORD}
Expand All @@ -59,7 +59,7 @@ services:
restart: unless-stopped

redis:
image: redis:7.0-alpine3.16
image: redis:7.0-alpine3.16@sha256:2700d5097763fda285c463f4eefc3d0730a2df2a9d48e66707b19d5a5e5f23d4
container_name: toby-redis-dev
healthcheck:
test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
Expand All @@ -75,7 +75,7 @@ services:
restart: unless-stopped

mailpit:
image: axllent/mailpit:v1.9
image: axllent/mailpit:v1.9@sha256:47b6dbbae83e523b407f47ddf93f71ba71e75554ddb4c255d81f3b9b8487103e
container_name: toby-mailpit-dev
labels:
- "traefik.enable=true"
Expand All @@ -99,7 +99,7 @@ services:
restart: unless-stopped

selenium:
image: selenium/standalone-chrome
image: selenium/standalone-chrome@sha256:f0037767d53479c9c7c7126a84135a06ba38748e0d47b9efca865c82d4345c38
container_name: toby-selenium-dev
volumes:
- /dev/shm:/dev/shm
Expand Down
6 changes: 3 additions & 3 deletions environment/dev/app/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ARG PHP_MODULE_NAME=php${PHP_VERSION}
# https://github.com/nginx/unit/tags
ARG UNIT_VERSION=1.31.1-1

FROM alpine:3.19.0 as secops-tools
FROM alpine:3.19.0@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48 as secops-tools

# https://github.com/FiloSottile/age/releases
ARG AGE_VERSION="1.1.1"
Expand All @@ -20,10 +20,10 @@ RUN wget --output-document age.tar.gz "https://github.com/FiloSottile/age/releas
&& chmod +x /usr/local/bin/sops

# https://hub.docker.com/r/composer/composer
FROM composer/composer:2.7.4-bin as composer-bin
FROM composer/composer:2.7.4-bin@sha256:d75832c5b2b08ced21d724948cd30674c06b400ca2768eeb5934a3682e690b58 as composer-bin

# https://hub.docker.com/_/node
FROM node:22.1.0-bullseye-slim as node
FROM node:22.1.0-bullseye-slim@sha256:d5a435ce3230983b4d359cdc79341fd0b3482aeb445f2fbc04d0e23ecb211dd4 as node

FROM php:${PHP_VERSION}-cli-bullseye as unit-modules-builder

Expand Down
4 changes: 2 additions & 2 deletions environment/prod/app/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ ARG PHP_MODULE_NAME=php${PHP_VERSION}
ARG UNIT_VERSION=1.31.1-1

### PHP DEPENDENCIES ###
FROM composer:2.7.4 as vendor
FROM composer:2.7.4@sha256:ee4676ef56f97c82f11b421717386bcf9353a53bee9276c414ad80a0a4dc0e02 as vendor

WORKDIR /app_composer_dependencies

Expand All @@ -20,7 +20,7 @@ RUN composer install \
--ignore-platform-reqs

### FRONTEND ###
FROM node:22.1.0-bullseye-slim as frontend
FROM node:22.1.0-bullseye-slim@sha256:d5a435ce3230983b4d359cdc79341fd0b3482aeb445f2fbc04d0e23ecb211dd4 as frontend

WORKDIR /app_frontend_dependencies

Expand Down
4 changes: 2 additions & 2 deletions environment/prod/deployment/beta/docker-compose.beta.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ services:
- .deployment

toby-beta-database:
image: postgres:15
image: postgres:15@sha256:4b4da96c37fefd6f28c3f58e7470bbc6d2cb34ac5641b9df7221d962eb4bc55d
container_name: toby-beta-database
environment:
- PGPASSWORD=${DOCKER_TOBY_BETA_DB_ROOT_PASSWORD:? variable DOCKER_TOBY_BETA_DB_ROOT_PASSWORD not set}
Expand All @@ -65,7 +65,7 @@ services:
restart: unless-stopped

toby-beta-redis:
image: redis:7.0-alpine3.16
image: redis:7.0-alpine3.16@sha256:2700d5097763fda285c463f4eefc3d0730a2df2a9d48e66707b19d5a5e5f23d4
container_name: toby-beta-redis
healthcheck:
test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
Expand Down
4 changes: 2 additions & 2 deletions environment/prod/deployment/prod/docker-compose.prod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ services:
- .deployment

toby-prod-database:
image: postgres:15
image: postgres:15@sha256:4b4da96c37fefd6f28c3f58e7470bbc6d2cb34ac5641b9df7221d962eb4bc55d
container_name: toby-prod-database
environment:
- PGPASSWORD=${DOCKER_TOBY_PROD_DB_ROOT_PASSWORD:? variable DOCKER_TOBY_PROD_DB_ROOT_PASSWORD not set}
Expand All @@ -69,7 +69,7 @@ services:
restart: unless-stopped

toby-prod-redis:
image: redis:7.0-alpine3.16
image: redis:7.0-alpine3.16@sha256:2700d5097763fda285c463f4eefc3d0730a2df2a9d48e66707b19d5a5e5f23d4
container_name: toby-prod-redis
healthcheck:
test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ]
Expand Down

0 comments on commit 5267934

Please sign in to comment.