Skip to content

Commit be04839

Browse files
gamingrobotgamingrobot
committed
Pin github actions to commit hash
1 parent e874334 commit be04839

File tree

2 files changed

+21
-21
lines changed

2 files changed

+21
-21
lines changed

.github/workflows/build.yml

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ jobs:
3636
env:
3737
AGENT_TYPE: ${{ matrix.variant }}
3838
steps:
39-
- uses: actions/checkout@v4
39+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4040
- name: Load Manifest
4141
id: load-manifest
4242
run: |
@@ -52,33 +52,33 @@ jobs:
5252
shell: pwsh
5353

5454
- name: Setup QEMU
55-
uses: docker/setup-qemu-action@v3
55+
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
5656
with:
5757
platforms: arm64
5858

5959
- name: Setup Buildx
60-
uses: docker/setup-buildx-action@v3
60+
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
6161
with:
6262
install: true
6363
version: latest
6464

6565
- name: Docker Meta
6666
id: meta
67-
uses: docker/metadata-action@v5
67+
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
6868
with:
6969
images: ${{ steps.load-manifest.outputs.image-name }}
7070
tags: |
7171
type=raw,value=trunk-artifact,enable=${{ github.ref == 'refs/heads/master' }}
7272
type=raw,value=backport-artifact,enable=${{ startsWith(github.ref, 'refs/heads/backport/') }}
7373
type=raw,value=pr-artifact,enable=${{ github.event_name == 'pull_request' }}
7474
75-
- uses: docker/login-action@v3
75+
- uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
7676
with:
7777
registry: ghcr.io
7878
username: ${{ github.actor }}
7979
password: ${{ secrets.GITHUB_TOKEN }}
8080

81-
- uses: docker/build-push-action@v6
81+
- uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
8282
id: build
8383
with:
8484
file: ${{ steps.load-manifest.outputs.docker-file }}
@@ -132,9 +132,9 @@ jobs:
132132
version: ${{ needs.build.outputs.artifact-version-python }}
133133
if: ${{ !(github.event_name == 'pull_request' && github.actor == 'dependabot[bot]') }}
134134
steps:
135-
- uses: actions/checkout@v4
135+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
136136
- name: Login (Github)
137-
uses: docker/login-action@v3
137+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
138138
with:
139139
registry: ghcr.io
140140
username: ${{ github.actor }}
@@ -157,7 +157,7 @@ jobs:
157157
if: ${{ needs.test.result != 'success' }}
158158
run: exit 1
159159
- name: Create Digest Comment
160-
uses: peter-evans/create-or-update-comment@v4
160+
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
161161
if: ${{ github.actor != 'dependabot[bot]' }}
162162
with:
163163
issue-number: ${{ github.event.pull_request.number }}
@@ -205,16 +205,16 @@ jobs:
205205
group: internal-${{ matrix.variants.type }}
206206
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }}
207207
steps:
208-
- uses: actions/checkout@v4
208+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
209209
- name: Login (Github)
210-
uses: docker/login-action@v3
210+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
211211
with:
212212
registry: ghcr.io
213213
username: ${{ github.actor }}
214214
password: ${{ secrets.GITHUB_TOKEN }}
215215
- name: Docker Meta
216216
id: meta
217-
uses: docker/metadata-action@v5
217+
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
218218
with:
219219
images: ghcr.io/contrast-security-oss/agent-operator-images/agent-${{ matrix.variants.type }}
220220
tags: |
@@ -224,7 +224,7 @@ jobs:
224224
type=raw,value=${{ matrix.variants.version }}
225225
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
226226
- name: Tag for Release
227-
uses: akhilerm/[email protected]
227+
uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0
228228
with:
229229
src: ${{ matrix.variants.digest }}
230230
dst: |
@@ -263,27 +263,27 @@ jobs:
263263
group: public-${{ matrix.variants.type }}
264264
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/backport/') }}
265265
steps:
266-
- uses: actions/checkout@v4
266+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
267267
- name: Login (Github)
268-
uses: docker/login-action@v3
268+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
269269
with:
270270
registry: ghcr.io
271271
username: ${{ github.actor }}
272272
password: ${{ secrets.GITHUB_TOKEN }}
273273
- name: Login (Dockerhub)
274-
uses: docker/login-action@v3
274+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
275275
with:
276276
username: ${{ secrets.DOCKERHUB_USERNAME }}
277277
password: ${{ secrets.DOCKERHUB_PAT }}
278278
- name: Login (Quay)
279-
uses: docker/login-action@v3
279+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
280280
with:
281281
registry: quay.io
282282
username: ${{ secrets.QUAY_USERNAME }}
283283
password: ${{ secrets.QUAY_PASSWORD }}
284284
- name: Docker Meta
285285
id: meta
286-
uses: docker/metadata-action@v5
286+
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
287287
with:
288288
images: |
289289
docker.io/contrast/agent-${{ matrix.variants.type }}
@@ -295,7 +295,7 @@ jobs:
295295
type=raw,value=${{ matrix.variants.version }}
296296
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
297297
- name: Tag for Release
298-
uses: akhilerm/[email protected]
298+
uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0
299299
with:
300300
src: ${{ matrix.variants.digest }}
301301
dst: |

.github/workflows/oob-update.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
agent-type: ${{ steps.validate-event.outputs.agent-type }}
1212
agent-version: ${{ steps.validate-event.outputs.agent-version }}
1313
steps:
14-
- uses: actions/checkout@v4
14+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
1515
- name: Validate Event
1616
id: validate-event
1717
run: |
@@ -55,7 +55,7 @@ jobs:
5555
shell: pwsh
5656

5757
- name: Create Pull Request
58-
uses: peter-evans/create-pull-request@v7
58+
uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
5959
id: create-pr
6060
with:
6161
add-paths: |

0 commit comments

Comments
 (0)