2121 contents : read
2222 steps :
2323 - name : Checkout
24- uses : actions/checkout@v6
24+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
25+ with :
26+ persist-credentials : false
2527
2628 - uses : ./.github/actions/setup-hathor-env
2729 name : Setup Hathor node environment
@@ -34,39 +36,45 @@ jobs:
3436 run : echo "version=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
3537
3638 - name : Configure AWS credentials (OIDC)
37- uses : aws-actions/configure-aws-credentials@v6
39+ uses : aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
3840 with :
3941 role-to-assume : arn:aws:iam::769498303037:role/GitHubActionsNginxConfigUploadRole
4042 aws-region : us-east-1
4143
4244 - name : Generate all nginx configs
4345 working-directory : extras/nginx_docker
44- run : poetry run make generate-all VERSION=${{ steps.version.outputs.version }}
46+ run : poetry run make generate-all VERSION="$VERSION"
47+ env :
48+ VERSION : ${{ steps.version.outputs.version }}
4549
4650 - name : Upload configs to S3 (versioned)
4751 working-directory : extras/nginx_docker
48- run : make upload-to-s3 VERSION=${{ steps.version.outputs.version }}
52+ run : make upload-to-s3 VERSION="$VERSION"
53+ env :
54+ VERSION : ${{ steps.version.outputs.version }}
4955
5056 - name : Upload configs to S3 (latest)
5157 working-directory : extras/nginx_docker
52- run : make upload-to-s3-as-latest VERSION=${{ steps.version.outputs.version }}
58+ run : make upload-to-s3-as-latest VERSION="$VERSION"
59+ env :
60+ VERSION : ${{ steps.version.outputs.version }}
5361
5462 - name : Generate set_real_ip_from_cloudfront
5563 working-directory : extras/nginx_docker
5664 run : make set_real_ip_from_cloudfront
5765
5866 - name : Set up QEMU
59- uses : docker/setup-qemu-action@v3
67+ uses : docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
6068
6169 - name : Set up Docker Buildx
62- uses : docker/setup-buildx-action@v3
70+ uses : docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
6371
6472 # --- AWS ECR ---
6573 - name : Login to Amazon ECR
66- uses : aws-actions/amazon-ecr-login@v2
74+ uses : aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2
6775
6876 - name : Build and push to ECR
69- uses : docker/build-push-action@v6
77+ uses : docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
7078 with :
7179 context : extras/nginx_docker
7280 push : true
7987
8088 # standalone-fullnodes
8189 - name : Authenticate to GCP (standalone-fullnodes)
82- uses : google-github-actions/auth@v3
90+ uses : google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3
8391 with :
8492 workload_identity_provider : projects/${{ vars.SF_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github/providers/github
8593 service_account : ' '
8997 run : gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
9098
9199 - name : Build and push to standalone-fullnodes
92- uses : docker/build-push-action@v6
100+ uses : docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
93101 with :
94102 context : extras/nginx_docker
95103 push : true
@@ -100,7 +108,7 @@ jobs:
100108
101109# hathor-testnet
102110 - name : Authenticate to GCP (hathor-testnet)
103- uses : google-github-actions/auth@v3
111+ uses : google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3
104112 with :
105113 workload_identity_provider : projects/${{ vars.HT_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github/providers/github
106114 service_account : ' '
@@ -110,7 +118,7 @@ jobs:
110118 run : gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
111119
112120 - name : Build and push to hathor-testnet
113- uses : docker/build-push-action@v6
121+ uses : docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
114122 with :
115123 context : extras/nginx_docker
116124 push : true
@@ -121,7 +129,7 @@ jobs:
121129
122130# ekvilibro
123131 - name : Authenticate to GCP (ekvilibro)
124- uses : google-github-actions/auth@v3
132+ uses : google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3
125133 with :
126134 workload_identity_provider : projects/${{ vars.EKV_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github/providers/github
127135 service_account : ' '
@@ -131,7 +139,7 @@ jobs:
131139 run : gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
132140
133141 - name : Build and push to ekvilibro
134- uses : docker/build-push-action@v6
142+ uses : docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
135143 with :
136144 context : extras/nginx_docker
137145 push : true
@@ -142,7 +150,7 @@ jobs:
142150
143151# hathor-testnet-playground
144152 - name : Authenticate to GCP (hathor-testnet-playground)
145- uses : google-github-actions/auth@v3
153+ uses : google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3
146154 with :
147155 workload_identity_provider : projects/${{ vars.HTP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github/providers/github
148156 service_account : ' '
@@ -152,7 +160,7 @@ jobs:
152160 run : gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
153161
154162 - name : Build and push to hathor-testnet-playground
155- uses : docker/build-push-action@v6
163+ uses : docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
156164 with :
157165 context : extras/nginx_docker
158166 push : true
0 commit comments