From ebbc6f06d7acf19675d9dadc11f7fa467d6c0ed9 Mon Sep 17 00:00:00 2001 From: Vherremi Date: Tue, 16 Sep 2025 14:43:37 -0700 Subject: [PATCH] Updating aws-otel-python-instrumentation VID to CSHA 1/2 --- .github/actions/artifacts_build/action.yml | 10 +++++----- .github/actions/set_up/action.yml | 4 ++-- .../workflows/application-signals-e2e-test.yml | 4 ++-- .github/workflows/codeql.yml | 6 +++--- .github/workflows/daily-scan.yml | 16 ++++++++-------- .github/workflows/main-build.yml | 6 +++--- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/actions/artifacts_build/action.yml b/.github/actions/artifacts_build/action.yml index 7543b04e3..c0795757d 100644 --- a/.github/actions/artifacts_build/action.yml +++ b/.github/actions/artifacts_build/action.yml @@ -53,7 +53,7 @@ runs: - name: Configure AWS Credentials if: ${{ inputs.push_image == true || inputs.push_image == 'true' }} - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ inputs.snapshot-ecr-role }} aws-region: ${{ inputs.aws-region }} @@ -68,14 +68,14 @@ runs: python -m build --outdir ../dist - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #3.11.1 - name: Login to private AWS ECR if: ${{ inputs.push_image == true || inputs.push_image == 'true' }} - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: ${{ inputs.image_registry }} env: @@ -91,7 +91,7 @@ runs: run: docker logout public.ecr.aws - name: Build and push image according to input - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #6.18.0 with: push: ${{ inputs.push_image }} context: . diff --git a/.github/actions/set_up/action.yml b/.github/actions/set_up/action.yml index dd4948518..433367f95 100644 --- a/.github/actions/set_up/action.yml +++ b/.github/actions/set_up/action.yml @@ -21,7 +21,7 @@ runs: using: "composite" steps: - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 with: python-version: ${{ inputs.python_version }} @@ -31,7 +31,7 @@ runs: - name: Cache tox environment # Preserves .tox directory between runs for faster installs - uses: actions/cache@v3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #4.2.4 with: path: | .tox diff --git a/.github/workflows/application-signals-e2e-test.yml b/.github/workflows/application-signals-e2e-test.yml index 25b2d6f72..e42b6586a 100644 --- a/.github/workflows/application-signals-e2e-test.yml +++ b/.github/workflows/application-signals-e2e-test.yml @@ -29,12 +29,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: arn:aws:iam::${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ACCOUNT_ID }}:role/${{ secrets.APPLICATION_SIGNALS_E2E_TEST_ROLE_NAME }} aws-region: us-east-1 - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #5.0.0 with: name: ${{ inputs.staging-wheel-name }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dacf9c831..e24463215 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -60,11 +60,11 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@16df4fbc19aea13d921737861d6c622bf3cefe23 #v2.23.0 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -92,6 +92,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@16df4fbc19aea13d921737861d6c622bf3cefe23 #v2.23.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/daily-scan.yml b/.github/workflows/daily-scan.yml index 79d826202..9de5f891b 100644 --- a/.github/workflows/daily-scan.yml +++ b/.github/workflows/daily-scan.yml @@ -26,12 +26,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo for dependency scan - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 with: fetch-depth: 0 - name: Set up Python for dependency scan - uses: actions/setup-python@v4 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 with: python-version: "3.10" @@ -44,19 +44,19 @@ jobs: less aws-opentelemetry-distro/requirements.txt - name: Install java for dependency scan - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 #v4.7.1 with: java-version: 17 distribution: 'temurin' - name: Configure AWS credentials for dependency scan - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.SECRET_MANAGER_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Get NVD API key for dependency scan - uses: aws-actions/aws-secretsmanager-get-secrets@v1 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 id: nvd_api_key with: secret-ids: ${{ secrets.NVD_API_KEY_SECRET_ARN }} @@ -80,13 +80,13 @@ jobs: run: less dependency-check-report.html - name: Configure AWS credentials for image scan - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Login to Public ECR - uses: docker/login-action@v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0 with: registry: public.ecr.aws @@ -110,7 +110,7 @@ jobs: - name: Configure AWS Credentials for emitting metrics if: always() - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.MONITORING_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }} diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml index f7c01e440..7e1df8fef 100644 --- a/.github/workflows/main-build.yml +++ b/.github/workflows/main-build.yml @@ -33,7 +33,7 @@ jobs: staging_wheel_file: ${{ steps.staging_wheel_output.outputs.STAGING_WHEEL}} steps: - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 - name: Get Python Distro Output id: python_output @@ -87,7 +87,7 @@ jobs: aws s3 cp dist/${{ steps.staging_wheel_output.outputs.STAGING_WHEEL}} s3://${{ env.STAGING_S3_BUCKET }} - name: Upload Wheel to GitHub Actions - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 with: name: ${{ steps.staging_wheel_output.outputs.STAGING_WHEEL}} path: dist/${{ steps.staging_wheel_output.outputs.STAGING_WHEEL}} @@ -117,7 +117,7 @@ jobs: if: always() steps: - name: Configure AWS Credentials for emitting metrics - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #5.0.0 with: role-to-assume: ${{ secrets.MONITORING_ROLE_ARN }} aws-region: ${{ env.AWS_DEFAULT_REGION }}