17
17
RELEASE_ID : ${{ steps.create-release.outputs.result }}
18
18
steps :
19
19
- run : " echo \" RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
20
- - uses : actions/github-script@v7
20
+ - uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/releases/tag/v7.0.1
21
21
id : create-release
22
22
if : startsWith(github.ref, 'refs/tags/')
23
23
with :
@@ -57,10 +57,10 @@ jobs:
57
57
statuses : write
58
58
steps :
59
59
- run : " echo \" RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
60
- - uses : actions/checkout@v4
60
+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2
61
61
with :
62
62
fetch-depth : ' 0'
63
- - uses : actions/setup-go@v5
63
+ - uses : actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 https://github.com/actions/setup-go/releases/tag/v5.5.0
64
64
with :
65
65
go-version : 1.23.x
66
66
- name : Build binary
79
79
--data-binary @${_filename} \
80
80
https://uploads.github.com/repos/${{ github.repository_owner }}/cdnsd/releases/${{ needs.create-draft-release.outputs.RELEASE_ID }}/assets?name=${_filename}
81
81
- name : Attest binary
82
- uses : actions/attest-build-provenance@v2
82
+ uses : actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 https://github.com/actions/attest-build-provenance/releases/tag/v2.4.0
83
83
with :
84
84
subject-path : ' cdnsd'
85
85
@@ -96,26 +96,26 @@ jobs:
96
96
statuses : write
97
97
steps :
98
98
- run : " echo \" RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
99
- - uses : actions/checkout@v4
99
+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2
100
100
with :
101
101
fetch-depth : ' 0'
102
102
- name : Set up QEMU
103
- uses : docker/setup-qemu-action@v3
103
+ uses : docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0
104
104
- name : Set up Docker Buildx
105
- uses : docker/setup-buildx-action@v3
105
+ uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1
106
106
- name : Login to Docker Hub
107
- uses : docker/login-action@v3
107
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
108
108
with :
109
109
username : blinklabs
110
110
password : ${{ secrets.DOCKER_PASSWORD }} # uses token
111
111
- name : Login to GHCR
112
- uses : docker/login-action@v3
112
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
113
113
with :
114
114
username : ${{ github.repository_owner }}
115
115
password : ${{ secrets.GITHUB_TOKEN }}
116
116
registry : ghcr.io
117
117
- id : meta
118
- uses : docker/metadata-action@v5
118
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
119
119
with :
120
120
images : |
121
121
blinklabs/cdnsd
@@ -128,28 +128,28 @@ jobs:
128
128
# semver
129
129
type=semver,pattern={{version}}
130
130
- name : Build images
131
- uses : docker/build-push-action@v6
131
+ uses : docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0
132
132
id : push
133
133
with :
134
134
outputs : " type=registry,push=true"
135
135
platforms : linux/amd64,linux/arm64
136
136
tags : ${{ steps.meta.outputs.tags }}
137
137
labels : ${{ steps.meta.outputs.labels }}
138
138
- name : Attest Docker Hub image
139
- uses : actions/attest-build-provenance@v2
139
+ uses : actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 https://github.com/actions/attest-build-provenance/releases/tag/v2.4.0
140
140
with :
141
141
subject-name : index.docker.io/blinklabs/cdnsd
142
142
subject-digest : ${{ steps.push.outputs.digest }}
143
143
push-to-registry : true
144
144
- name : Attest GHCR image
145
- uses : actions/attest-build-provenance@v2
145
+ uses : actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0 https://github.com/actions/attest-build-provenance/releases/tag/v2.4.0
146
146
with :
147
147
subject-name : ghcr.io/${{ github.repository }}
148
148
subject-digest : ${{ steps.push.outputs.digest }}
149
149
push-to-registry : true
150
150
# Update Docker Hub from README
151
151
- name : Docker Hub Description
152
- uses : peter-evans/dockerhub-description@v4
152
+ uses : peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2 https://github.com/peter-evans/dockerhub-description/releases/tag/v4.0.2
153
153
with :
154
154
username : blinklabs
155
155
password : ${{ secrets.DOCKER_PASSWORD }}
@@ -163,7 +163,7 @@ jobs:
163
163
contents : write
164
164
needs : [create-draft-release, build-binaries, build-images]
165
165
steps :
166
- - uses : actions/github-script@v7
166
+ - uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/releases/tag/v7.0.1
167
167
if : startsWith(github.ref, 'refs/tags/')
168
168
with :
169
169
github-token : ${{ secrets.GITHUB_TOKEN }}
0 commit comments