diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml index e32c85c..d38d6d1 100644 --- a/.github/workflows/ci-docker.yml +++ b/.github/workflows/ci-docker.yml @@ -16,25 +16,25 @@ jobs: build-amd64: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 - name: qemu - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: actions/cache@v4 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0 + - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 https://github.com/actions/cache/releases/tag/v4.2.3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-${{ runner.arch }}-buildx- - id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: | latest=false suffix=-amd64 - name: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0 with: context: . push: false @@ -53,25 +53,25 @@ jobs: build-arm64: runs-on: ubuntu-24.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 - name: qemu - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - uses: actions/cache@v4 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0 + - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 https://github.com/actions/cache/releases/tag/v4.2.3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-${{ runner.arch }}-buildx- - id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: | latest=false suffix=-arm64v8 - name: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0 with: context: . push: false diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml index 4479f16..bf4d013 100644 --- a/.github/workflows/conventional-commits.yml +++ b/.github/workflows/conventional-commits.yml @@ -13,5 +13,5 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@v4 - - uses: webiny/action-conventional-commits@v1.3.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 + - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0 https://github.com/webiny/action-conventional-commits/releases/tag/v1.3.0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e57890c..9ebf7f3 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,27 +19,27 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 - - uses: docker/setup-buildx-action@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 + - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0 with: username: blinklabs password: ${{ secrets.DOCKER_PASSWORD }} # uses token - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 https://github.com/actions/cache/releases/tag/v4.2.3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-${{ runner.arch }}-buildx- - id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: | ${{ env.DOCKER_IMAGE_NAME }} @@ -55,7 +55,7 @@ jobs: # semver type=semver,pattern={{version}} - name: push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0 with: context: . push: true @@ -86,27 +86,27 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 - - uses: docker/setup-buildx-action@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 + - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0 with: username: blinklabs password: ${{ secrets.DOCKER_PASSWORD }} # uses token - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 https://github.com/actions/cache/releases/tag/v4.2.3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-${{ runner.arch }}-buildx- - id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: | ${{ env.DOCKER_IMAGE_NAME }} @@ -122,7 +122,7 @@ jobs: # semver type=semver,pattern={{version}} - name: push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0 with: context: . push: true @@ -154,22 +154,22 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 - - uses: docker/setup-buildx-action@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2 + - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0 with: username: blinklabs password: ${{ secrets.DOCKER_PASSWORD }} # uses token - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - id: meta-dockerhub name: Metadata - Docker Hub - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: ${{ env.DOCKER_IMAGE_NAME }} flavor: | @@ -183,7 +183,7 @@ jobs: type=semver,pattern={{version}} - id: meta-dockerhub-tag name: Metadata - Docker Hub (Tags) - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: | ${{ env.DOCKER_IMAGE_NAME }} @@ -194,7 +194,7 @@ jobs: type=match,pattern=v(.*)-(.*),group=1 - id: meta-ghcr name: Metadata - GHCR - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: ${{ env.GHCR_IMAGE_NAME }} flavor: | @@ -208,7 +208,7 @@ jobs: type=semver,pattern={{version}} - id: meta-ghcr-tag name: Metadata - GHCR (Tags) - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0 with: images: | ${{ env.GHCR_IMAGE_NAME }} @@ -278,7 +278,7 @@ jobs: # Update Docker Hub from README - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v4 + uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2 https://github.com/peter-evans/dockerhub-description/releases/tag/v4.0.2 with: username: blinklabs password: ${{ secrets.DOCKER_PASSWORD }} @@ -293,7 +293,7 @@ jobs: needs: [multi-arch-manifest] steps: - run: "echo \"RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV" - - uses: actions/github-script@v7 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/releases/tag/v7.0.1 if: startsWith(github.ref, 'refs/tags/') with: github-token: ${{ secrets.GITHUB_TOKEN }}