@@ -19,27 +19,27 @@ jobs:
19
19
contents : read
20
20
packages : write
21
21
steps :
22
- - uses : actions/checkout@v4
23
- - uses : docker/setup-buildx-action@v3
22
+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2
23
+ - uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1
24
24
- name : Login to Docker Hub
25
- uses : docker/login-action@v3
25
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
26
26
with :
27
27
username : blinklabs
28
28
password : ${{ secrets.DOCKER_PASSWORD }} # uses token
29
29
- name : Login to GHCR
30
- uses : docker/login-action@v3
30
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
31
31
with :
32
32
registry : ghcr.io
33
33
username : ${{ github.actor }}
34
34
password : ${{ secrets.GITHUB_TOKEN }}
35
- - uses : actions/cache@v4
35
+ - uses : actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 https://github.com/actions/cache/releases/tag/v4.2.3
36
36
with :
37
37
path : /tmp/.buildx-cache
38
38
key : ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
39
39
restore-keys : |
40
40
${{ runner.os }}-${{ runner.arch }}-buildx-
41
41
- id : meta
42
- uses : docker/metadata-action@v5
42
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
43
43
with :
44
44
images : |
45
45
${{ env.DOCKER_IMAGE_NAME }}
53
53
# branch
54
54
type=ref,event=branch
55
55
- name : push
56
- uses : docker/build-push-action@v6
56
+ uses : docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0
57
57
with :
58
58
context : .
59
59
push : true
@@ -84,27 +84,27 @@ jobs:
84
84
contents : read
85
85
packages : write
86
86
steps :
87
- - uses : actions/checkout@v4
88
- - uses : docker/setup-buildx-action@v3
87
+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2
88
+ - uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1
89
89
- name : Login to Docker Hub
90
- uses : docker/login-action@v3
90
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
91
91
with :
92
92
username : blinklabs
93
93
password : ${{ secrets.DOCKER_PASSWORD }} # uses token
94
94
- name : Login to GHCR
95
- uses : docker/login-action@v3
95
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
96
96
with :
97
97
registry : ghcr.io
98
98
username : ${{ github.actor }}
99
99
password : ${{ secrets.GITHUB_TOKEN }}
100
- - uses : actions/cache@v4
100
+ - uses : actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 https://github.com/actions/cache/releases/tag/v4.2.3
101
101
with :
102
102
path : /tmp/.buildx-cache
103
103
key : ${{ runner.os }}-${{ runner.arch }}-buildx-${{ github.sha }}
104
104
restore-keys : |
105
105
${{ runner.os }}-${{ runner.arch }}-buildx-
106
106
- id : meta
107
- uses : docker/metadata-action@v5
107
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
108
108
with :
109
109
images : |
110
110
${{ env.DOCKER_IMAGE_NAME }}
@@ -118,7 +118,7 @@ jobs:
118
118
# branch
119
119
type=ref,event=branch
120
120
- name : push
121
- uses : docker/build-push-action@v6
121
+ uses : docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 https://github.com/docker/build-push-action/releases/tag/v6.18.0
122
122
with :
123
123
context : .
124
124
push : true
@@ -150,22 +150,22 @@ jobs:
150
150
contents : read
151
151
packages : write
152
152
steps :
153
- - uses : actions/checkout@v4
154
- - uses : docker/setup-buildx-action@v3
153
+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 https://github.com/actions/checkout/releases/tag/v4.2.2
154
+ - uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 https://github.com/docker/setup-buildx-action/releases/tag/v3.11.1
155
155
- name : Login to Docker Hub
156
- uses : docker/login-action@v3
156
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
157
157
with :
158
158
username : blinklabs
159
159
password : ${{ secrets.DOCKER_PASSWORD }} # uses token
160
160
- name : Login to GHCR
161
- uses : docker/login-action@v3
161
+ uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 https://github.com/docker/login-action/releases/tag/v3.4.0
162
162
with :
163
163
registry : ghcr.io
164
164
username : ${{ github.actor }}
165
165
password : ${{ secrets.GITHUB_TOKEN }}
166
166
- id : meta-dockerhub
167
167
name : Metadata - Docker Hub
168
- uses : docker/metadata-action@v5
168
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
169
169
with :
170
170
images : ${{ env.DOCKER_IMAGE_NAME }}
171
171
flavor : |
@@ -177,7 +177,7 @@ jobs:
177
177
type=ref,event=branch
178
178
- id : meta-dockerhub-tag
179
179
name : Metadata - Docker Hub (Tags)
180
- uses : docker/metadata-action@v5
180
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
181
181
with :
182
182
images : |
183
183
${{ env.DOCKER_IMAGE_NAME }}
@@ -188,7 +188,7 @@ jobs:
188
188
type=match,pattern=v(.*),group=1
189
189
- id : meta-ghcr
190
190
name : Metadata - GHCR
191
- uses : docker/metadata-action@v5
191
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
192
192
with :
193
193
images : ${{ env.GHCR_IMAGE_NAME }}
194
194
flavor : |
@@ -200,7 +200,7 @@ jobs:
200
200
type=ref,event=branch
201
201
- id : meta-ghcr-tag
202
202
name : Metadata - GHCR (Tags)
203
- uses : docker/metadata-action@v5
203
+ uses : docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 https://github.com/docker/metadata-action/releases/tag/v5.7.0
204
204
with :
205
205
images : |
206
206
${{ env.GHCR_IMAGE_NAME }}
@@ -270,7 +270,7 @@ jobs:
270
270
# Update Docker Hub from README
271
271
272
272
- name : Docker Hub Description
273
- uses : peter-evans/dockerhub-description@v4
273
+ uses : peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4.0.2 https://github.com/peter-evans/dockerhub-description/releases/tag/v4.0.2
274
274
with :
275
275
username : blinklabs
276
276
password : ${{ secrets.DOCKER_PASSWORD }}
@@ -285,7 +285,7 @@ jobs:
285
285
needs : [multi-arch-manifest]
286
286
steps :
287
287
- run : " echo \" RELEASE_TAG=${GITHUB_REF#refs/tags/}\" >> $GITHUB_ENV"
288
- - uses : actions/github-script@v7
288
+ - uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 https://github.com/actions/github-script/releases/tag/v7.0.1
289
289
if : startsWith(github.ref, 'refs/tags/')
290
290
with :
291
291
github-token : ${{ secrets.GITHUB_TOKEN }}
0 commit comments