Merge pull request #124 from kondukto-io/develop

umrkt · web-flow · commit 97164a255103 · 2025-04-14T15:03:10.000+03:00
Pin actions to a full length commit SHA
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can check out the head.
@@ -29,15 +29,15 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@45775bd8235c68ba998cffa5171334d58593da47
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -51,4 +51,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47
diff --git a/.github/workflows/kondukto-gosec.yml b/.github/workflows/kondukto-gosec.yml
@@ -34,20 +34,20 @@ jobs:
 
       - name: Checkout Project
         id: checkout_project
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: master
 
       - name: Run Gosec Security Scanner
         id: run_gosec
-        uses: securego/gosec@master
+        uses: securego/gosec@955a68d0d19f4afb7503068f95059f7d0c529017
         with:
           # we let the report trigger content trigger a failure using the GitHub Security features.
           args: "-no-fail -fmt json -out results.json ./..."
 
       - name: Archive GoSec Scan Results
         id: archive_gosec_results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: results.json
           path: results.json
diff --git a/.github/workflows/kondukto-nancy.yml b/.github/workflows/kondukto-nancy.yml
@@ -34,14 +34,14 @@ jobs:
 
       - name: Checkout Project
         id: checkout_project
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           repository: kondukto-io/kdt
           ref: master
 
       - name: Setup Go
         id: setup_go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
         with:
           go-version: 1.23
           cache: true
@@ -56,7 +56,7 @@ jobs:
 
       - name: Archive Nancy Scan Results
         id: archive_nancy_results
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
         with:
           name: results.json
           path: results.json
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - name: Add SHORT_SHA env property
         id: set_short_sha_variable
@@ -32,7 +32,7 @@ jobs:
           echo "VERSION_TAG=${{ env.GIT_TAG }}" | cut -d '-' -f 1 >> $GITHUB_ENV  
 
       - name: Install Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
         with:
           go-version: 1.23.x
           cache: true
@@ -64,28 +64,28 @@ jobs:
 
       - name: Upload Release Assets
         id: upload-release-assets
-        uses: dwenegar/upload-release-assets@v1
+        uses: dwenegar/upload-release-assets@5bc3024cf83521df8ebfadf00ad0c4614fd59148
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           release_id: ${{ steps.create_release.outputs.id }}
           assets_path: ./_release/
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
 
       - name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build/Push Tags
         id: docker_build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
         with:
           context: .
           file: Dockerfile
@@ -101,7 +101,7 @@ jobs:
         run: echo ${{ steps.docker_build.outputs.digest }}
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
