Skip to content

Commit 1fe3bc0

Browse files
lbroudouxlbroudoux
committed
chore: #127 Pin dependencies in pipeline and setup 'next' image tag
Signed-off-by: Laurent Broudoux <[email protected]>
1 parent b5d2890 commit 1fe3bc0

File tree

2 files changed

+21
-8
lines changed

2 files changed

+21
-8
lines changed

.github/workflows/build-verify.yml

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,13 @@ jobs:
2727
run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
2828

2929
- name: Checkout Code
30-
uses: actions/checkout@v4
30+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
3131

3232
- name: Setup Go
33-
uses: actions/setup-go@v5
33+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0
3434
with:
35-
go-version: '1.23.x'
35+
go-version-file: ./go.mod
36+
cache-dependency-path: ./go.sum
3637

3738
- name: Build Go packages
3839
run: |
@@ -44,24 +45,35 @@ jobs:
4445
set -x
4546
if [[ $GITHUB_REF == 'refs/heads/master' ]]; then
4647
echo "IMAGE_TAG=nightly" >> "$GITHUB_ENV"
48+
echo "IMAGE_TAG=nightly" >> "$GITHUB_OUTPUT"
4749
echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
50+
echo "PACKAGE_IMAGE=true" >> "$GITHUB_OUTPUT"
51+
elif [[ $GITHUB_REF == 'refs/heads/1.x' ]]; then
52+
echo "IMAGE_TAG=next" >> "$GITHUB_ENV"
53+
echo "IMAGE_TAG=next" >> "$GITHUB_OUTPUT"
54+
echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
55+
echo "PACKAGE_IMAGE=true" >> "$GITHUB_OUTPUT"
4856
elif [[ $GITHUB_REF == "refs/tags/$GITHUB_REF_NAME" ]]; then
4957
echo "IMAGE_TAG=$GITHUB_REF_NAME" >> "$GITHUB_ENV"
58+
echo "IMAGE_TAG=$GITHUB_REF_NAME" >> "$GITHUB_OUTPUT"
5059
echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
60+
echo "PACKAGE_IMAGE=true" >> "$GITHUB_OUTPUT"
5161
else
5262
echo "PACKAGE_IMAGE=false" >> "$GITHUB_ENV"
63+
echo "PACKAGE_IMAGE=false" >> "$GITHUB_OUTPUT"
5364
fi
5465
5566
- name: Install Cosign
56-
uses: sigstore/[email protected]
67+
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
68+
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
5769

5870
- name: Set up QEMU
5971
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
60-
uses: docker/setup-qemu-action@v3
72+
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
6173

6274
- name: Set up Docker Buildx
6375
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
64-
uses: docker/setup-buildx-action@v3
76+
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
6577

6678
- name: Login to Quay.io and Docker Hub registries and setup multi-arch builder
6779
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
@@ -73,7 +85,7 @@ jobs:
7385
7486
- name: Build and push container image for cli
7587
id: build-and-push
76-
uses: docker/[email protected]
88+
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
7789
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
7890
with:
7991
context: .
@@ -89,6 +101,7 @@ jobs:
89101
tags: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}},docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}
90102

91103
- name: Sign the image with GitHub OIDC Token
104+
if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
92105
env:
93106
DIGEST: ${{ steps.build-and-push.outputs.digest }}
94107
TAGS: quay.io/microcks/microcks-cli:${{env.IMAGE_TAG}} docker.io/microcks/microcks-cli:${{env.IMAGE_TAG}}

.github/workflows/release.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
id-token: write
2121
steps:
2222
- name: Checkout Code
23-
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4
23+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2424
with:
2525
ssh-key: ${{ secrets.RELEASE_DEPLOY_KEY }}
2626
fetch-depth: 0

0 commit comments

Comments
 (0)