diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml index b4a933cbd..65f9bcfbb 100644 --- a/.github/workflows/php.yml +++ b/.github/workflows/php.yml @@ -88,10 +88,10 @@ jobs: - project: 'Instrumentation/Session' php-version: 8.1 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: ${{ matrix.php-version }} coverage: xdebug @@ -102,7 +102,7 @@ jobs: - name: Cache Composer packages id: composer-cache - uses: actions/cache@v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: src/${{ matrix.project }}/vendor key: ${{ runner.os }}-${{ matrix.php-version }}-php-${{ hashFiles('**/composer.json') }} @@ -139,7 +139,7 @@ jobs: run: vendor/bin/phpstan analyse --error-format=github - name: Start MongoDB - uses: supercharge/mongodb-github-action@1.12.0 + uses: supercharge/mongodb-github-action@90004df786821b6308fb02299e5835d0dae05d0d # 1.12.0 if: ${{ matrix.project == 'Instrumentation/MongoDB' }} with: mongodb-version: 6.0 @@ -174,7 +174,7 @@ jobs: run: vendor/bin/phpunit --testsuite integration,unit --coverage-text --coverage-clover=coverage.clover - name: Code Coverage - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5 # only generate coverage against the latest PHP version if: ${{ matrix.php-version == '8.4' }} with: diff --git a/.github/workflows/split_monorepo.yaml b/.github/workflows/split_monorepo.yaml index 69fdef7de..65d124fa2 100644 --- a/.github/workflows/split_monorepo.yaml +++ b/.github/workflows/split_monorepo.yaml @@ -21,7 +21,7 @@ jobs: - name: checkout run: git clone "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" "$GITHUB_WORKSPACE" && cd "$GITHUB_WORKSPACE" && git checkout $GITHUB_SHA - name: Split repositories - uses: docker://jderusse/gitsplit:latest + uses: docker://jderusse/gitsplit:latest@sha256:ca619e08d0608d7ab8067be02db13409ec63a0e241c6308be42593f0c0ac705d with: args: gitsplit env: diff --git a/.github/workflows/update-dependabot-config.yml b/.github/workflows/update-dependabot-config.yml index e7911f993..617b53a42 100644 --- a/.github/workflows/update-dependabot-config.yml +++ b/.github/workflows/update-dependabot-config.yml @@ -18,10 +18,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - name: Set up PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@bf6b4fbd49ca58e4608c9c89fba0b8d90bd2a39f # v2 with: php-version: '8.2' extensions: json diff --git a/docker-compose.yaml b/docker-compose.yaml index a41f04f55..c41e57b60 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -17,11 +17,11 @@ services: POSTGRESQL_HOST: ${POSTGRESQL_HOST:-postgresql} zipkin: - image: openzipkin/zipkin-slim + image: openzipkin/zipkin-slim@sha256:d951994017185bce1c859b62e13adf640e26c37e08b90ca2e4de2669dc1aad87 ports: - 9411:9411 jaeger: - image: jaegertracing/all-in-one + image: jaegertracing/all-in-one@sha256:c87fc1d9b22766284168abb2ac57ac2160dfc26484e4f965ff2dcc6b849b263a environment: COLLECTOR_ZIPKIN_HOST_PORT: 9412 ports: @@ -29,13 +29,13 @@ services: - 16686:16686 collector: - image: otel/opentelemetry-collector-contrib + image: otel/opentelemetry-collector-contrib@sha256:4a951ff0a9772f4fa8e9c7a326434370301b98b2b813933468dcb54aa6a6b5e5 command: [ "--config=/etc/otel-collector-config.yml" ] volumes: - ./files/collector/otel-collector-config.yml:/etc/otel-collector-config.yml rabbitmq: - image: rabbitmq:3 + image: rabbitmq:3@sha256:923989f8408378579f1de69a0721f05a575a134a6763ac5c74248cc1325095f4 hostname: rabbitmq healthcheck: test: rabbitmq-diagnostics -q ping @@ -45,7 +45,7 @@ services: ports: - "5672:5672/tcp" kafka: - image: confluentinc/cp-kafka:7.2.1 + image: confluentinc/cp-kafka:7.2.1@sha256:7494848da233258a5fae32abac99b7befee3c089b8d4da039420ac403920118b hostname: kafka ports: - "9092:9092/tcp" @@ -63,13 +63,13 @@ services: - ./docker/kafka/update_run.sh:/tmp/update_run.sh mongodb: - image: mongo:4 + image: mongo:4@sha256:52c42cbab240b3c5b1748582cc13ef46d521ddacae002bbbda645cebed270ec0 hostname: mongodb ports: - "27017:27017/tcp" mysql: - image: mysql:8.0 + image: mysql:8.0@sha256:f37951fc3753a6a22d6c7bf6978c5e5fefcf6f31814d98c582524f98eae52b21 hostname: mysql ports: - "3306:3306/tcp" @@ -87,7 +87,7 @@ services: - ./docker/mysql/init.sql:/docker-entrypoint-initdb.d/init.sql postgresql: - image: postgres:17.5 + image: postgres:17.5@sha256:aadf2c0696f5ef357aa7a68da995137f0cf17bad0bf6e1f17de06ae5c769b302 hostname: postgresql ports: - "5432:5432/tcp" diff --git a/docker/gitsplit/docker-compose.yaml b/docker/gitsplit/docker-compose.yaml index 039de971f..c405d7f73 100644 --- a/docker/gitsplit/docker-compose.yaml +++ b/docker/gitsplit/docker-compose.yaml @@ -1,7 +1,7 @@ version: '3.7' services: gitsplit: - image: jderusse/gitsplit + image: jderusse/gitsplit@sha256:ca619e08d0608d7ab8067be02db13409ec63a0e241c6308be42593f0c0ac705d volumes: - ../../:/srv - ../../var/cache/gitsplit:/cache/gitsplit diff --git a/src/AutoInstrumentationInstaller/Dockerfile b/src/AutoInstrumentationInstaller/Dockerfile index a6b605515..1e79949ca 100644 --- a/src/AutoInstrumentationInstaller/Dockerfile +++ b/src/AutoInstrumentationInstaller/Dockerfile @@ -1,5 +1,5 @@ -FROM composer:2 as composer -FROM php:8.2 +FROM composer:2@sha256:3ca62a8176c743eebef305ac2b93094a733dd5a34b5c1e3d3cf6cbbbd0792649 as composer +FROM php:8.2@sha256:85237f2abcd63e3d584664f0cb398eb619aa1a205b7152cb4cb6d3e929573ad2 WORKDIR /srv/app COPY --from=composer /usr/bin/composer /usr/local/bin/composer ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/