Pin dependencies (#773)

renovate[bot] · web-flow · commit e354f0423d42 · 2025-05-16T15:35:46.000+02:00
Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/BuildAndTest.yml b/.github/workflows/BuildAndTest.yml
@@ -9,23 +9,23 @@ jobs:
   FormattingLint: 
     runs-on: macos-15
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1
       - name: SwiftFormat
         run: echo swiftformat --lint `git diff --name-only HEAD^1 HEAD` --reporter github-actions-log
 
   SwiftLint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1
       - name: GitHub Action for SwiftLint (Only files changed in the PR)
-        uses: norio-nomura/action-swiftlint@3.2.1
+        uses: norio-nomura/action-swiftlint@9f4dcd7fd46b4e75d7935cf2f4df406d5cae3684 # 3.2.1
         env:
           args: --strict
           DIFF_BASE: ${{ github.base_ref }}
   macOS:
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
     - name: Build and Test for macOS
       run: swift test --enable-code-coverage
     - name: Upload Code coverage
@@ -37,7 +37,7 @@ jobs:
   iOS:
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
     - name: Install Homebrew kegs
       run: make setup-brew
     - name: Build for iOS
@@ -47,7 +47,7 @@ jobs:
   tvOS:
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
     - name: Install Homebrew kegs
       run: make setup-brew
     - name: Build for tvOS
@@ -57,7 +57,7 @@ jobs:
   watchOS:
     runs-on: macos-15
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
     - name: Install Homebrew kegs
       run: make setup-brew
     - name: Build for watchOS
@@ -66,9 +66,9 @@ jobs:
       run: make test-without-building-watchos
   linux:
     runs-on: ubuntu-latest
-    container: swift:5.10
+    container: swift:5.10@sha256:6f788584d9b1ed6a4dc83ca224e3caf58c23530fa08dcf12a4a0e25893b20538
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2
       - name: Build tests for Linux
         run: swift build --build-tests
       - name: Run tests for Linux
diff --git a/.github/workflows/CodeQL-Analysis.yml b/.github/workflows/CodeQL-Analysis.yml
@@ -17,10 +17,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2
         with:
           languages: swift
           queries: security-and-quality
@@ -30,6 +30,6 @@ jobs:
         run: swift build
         
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2
         with:
           category: "/language:swift"
diff --git a/.github/workflows/Create-Release-PR.yml b/.github/workflows/Create-Release-PR.yml
@@ -12,7 +12,7 @@ jobs:
         contents: write
         pull-requests: write
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with: 
         ref: ${{ github.head_ref }}
     - name: update version file
@@ -43,7 +43,7 @@ jobs:
         sed -i -e  's/spec.version = ".*"/spec.version = "${{ inputs.new_version }}"/' OpenTelemetry-Swift-PersistenceExporter.podspec
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
       with:
         token: ${{ secrets.RELEASE_TOKEN }}
         branch: release/${{inputs.new_version}}
diff --git a/.github/workflows/PR-Release-Warning.yml b/.github/workflows/PR-Release-Warning.yml
@@ -19,7 +19,7 @@ jobs:
           fi
       - name: add comment if PR is release 
         if: steps.check-release.outputs.match == 'true'
-        uses: mshick/add-pr-comment@v2
+        uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2
         with:
           message: |
             **WARNING** : This PR will trigger a release and tag when merged.
diff --git a/.github/workflows/Tag-And-Release.yml b/.github/workflows/Tag-And-Release.yml
@@ -19,15 +19,15 @@ jobs:
       - name: Tag if release branch
         if: github.event.pull_request.merged != true || steps.check-release.outputs.match != 'true'
         run: exit 1
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           ref: ${{ github.event.pull_request.merge_commit_sha }}
           fetch-depth: '0'      
-      - uses: stefanzweifel/git-auto-commit-action@v5
+      - uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5
         with:
           commit_message: version bump to ${{ steps.check-release.outputs.version }}
           tagging_message: '${{ steps.check-release.outputs.version }}'
-      - uses: ncipollo/release-action@v1
+      - uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1
         with: 
           tag: ${{ steps.check-release.outputs.version }}
           prerelease: true
diff --git a/Examples/OTLP Exporter/docker-compose.yaml b/Examples/OTLP Exporter/docker-compose.yaml
@@ -2,7 +2,7 @@ version: "3"
 services:
   # Collector
   collector:
-    image: otel/opentelemetry-collector:0.62.1
+    image: otel/opentelemetry-collector:0.62.1@sha256:3252dd65794ce36f203c28819ae7df361d58bd47837beef5fdd5fb5282cd1576
 #    The latest image of the otel-collector may not work, so specifying the version that works with this release
 #    image: otel/opentelemetry-collector:latest
     command: ["--config=/conf/collector-config.yaml"]
@@ -17,14 +17,14 @@ services:
 
   # Zipkin
   zipkin-all-in-one:
-    image: openzipkin/zipkin:latest
+    image: openzipkin/zipkin:latest@sha256:bb570eb45c2994eaf32da783cc098b3d51d1095b73ec92919863d73d0a9eaafb
     ports:
       - "9411:9411"
 
   # Prometheus
   prometheus:
     container_name: prometheus
-    image: prom/prometheus:latest
+    image: prom/prometheus:latest@sha256:e2b8aa62b64855956e3ec1e18b4f9387fb6203174a4471936f4662f437f04405
     volumes:
       - ./prometheus.yaml:/etc/prometheus/prometheus.yml
     ports:
diff --git a/Examples/OTLP HTTP Exporter/docker-compose.yaml b/Examples/OTLP HTTP Exporter/docker-compose.yaml
@@ -2,7 +2,7 @@ version: "3"
 services:
   # Collector
   collector:
-    image: otel/opentelemetry-collector:latest
+    image: otel/opentelemetry-collector:latest@sha256:e02c9c8d05f282f696ae1c7122a9f06d938ce6aee78082adc35ac74bd998e3d0
 #    The latest image of the otel-collector may not work, so specifying the version that works with this release
 #    image: otel/opentelemetry-collector:latest
     command: ["--config=/conf/collector-config.yaml"]
@@ -18,14 +18,14 @@ services:
 
   # Zipkin
   zipkin-all-in-one:
-    image: openzipkin/zipkin:latest
+    image: openzipkin/zipkin:latest@sha256:bb570eb45c2994eaf32da783cc098b3d51d1095b73ec92919863d73d0a9eaafb
     ports:
       - "9411:9411"
 
   # Prometheus
   prometheus:
     container_name: prometheus
-    image: prom/prometheus:latest
+    image: prom/prometheus:latest@sha256:e2b8aa62b64855956e3ec1e18b4f9387fb6203174a4471936f4662f437f04405
     volumes:
       - ./prometheus.yaml:/etc/prometheus/prometheus.yml
     ports:
