Skip to content

Commit d15fd3a

Browse files
pavelzwpavelzw
authored
pin actions by sha
1 parent 4fb136c commit d15fd3a

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

.github/workflows/build.yml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ jobs:
1818
version-changed: ${{ steps.version-metadata.outputs.changed }}
1919
new-version: ${{ steps.version-metadata.outputs.newVersion }}
2020
steps:
21-
- uses: actions/checkout@v4
22-
- uses: Quantco/ui-actions/version-metadata@v1
21+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
22+
- uses: Quantco/ui-actions/version-metadata@cd71d2a0e30b25569f6d723e57acca83347e58fc # v1.0.18
2323
id: version-metadata
2424
with:
2525
file: Dockerfile
@@ -64,7 +64,7 @@ jobs:
6464
- nvidia/cuda:11.2.2-base-ubuntu20.04
6565
steps:
6666
- name: Checkout source
67-
uses: actions/checkout@v4
67+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
6868
- name: Set image variables
6969
id: image-variables
7070
env:
@@ -99,7 +99,7 @@ jobs:
9999
shell: python
100100
- name: Get docker metadata
101101
id: metadata
102-
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96
102+
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
103103
with:
104104
images: |-
105105
ghcr.io/prefix-dev/pixi
@@ -114,16 +114,16 @@ jobs:
114114
type=semver,pattern={{version}},enable=${{ steps.image-variables.outputs.is-default }},value=${{ needs.version.outputs.new-version }},priority=800
115115
type=semver,pattern={{version}}-${{ steps.image-variables.outputs.tag }},value=${{ needs.version.outputs.new-version }},priority=500
116116
- name: Setup docker buildx
117-
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
117+
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
118118
- name: Login to GHCR
119-
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
119+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
120120
with:
121121
registry: ghcr.io
122122
username: ${{ github.actor }}
123123
password: ${{ secrets.GITHUB_TOKEN }}
124124
- name: Build Docker images
125125
id: build
126-
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
126+
uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
127127
with:
128128
# provenance: false is needed to avoid unkown/unknown os/arch on ghcr
129129
# see: https://github.com/docker/build-push-action/issues/820
@@ -134,7 +134,7 @@ jobs:
134134
BASE_IMAGE=${{ matrix.base-image }}
135135
tags: ${{ steps.metadata.outputs.tags }}
136136
labels: ${{ steps.metadata.outputs.labels }}
137-
- uses: actions/upload-artifact@v4
137+
- uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
138138
with:
139139
name: ${{ steps.image-variables.outputs.tag }}
140140
path: ${{ steps.metadata.outputs.bake-file }}
@@ -159,13 +159,13 @@ jobs:
159159
contents: write
160160
if: needs.version.outputs.push == 'true'
161161
steps:
162-
- uses: actions/checkout@v4
162+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
163163
- name: Push ${{ needs.version.outputs.new-version }} tag
164164
run: |
165165
git tag ${{ needs.version.outputs.new-version }}
166166
git push origin ${{ needs.version.outputs.new-version }}
167167
- name: Create release
168-
uses: softprops/action-gh-release@v2
168+
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
169169
with:
170170
generate_release_notes: true
171171
tag_name: ${{ needs.version.outputs.new-version }}

0 commit comments

Comments
 (0)