diff --git a/.github/actions/configure_bazelrc/action.yaml b/.github/actions/configure_bazelrc/action.yaml index ad72a50bb..6e411ccc5 100644 --- a/.github/actions/configure_bazelrc/action.yaml +++ b/.github/actions/configure_bazelrc/action.yaml @@ -20,7 +20,7 @@ runs: bazelrc_tmp="${BAZELRC}.tmp" cp "${BAZELRC}" "${bazelrc_tmp}" echo "bazelrc_tmp=${bazelrc_tmp}" >> "$GITHUB_OUTPUT" - - uses: tweag/configure-bazel-remote-cache-auth@v0 + - uses: tweag/configure-bazel-remote-cache-auth@144b0b915f13a418f5eafe2f68d19564ec136c62 # v0.1.1 with: buildbuddy_api_key: ${{ inputs.buildbuddy_api_key }} bazelrc_path: ${{ steps.create_bazelrc_tmp.outputs.bazelrc_tmp }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a9329b4c9..b17b2d55a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,12 +24,12 @@ jobs: exit 1 fi - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: master # only create releases from main branch - name: Read section from CHANGELOG.md id: extract-changelog - uses: sean0x42/markdown-extract@v2 + uses: sean0x42/markdown-extract@4178293dd16a52514b6cb2c01f4d309d264b2736 # v2 with: file: CHANGELOG.md pattern: ${{ inputs.version }} diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index b0b8e21cd..706b5ba37 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -9,13 +9,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Install Nix - uses: cachix/install-nix-action@v30 + uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 with: extra_nix_config: | access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v24 + uses: DeterminateSystems/update-flake-lock@a2bbe0274e3a0c4194390a1e445f734c597ebc37 # v24 with: path-to-flake-dir: nix diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index d85c0568a..be27258c4 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -35,8 +35,8 @@ jobs: withNixRemote: true runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v30 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 with: nix_path: nixpkgs=./docs/nixpkgs.nix - uses: ./.github/actions/configure_bazelrc @@ -79,8 +79,8 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v30 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 with: nix_path: nixpkgs=./nixpkgs.nix - uses: ./.github/actions/configure_bazelrc @@ -136,7 +136,7 @@ jobs: popd - name: Build bazel-nix-python-container with Nix - uses: tweag/run-nix-shell@v0 + uses: tweag/run-nix-shell@0d73770bd05096508387d191649e5e858a3c2654 # v0.2.1 if: ${{ runner.os == 'Linux' }} with: pure: false @@ -144,7 +144,7 @@ jobs: run: bazel build :hello_image - name: Run bazel-nix-flakes-example with Nix - uses: tweag/run-nix-shell@v0 + uses: tweag/run-nix-shell@0d73770bd05096508387d191649e5e858a3c2654 # v0.2.1 if: ${{ runner.os == 'Linux' }} with: pure: false @@ -158,6 +158,6 @@ jobs: - test-examples if: ${{ always() }} steps: - - uses: cgrindel/gha_join_jobs@8a9736c29a7e5ebd9f3af2870f59cb6d563b6659 # v1 + - uses: cgrindel/gha_join_jobs@8a9736c29a7e5ebd9f3af2870f59cb6d563b6659 # v1.4.0 with: github_token: ${{ secrets.GITHUB_TOKEN }}