From 2872d3f4c3051cdf81ef0fd8a31582664905bf80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaros=C5=82aw=20Zywert?= Date: Fri, 30 Jan 2026 10:24:48 +0100 Subject: [PATCH] feature/ARCH-884 pin github actions tags to sha commits --- .github/workflows/release.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1f4ba65..16f8c42 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -40,13 +40,13 @@ jobs: if: needs.prepare.outputs.is_semver == 'true' steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Log in to registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -54,7 +54,7 @@ jobs: - name: Extract Docker metadata (tags, labels) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: | ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} @@ -62,7 +62,7 @@ jobs: type=ref,event=tag - name: Build and push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: context: . push: true @@ -74,10 +74,10 @@ jobs: needs: prepare if: needs.prepare.outputs.is_semver == 'true' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - - uses: astral-sh/setup-uv@v6 + - uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6 - name: Set version from tag run: | uv version "${{ needs.prepare.outputs.version }}" --no-sync