diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0521f87..9ea52db 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -93,14 +93,14 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_GIT_REF == '' with: submodules: recursive - name: Checkout code with reference id: checkout-code-ref - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_GIT_REF != '' with: submodules: recursive @@ -109,7 +109,7 @@ jobs: - if: env.GHA_DOCKER_BUILD_ARTIFACT_NAME != '' name: Download artifact ${{ env.GHA_DOCKER_BUILD_ARTIFACT_NAME }} id: download-artifact - uses: actions/download-artifact@v6 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ env.GHA_DOCKER_BUILD_ARTIFACT_NAME }} path: ${{ env.GHA_DOCKER_BUILD_ARTIFACT_PATH }} @@ -122,7 +122,7 @@ jobs: - name: Setup buildx id: setup-buildx - uses: docker/setup-buildx-action@v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Authenticate with the cloud provider id: auth @@ -137,7 +137,7 @@ jobs: - name: Build image id: build - uses: docker/build-push-action@v6.18.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: cache-from: type=gha cache-to: type=gha,mode=max @@ -153,7 +153,7 @@ jobs: - name: Save docker image to the artifact storage id: save-image - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ env.GHA_DOCKER_BUILD_IMAGE_NAME }} path: /tmp/${{ env.GHA_DOCKER_BUILD_IMAGE_NAME }}.tar @@ -185,7 +185,7 @@ jobs: - name: Save additional artifacts to the artifact storage if: inputs.additional_artifacts_paths != '' id: save-additional-artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ env.GHA_ADDITIONAL_ARTIFACTS_NAME }} path: /tmp/artifacts diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 855ea4a..dbb1222 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,14 +26,14 @@ jobs: env: HADOLINT_RESULTS: "" steps: - - uses: actions/checkout@v5 - - uses: hadolint/hadolint-action@v3.3.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 + - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 id: hadolint continue-on-error: true with: no-fail: true dockerfile: fixture/Dockerfile.bad - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "fixture/Dockerfile.bad:4 DL3000 error: Use absolute WORKDIR" actual: ${{ env.HADOLINT_RESULTS }} @@ -59,8 +59,8 @@ jobs: needs: test-lint-ok runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 - - uses: actions/upload-artifact@v5 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: build_artifact path: fixture/artifact.txt @@ -80,8 +80,8 @@ jobs: needs: test-lint-ok runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 - - uses: actions/upload-artifact@v5 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: build_artifact_additional path: | @@ -107,7 +107,7 @@ jobs: needs: test-build-ok-with-additional-artifacts runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "extras" actual: ${{ needs.test-build-ok-with-additional-artifacts.outputs.additional_artifacts }} @@ -132,7 +132,7 @@ jobs: needs: test-push-gcr-ok-with-tag runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-tag" actual: ${{ needs.test-push-gcr-ok-with-tag.outputs.image_tag }} @@ -151,7 +151,7 @@ jobs: needs: test-push-gcr-ok-with-multiple-tags runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-tag,ci-test-tag-2,ci-test-tag-3" actual: ${{ needs.test-push-gcr-ok-with-multiple-tags.outputs.all_image_tags }} @@ -169,7 +169,7 @@ jobs: needs: test-push-gcr-ok-with-git-ref runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: main actual: ${{ needs.test-push-gcr-ok-with-git-ref.outputs.image_tag }} @@ -185,7 +185,7 @@ jobs: runs-on: ubuntu-24.04 needs: test-build-ok-with-custom-image-name steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "custom_image_name" actual: ${{ needs.test-build-ok-with-custom-image-name.outputs.image_artifact }} @@ -204,7 +204,7 @@ jobs: runs-on: ubuntu-24.04 needs: test-push-acr-ok-with-tag steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-az-tag" actual: ${{ needs.test-push-acr-ok-with-tag.outputs.image_tag }} @@ -224,7 +224,7 @@ jobs: runs-on: ubuntu-24.04 needs: test-push-acr-ok-with-multiple-tags steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-az-tag,ci-test-az-tag-2,ci-test-az-tag-3" actual: ${{ needs.test-push-acr-ok-with-multiple-tags.outputs.all_image_tags }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5500bfd..9a2fc4a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,10 +26,10 @@ jobs: GHA_DOCKER_LINT_DOCKERFILE: ${{ inputs.dockerfile }} GHA_DOCKER_LINT_IGNORE: ${{ inputs.ignore }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 with: submodules: recursive - - uses: hadolint/hadolint-action@v3.3.0 + - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 with: dockerfile: ${{ env.GHA_DOCKER_LINT_DOCKERFILE }} ignore: ${{ env.GHA_DOCKER_LINT_IGNORE }} diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0dc0fcb..1d2df82 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -146,21 +146,21 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_DOCKER_PUSH_GIT_REF== '' with: submodules: recursive - name: Checkout code with reference id: checkout-code-ref - uses: actions/checkout@v5 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_DOCKER_PUSH_GIT_REF!= '' with: submodules: recursive ref: ${{ env.GHA_DOCKER_PUSH_GIT_REF}} - name: Download docker image from the artifact storage - uses: actions/download-artifact@v6 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ env.GHA_DOCKER_PUSH_IMAGE_NAME }} path: /tmp