diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0c79288..d0da9da 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout BATS - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: bats-core/bats-core ref: v1.11.0 @@ -17,12 +17,12 @@ jobs: sudo ./install.sh /usr/local - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Run tests run: bats test - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 18 @@ -44,4 +44,4 @@ jobs: npm run docs git status git diff --quiet || echo 'README is not up-to-date, run `npm install && npm run docs` to update.' - git diff --quiet || exit 1 \ No newline at end of file + git diff --quiet || exit 1 diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 77e3b53..80c770c 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -20,13 +20,13 @@ jobs: # The FOSSA token is shared between all repos in NeuVector's GH org. It can # be used directly and there is no need to request specific access to EIO. - name: Read FOSSA token - uses: rancher-eio/read-vault-secrets@main + uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3 with: secrets: | secret/data/github/org/neuvector/fossa/credentials token | FOSSA_API_KEY_PUSH_ONLY - name: FOSSA scan - uses: fossas/fossa-action@main + uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0 with: api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} # Only runs the scan and do not provide/returns any results back to the