From 746c20aed6b31c2750d979d410ef2485f3844d8f Mon Sep 17 00:00:00 2001 From: Richard Cox Date: Mon, 30 Mar 2026 14:36:04 +0100 Subject: [PATCH 1/2] Pin GH Actions to commit sha --- .github/workflows/build-release.yaml | 10 +++++----- .github/workflows/pr-build-check.yaml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index adbbb25..1daa6bf 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -16,7 +16,7 @@ jobs: contents: 'read' id-token: 'write' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 1 @@ -25,19 +25,19 @@ jobs: run: ./scripts/build - name: Get gcs auth - uses: rancher-eio/read-vault-secrets@main + uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3 with: secrets: | secret/data/github/repo/${{ github.repository }}/google-auth/rancher/credentials token | GOOGLE_AUTH - name: Apply gcs auth # https://github.com/google-github-actions/auth - uses: 'google-github-actions/auth@v2' + uses: 'google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2' with: credentials_json: "${{ env.GOOGLE_AUTH }}" - name: Upload build - uses: 'google-github-actions/upload-cloud-storage@v2' + uses: 'google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2' with: path: dist/${{steps.build.outputs.VERSION}} # Example - https://releases.rancher.com/ui/2.8.0.tar.gz @@ -48,7 +48,7 @@ jobs: process_gcloudignore: false - name: Upload tar - uses: 'google-github-actions/upload-cloud-storage@v2' + uses: 'google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2' # https://github.com/google-github-actions/upload-cloud-storage with: path: dist/${{steps.build.outputs.VERSION}}.tar.gz diff --git a/.github/workflows/pr-build-check.yaml b/.github/workflows/pr-build-check.yaml index 626c15e..5d108e3 100644 --- a/.github/workflows/pr-build-check.yaml +++ b/.github/workflows/pr-build-check.yaml @@ -9,9 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - name: Setup Node.js - uses: actions/setup-node@v2 + uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2 with: node-version: '16.x' - name: Validate build From 98840e5b702c39d5bcbc45c790d743a880eee69a Mon Sep 17 00:00:00 2001 From: Richard Cox <18697775+richard-cox@users.noreply.github.com> Date: Mon, 30 Mar 2026 14:38:02 +0100 Subject: [PATCH 2/2] Fix formatting issues in build-release.yaml --- .github/workflows/build-release.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-release.yaml b/.github/workflows/build-release.yaml index 1daa6bf..d2a1af2 100644 --- a/.github/workflows/build-release.yaml +++ b/.github/workflows/build-release.yaml @@ -32,12 +32,12 @@ jobs: - name: Apply gcs auth # https://github.com/google-github-actions/auth - uses: 'google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2' + uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2 with: credentials_json: "${{ env.GOOGLE_AUTH }}" - name: Upload build - uses: 'google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2' + uses: google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2 with: path: dist/${{steps.build.outputs.VERSION}} # Example - https://releases.rancher.com/ui/2.8.0.tar.gz @@ -48,7 +48,7 @@ jobs: process_gcloudignore: false - name: Upload tar - uses: 'google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2' + uses: google-github-actions/upload-cloud-storage@c0f6160ff80057923ff50e5e567695cea181ec23 # v2 # https://github.com/google-github-actions/upload-cloud-storage with: path: dist/${{steps.build.outputs.VERSION}}.tar.gz