From 7bfbf69dd59e3fbea7b2b45a0741980655738e53 Mon Sep 17 00:00:00 2001 From: Luca Guerra Date: Fri, 19 Jul 2024 13:03:20 +0000 Subject: [PATCH] cleanup(ci): pin deps to hashes Signed-off-by: Luca Guerra --- .github/workflows/ci.yml | 2 +- .github/workflows/create-comment-kernel-testing.yml | 6 +++--- .github/workflows/create-comment-perf.yml | 6 +++--- .github/workflows/drivers_ci.yml | 4 ++-- .github/workflows/e2e_ci.yml | 6 +++--- .github/workflows/perf.yml | 4 ++-- .github/workflows/reusable_kernel_tests.yaml | 2 +- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 522df865bf..4c999a13e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,7 +71,7 @@ jobs: apk add g++ gcc cmake make git bash perl linux-headers autoconf automake m4 libtool elfutils-dev libelf-static patch binutils bpftool clang - name: Checkout Libs ⤵️ - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 diff --git a/.github/workflows/create-comment-kernel-testing.yml b/.github/workflows/create-comment-kernel-testing.yml index f939c00064..e42a056fbc 100644 --- a/.github/workflows/create-comment-kernel-testing.yml +++ b/.github/workflows/create-comment-kernel-testing.yml @@ -15,7 +15,7 @@ jobs: if: github.event.workflow_run.event == 'pull_request' steps: - name: 'Download artifact' - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ @@ -39,7 +39,7 @@ jobs: run: unzip pr.zip - name: 'Comment on PR' - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -51,4 +51,4 @@ jobs: repo: context.repo.repo, issue_number: issue_number, body: comment_body.toString('utf8') - }); \ No newline at end of file + }); diff --git a/.github/workflows/create-comment-perf.yml b/.github/workflows/create-comment-perf.yml index c6a4a83560..3f3dfe902c 100644 --- a/.github/workflows/create-comment-perf.yml +++ b/.github/workflows/create-comment-perf.yml @@ -15,7 +15,7 @@ jobs: if: github.event.workflow_run.event == 'pull_request' steps: - name: 'Download artifact' - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ @@ -39,7 +39,7 @@ jobs: run: unzip pr.zip - name: 'Comment on PR' - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -51,4 +51,4 @@ jobs: repo: context.repo.repo, issue_number: issue_number, body: comment_body.toString('utf8') - }); \ No newline at end of file + }); diff --git a/.github/workflows/drivers_ci.yml b/.github/workflows/drivers_ci.yml index c099b21a88..ec1fc5b357 100644 --- a/.github/workflows/drivers_ci.yml +++ b/.github/workflows/drivers_ci.yml @@ -186,7 +186,7 @@ jobs: - name: Build and test drivers on ppc64le node via ssh if: needs.paths-filter.outputs.driver == 'true' || needs.paths-filter.outputs.libscap == 'true' || needs.paths-filter.outputs.libpman == 'true' - uses: appleboy/ssh-action@v1.0.3 + uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 # v1.0.3 with: host: ${{ secrets.PPC64LE_HOST }} username: ${{ secrets.PPC64LE_USERNAME }} @@ -385,7 +385,7 @@ jobs: echo "" - name: Upload PR info as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 with: name: pr-kernel-testing path: pr/ diff --git a/.github/workflows/e2e_ci.yml b/.github/workflows/e2e_ci.yml index b8ebd154a3..95f7fbcfb2 100644 --- a/.github/workflows/e2e_ci.yml +++ b/.github/workflows/e2e_ci.yml @@ -74,7 +74,7 @@ jobs: sudo apt install -y --no-install-recommends linux-headers-$(uname -r) gcc-multilib g++-multilib - name: Run sccache-cache - uses: mozilla-actions/sccache-action@v0.0.4 + uses: mozilla-actions/sccache-action@2e7f9ec7921547d4b46598398ca573513895d0bd # v0.0.4 - name: Build e2e tests 🏗️ env: @@ -100,7 +100,7 @@ jobs: cd .. - name: Cache build - uses: actions/cache/save@v4.0.2 + uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 if: always() id: cache with: @@ -124,7 +124,7 @@ jobs: - name: Restore build id: cache - uses: actions/cache/restore@v4.0.2 + uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: build key: build-e2e-${{ matrix.arch }}-${{ github.run_id }} diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index 78c44f8142..92b7342570 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -20,7 +20,7 @@ jobs: uses: ./.github/actions/composite-perf - name: Download latest master report - uses: dawidd6/action-download-artifact@v6 + uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11 # v6 with: branch: master event: push @@ -79,7 +79,7 @@ jobs: echo "" - name: Upload PR info as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 with: name: pr-perf path: pr/ diff --git a/.github/workflows/reusable_kernel_tests.yaml b/.github/workflows/reusable_kernel_tests.yaml index 9139af94dc..59ffb5d9de 100644 --- a/.github/workflows/reusable_kernel_tests.yaml +++ b/.github/workflows/reusable_kernel_tests.yaml @@ -38,7 +38,7 @@ jobs: architecture: [X64, ARM64] runs-on: [ "self-hosted", "linux", "${{matrix.architecture}}" ] steps: - - uses: falcosecurity/kernel-testing@v0.3.2 + - uses: falcosecurity/kernel-testing@f8f0b498e3d2b08e70b8e82f55447ff84f9c43b2 # v0.3.2 id: kernel_tests with: libsversion: ${{ inputs.libsversion }}