Skip to content

Commit

Permalink
Pin All GitHub Actions (#1126)
Browse files Browse the repository at this point in the history
* Update and pin all github actions to hashes

* Linting
  • Loading branch information
TimPansino authored Apr 16, 2024
1 parent 649044c commit 3b46fad
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 57 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/build-ci-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,18 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
with:
persist-credentials: false
fetch-depth: 0

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # 3.3.0

- name: Generate Docker Metadata (Tags and Labels)
id: meta
uses: docker/metadata-action@v4
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # 5.5.1
with:
images: ghcr.io/${{ github.repository }}-ci
flavor: |
Expand All @@ -52,14 +52,14 @@ jobs:
- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # 3.1.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and Publish Image
uses: docker/build-push-action@v3
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # 5.3.0
with:
push: ${{ github.event_name != 'pull_request' }}
context: .github/containers
Expand Down
26 changes: 13 additions & 13 deletions .github/workflows/deploy-python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,16 +40,16 @@ jobs:
- cp312-musllinux

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
with:
persist-credentials: false
fetch-depth: 0

- name: Setup QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # 3.0.0

- name: Build Wheels
uses: pypa/cibuildwheel@v2.16.2
uses: pypa/cibuildwheel@8d945475ac4b1aac4ae08b2fd27db9917158b6ce # 2.17.0
env:
CIBW_PLATFORM: linux
CIBW_BUILD: "${{ matrix.wheel }}*"
Expand All @@ -59,7 +59,7 @@ jobs:
CIBW_TEST_COMMAND: "PYTHONPATH={project}/tests pytest {project}/tests/agent_unittests -vx"

- name: Upload Artifacts
uses: actions/upload-artifact@v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # 4.3.1
with:
name: ${{ github.job }}-${{ matrix.wheel }}
path: ./wheelhouse/*.whl
Expand All @@ -69,16 +69,16 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
with:
persist-credentials: false
fetch-depth: 0

- name: Setup QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # 3.0.0

- name: Build Wheels
uses: pypa/cibuildwheel@v1.12.0
uses: pypa/cibuildwheel@bf3a5590c9aeb9a7e4ff4025ef7400e0c6ad1248 # 1.12.0 (Last release to support Python 2)
env:
CIBW_PLATFORM: linux
CIBW_BUILD: cp27-manylinux_x86_64
Expand All @@ -88,7 +88,7 @@ jobs:
CIBW_TEST_COMMAND: "PYTHONPATH={project}/tests pytest {project}/tests/agent_unittests -vx"

- name: Upload Artifacts
uses: actions/upload-artifact@v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # 4.3.1
with:
name: ${{ github.job }}
path: ./wheelhouse/*.whl
Expand All @@ -97,7 +97,7 @@ jobs:
build-sdist:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
with:
persist-credentials: false
fetch-depth: 0
Expand All @@ -118,7 +118,7 @@ jobs:
openssl md5 -binary dist/${tarball} | xxd -p | tr -d '\n' > dist/${md5_file}
- name: Upload Artifacts
uses: actions/upload-artifact@v4.0.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # 4.3.1
with:
name: ${{ github.job }}-sdist
path: |
Expand All @@ -135,12 +135,12 @@ jobs:
- build-sdist

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
with:
persist-credentials: false
fetch-depth: 0

- uses: actions/setup-python@v2
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # 5.1.0
with:
python-version: "3.x"
architecture: x64
Expand All @@ -151,7 +151,7 @@ jobs:
pip install -U wheel setuptools twine
- name: Download Artifacts
uses: actions/download-artifact@v4.1.0
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # 4.1.4
with:
path: ./artifacts/

Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/mega-linter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
steps:
# Git Checkout
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
fetch-depth: 0
Expand All @@ -35,7 +35,7 @@ jobs:
id: ml
# You can override Mega-Linter flavor used to have faster performances
# More info at https://oxsecurity.github.io/megalinter/flavors/
uses: oxsecurity/megalinter/flavors/python@v6
uses: oxsecurity/megalinter/flavors/python@a7a0163b6c8ff7474a283d99a706e27483ddd80f # 7.10.0
env:
# All available variables are described in documentation
# https://oxsecurity.github.io/megalinter/configuration/
Expand All @@ -47,7 +47,7 @@ jobs:
# Upload Mega-Linter artifacts
- name: Archive production artifacts
if: ${{ success() }} || ${{ failure() }}
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # 4.3.1
with:
name: Mega-Linter reports
path: |
Expand All @@ -58,7 +58,7 @@ jobs:
- name: Create Pull Request with applied fixes
id: cpr
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
uses: peter-evans/create-pull-request@v3
uses: peter-evans/create-pull-request@c55203cfde3e5c11a452d352b4393e68b85b4533 # 6.0.3
with:
token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
commit-message: "[Mega-Linter] Apply linters automatic fixes"
Expand All @@ -76,7 +76,7 @@ jobs:
run: sudo chown -Rc $UID .git/
- name: Commit and push applied linter fixes
if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
uses: stefanzweifel/git-auto-commit-action@v4
uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # 5.0.1
with:
branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
commit_message: "[Mega-Linter] Apply linters fixes"
Loading

0 comments on commit 3b46fad

Please sign in to comment.