Skip to content

Commit 3dcb113

Browse files
dmihalcik-virtrudmihalcik-virtru
authored
chore(ci): Pin github actions (#517)
1 parent a240d66 commit 3dcb113

File tree

4 files changed

+58
-44
lines changed

4 files changed

+58
-44
lines changed

.github/workflows/build.yaml

+42-28
Original file line numberDiff line numberDiff line change
@@ -59,17 +59,17 @@ jobs:
5959
working-directory: ./lib
6060
timeout-minutes: 5
6161
steps:
62-
- uses: actions/checkout@v4
62+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
6363
with:
6464
fetch-depth: ${{ !fromJSON(env.do_sonarscan) && 1 || 0 }}
65-
- uses: actions/setup-node@v4
65+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
6666
with:
6767
node-version: '22'
6868
cache: 'npm'
6969
cache-dependency-path: './lib/package-lock.json'
7070
- run: npm ci
7171
- run: npm test
72-
- uses: fingerprintjs/action-coverage-report-md@v2
72+
- uses: fingerprintjs/action-coverage-report-md@72dfb7de7581612640a8e599e918b2eda98f9bba #v2.0.1
7373
id: coverage-md
7474
with:
7575
srcBasePath: './'
@@ -81,13 +81,13 @@ jobs:
8181
- run: npm run license-check
8282
- run: npm run lint
8383
- run: npm pack
84-
- uses: actions/upload-artifact@v4
84+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
8585
with:
8686
name: opentdf-sdk-lib
8787
path: ./lib/opentdf-sdk-*.tgz
8888
- name: SonarCloud Scan
8989
if: fromJSON(env.do_sonarscan)
90-
uses: SonarSource/sonarqube-scan-action@v5.0.0
90+
uses: SonarSource/sonarqube-scan-action@0303d6b62e310685c0e34d0b9cde218036885c4d #v5.0.0
9191
env:
9292
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9393
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -101,13 +101,13 @@ jobs:
101101
working-directory: ./cli
102102
timeout-minutes: 5
103103
steps:
104-
- uses: actions/checkout@v4
105-
- uses: actions/setup-node@v4
104+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
105+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
106106
with:
107107
node-version: '22'
108108
cache: 'npm'
109109
cache-dependency-path: './cli/package-lock.json'
110-
- uses: actions/download-artifact@v4
110+
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
111111
with:
112112
name: opentdf-sdk-lib
113113
path: lib/
@@ -120,7 +120,7 @@ jobs:
120120
- name: Setup Bats and bats libs
121121
uses: bats-core/bats-action@3.0.0
122122
- run: bats bin/opentdf.bats
123-
- uses: actions/upload-artifact@v4
123+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
124124
with:
125125
name: opentdf-ctl
126126
path: ./cli/opentdf-ctl-*.tgz
@@ -134,13 +134,13 @@ jobs:
134134
working-directory: ./web-app
135135
timeout-minutes: 5
136136
steps:
137-
- uses: actions/checkout@v4
138-
- uses: actions/setup-node@v4
137+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
138+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
139139
with:
140140
node-version: '22'
141141
cache: 'npm'
142142
cache-dependency-path: './web-app/package-lock.json'
143-
- uses: actions/download-artifact@v4
143+
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
144144
with:
145145
name: opentdf-sdk-lib
146146
path: lib/
@@ -160,7 +160,7 @@ jobs:
160160
working-directory: .github/workflows
161161
timeout-minutes: 5
162162
steps:
163-
- uses: actions/checkout@v4
163+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
164164
- name: 🦇🦇🦇🦇🦇🦇
165165
run: docker run --rm -v "$PWD:/mnt" --workdir "/mnt" bats/bats:1.11.0 *.bats
166166
- name: 🦪 ✔ 🧼🧼🧼
@@ -179,28 +179,42 @@ jobs:
179179
working-directory: .github/workflows/roundtrip
180180
timeout-minutes: 45
181181
steps:
182-
- uses: actions/checkout@v4
183-
- uses: actions/setup-node@v4
182+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
183+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
184184
with:
185185
node-version: '22'
186186
cache: 'npm'
187187
cache-dependency-path: './web-app/package-lock.json'
188-
- uses: actions/download-artifact@v4
188+
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
189189
with:
190190
name: opentdf-sdk-lib
191191
path: lib/
192-
- uses: actions/download-artifact@v4
192+
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
193193
with:
194194
name: opentdf-ctl
195195
path: cli/
196-
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
197-
with:
198-
go-version: '1.22'
199196
- name: Git clone backend
200-
run: |
201-
git clone --depth 1 https://github.com/opentdf/platform.git
197+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
198+
with:
199+
path: .github/workflows/roundtrip/platform
200+
repository: opentdf/platform
201+
- uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b #v5.4.0
202+
with:
203+
go-version-file: .github/workflows/roundtrip/platform/service/go.mod
204+
check-latest: false
205+
cache-dependency-path: |
206+
.github/workflows/roundtrip/platform/lib/fixtures/go.sum
207+
.github/workflows/roundtrip/platform/lib/ocrypto/go.sum
208+
.github/workflows/roundtrip/platform/protocol/go/go.sum
209+
.github/workflows/roundtrip/platform/sdk/go.sum
210+
.github/workflows/roundtrip/platform/service/go.sum
211+
- run: find ./ -name go.mod
212+
- name: go configure backend
213+
run: |-
202214
go work init
203-
for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do go work use "$x"; done
215+
for x in platform/{protocol/go,lib/{fixtures,ocrypto},sdk,service}; do
216+
go work use "$x"
217+
done
204218
- run: docker compose up -d --wait --wait-timeout 240
205219
- env:
206220
PLAYWRIGHT_TESTS_TO_RUN: roundtrip
@@ -235,8 +249,8 @@ jobs:
235249
DIST_TAG: ${{ steps.guess-build-metadata.outputs.DIST_TAG }}
236250
TARGET_VERSION: ${{ steps.check-version.outputs.TARGET_VERSION }}
237251
steps:
238-
- uses: actions/checkout@v4
239-
- uses: actions/setup-node@v4
252+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
253+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
240254
with:
241255
node-version: '22'
242256
registry-url: https://npm.pkg.github.com
@@ -270,7 +284,7 @@ jobs:
270284
- run: echo "- [Client Library](https://github.com/opentdf/web-sdk/pkgs/npm/client)">>$GITHUB_STEP_SUMMARY
271285
- run: echo "- [Command Line Tool](https://github.com/opentdf/web-sdk/pkgs/npm/cli)">>$GITHUB_STEP_SUMMARY
272286
- name: Publish documentation to gh-pages
273-
uses: JamesIves/github-pages-deploy-action@v4.7.3
287+
uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 #v4.7.3
274288
with:
275289
branch: gh-pages
276290
folder: lib/dist/docs
@@ -285,8 +299,8 @@ jobs:
285299
(github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/')) ||
286300
(github.event_name == 'release' && startsWith(github.ref, 'refs/tags/sdk/v'))
287301
steps:
288-
- uses: actions/checkout@v4
289-
- uses: actions/setup-node@v4
302+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
303+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
290304
with:
291305
node-version: '22'
292306
registry-url: 'https://registry.npmjs.org'

.github/workflows/codeql.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323

2424
steps:
2525
- name: Checkout repository
26-
uses: actions/checkout@v4
26+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
2727

2828
- name: Initialize the CodeQL tools for scanning
2929
uses: github/codeql-action/init@v3

.github/workflows/format.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@ jobs:
55
format:
66
runs-on: ubuntu-latest
77
steps:
8-
- uses: actions/checkout@v4
9-
- uses: actions/setup-node@v4
8+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
9+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
1010
with:
1111
node-version: '22'
1212
cache: 'npm'
@@ -24,14 +24,14 @@ jobs:
2424
- name: Commit changes
2525
id: auto-commit
2626
if: ${{ github.event.pull_request.head.repo.full_name == 'opentdf/web-sdk' }}
27-
uses: stefanzweifel/git-auto-commit-action@v5
27+
uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 #v5.1.0
2828
with:
2929
commit_message: |-
3030
🤖 🎨 Autoformat
3131
3232
- name: Suggest user signoff
3333
if: steps.auto-commit.outputs.changes_detected == 'true'
34-
uses: actions/github-script@v7
34+
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1
3535
with:
3636
github-token: ${{ secrets.GITHUB_TOKEN }}
3737
script: |

.github/workflows/large-tests.yaml

+11-11
Original file line numberDiff line numberDiff line change
@@ -11,23 +11,23 @@ jobs:
1111
working-directory: ./lib
1212
timeout-minutes: 5
1313
steps:
14-
- uses: actions/checkout@v4
15-
- uses: actions/setup-node@v4
14+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
15+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
1616
with:
1717
node-version: '22'
1818
cache: 'npm'
1919
cache-dependency-path: './lib/package-lock.json'
2020
- run: npm ci
2121
- run: npm test
22-
- uses: actions/upload-artifact@v4
22+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
2323
with:
2424
name: coverage
2525
path: lib/coverage/
2626
- run: npm audit --omit dev --audit-level moderate
2727
- run: npm run license-check
2828
- run: npm run lint
2929
- run: npm pack
30-
- uses: actions/upload-artifact@v4
30+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
3131
with:
3232
name: opentdf-sdk-lib
3333
path: ./lib/opentdf-sdk-*.tgz
@@ -41,13 +41,13 @@ jobs:
4141
working-directory: ./cli
4242
timeout-minutes: 5
4343
steps:
44-
- uses: actions/checkout@v4
45-
- uses: actions/setup-node@v4
44+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
45+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
4646
with:
4747
node-version: '22'
4848
cache: 'npm'
4949
cache-dependency-path: './cli/package-lock.json'
50-
- uses: actions/download-artifact@v4
50+
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
5151
with:
5252
name: opentdf-sdk-lib
5353
path: lib/
@@ -57,7 +57,7 @@ jobs:
5757
- run: npm run license-check
5858
- run: npm run lint
5959
- run: npm pack
60-
- uses: actions/upload-artifact@v4
60+
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
6161
with:
6262
name: opentdf-ctl
6363
path: ./cli/opentdf-ctl-*.tgz
@@ -71,13 +71,13 @@ jobs:
7171
working-directory: ./web-app
7272
timeout-minutes: 5
7373
steps:
74-
- uses: actions/checkout@v4
75-
- uses: actions/setup-node@v4
74+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
75+
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e #v4.3.0
7676
with:
7777
node-version: '22'
7878
cache: 'npm'
7979
cache-dependency-path: './web-app/package-lock.json'
80-
- uses: actions/download-artifact@v4
80+
- uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e #v4.2.1
8181
with:
8282
name: opentdf-sdk-lib
8383
path: lib/

0 commit comments

Comments
 (0)