build(github): pin workflow actions dependencies

kanisterio · Sep 12, 2024 · 2e4687e · 2e4687e
1 parent 7f2f722
commit 2e4687e
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 17 deletions.
diff --git a/.github/workflows/build_docker.yaml b/.github/workflows/build_docker.yaml
@@ -47,7 +47,7 @@ jobs:
     - name: Set up QEMU
       uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
     - name: Login to GHCR
       uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
       with:
@@ -66,7 +66,7 @@ jobs:
           ${{ inputs.extra_tags }}
         labels: ${{ inputs.labels }}
     - name: Build and push
-      uses: docker/build-push-action@v6
+      uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0
       with:
         context: .
         file: ${{ inputs.image_file }}

diff --git a/.github/workflows/dependendy-review.yml b/.github/workflows/dependendy-review.yml
@@ -18,4 +18,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -75,7 +75,7 @@ jobs:
       run: echo "${{needs.gomod.outputs.gomod}}" > go.mod
     - name: restore_gosum
       run: echo "${{needs.gomod.outputs.gosum}}" > go.sum
-    - uses: helm/[email protected]
+    - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
     - run: |
         make install-csi-hostpath-driver
         make install-minio

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -91,15 +91,15 @@ jobs:
         export HELM_RELEASE_REPO_INDEX=https://charts.kanister.io/
         make package-helm VERSION=${RELEASE_TAG}
     - name: Free Disk Space (Ubuntu)
-      uses: jlumbroso/free-disk-space@main
+      uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1
     - name: gorelease
       run: make gorelease
       env:
         GHCR_LOGIN_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         GHCR_LOGIN_USER: ${{ github.actor }}
         GORELEASE_PARAMS: ${{ env.DRAFT_RELEASE == 'true' && '--draft' || '' }}
     ## Upload to use in docs publishing
-    - uses: actions/upload-artifact@v4
+    - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
       with:
         name: helm-index
         path: helm_package/index.yaml
@@ -116,17 +116,17 @@ jobs:
         with:
           ref: ${{ env.RELEASE_TAG }}
       - name: Setup pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0
         with:
           run_install: false
           package_json_file: docs_new/package.json
           version: 8
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
         with:
           node-version: 20
       - name: Setup Pages
-        uses: actions/configure-pages@v5
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
       - name: Install dependencies
         run: pnpm install
         working-directory: ./docs_new
@@ -136,12 +136,12 @@ jobs:
           pnpm docs:build
         working-directory: ./docs_new
       - name: download helm index
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: helm-index
           path: docs_new/.vitepress/dist/helm_charts/
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
         with:
           path: docs_new/.vitepress/dist
 
@@ -163,7 +163,7 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4 # or specific "vX.X.X" version tag for this action
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
 
   ## TODO: using https://github.com/slackapi/slack-github-action/blob/main/README.md#technique-3-slack-incoming-webhook
   ## we need to set up incoming webhook

diff --git a/.github/workflows/triage-issues.yaml b/.github/workflows/triage-issues.yaml
@@ -19,13 +19,13 @@ jobs:
     steps:
     -
       name: Add label
-      uses: actions-ecosystem/[email protected]
+      uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3
       with:
         labels: "triage"
         github_token: ${{ secrets.GITHUB_TOKEN }}
     -
       name: Add comment
-      uses: actions-ecosystem/[email protected]
+      uses: actions-ecosystem/action-create-comment@e23bc59fbff7aac7f9044bd66c2dc0fe1286f80b # v1.0.2
       if: github.event.action == 'opened'
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -37,7 +37,7 @@ jobs:
           If you haven't already, please take a moment to review our project's [Code of Conduct](https://github.com/kanisterio/kanister/blob/master/CODE_OF_CONDUCT.md) document.
     -
       name: Update project
-      uses: alex-page/[email protected]
+      uses: alex-page/github-project-automation-plus@303f24a24c67ce7adf565a07e96720faf126fe36 # v0.9.0
       with:
         repo-token: ${{ secrets.GH_TOKEN }} # must use a PAT here
         project: Kanister

diff --git a/.github/workflows/triage-prs.yaml b/.github/workflows/triage-prs.yaml
@@ -20,7 +20,7 @@ jobs:
     steps:
     -
       name: Comment
-      uses: actions-ecosystem/[email protected]
+      uses: actions-ecosystem/action-create-comment@e23bc59fbff7aac7f9044bd66c2dc0fe1286f80b # v1.0.2
       # Avoid adding a comment when the PR is on the same repo.
       if: github.event.action == 'opened' && github.event.pull_request.head.repo.fork
       with:
@@ -31,7 +31,7 @@ jobs:
           If you haven't already, please take a moment to review our project [contributing guideline](https://github.com/kanisterio/kanister/blob/master/CONTRIBUTING.md) and [Code of Conduct](https://github.com/kanisterio/kanister/blob/master/CODE_OF_CONDUCT.md) document.
     -
       name: Update status in project
-      uses: alex-page/[email protected]
+      uses: alex-page/github-project-automation-plus@303f24a24c67ce7adf565a07e96720faf126fe36 # v0.9.0
       # This only works for PRs opened in the same repo and not by dependabot.
       # Other PRs don't get the necessary credentials.
       if: github.repository == 'kanisterio/kanister' && !github.event.pull_request.head.repo.fork