Skip to content

Commit

Permalink
replace action version tags with their sha (#61)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mauwii
mauwii authored Oct 12, 2023
1 parent e0f5642 commit 355eb2d
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 16 deletions.
24 changes: 12 additions & 12 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4.1.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608

- name: Setup Docker Buildx
# kics-scan ignore-line
uses: docker/setup-buildx-action@v3.0.0
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226

# get docker binary path to use it with env -i
- name: Get the docker binary path
Expand Down Expand Up @@ -70,7 +70,7 @@ jobs:
platforms: ${{ steps.platforms.outputs.matrix }}
steps:
- name: Checkout code
uses: actions/checkout@v4.1.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608

- name: Generate targets matrix
id: targets
Expand All @@ -95,22 +95,22 @@ jobs:
matrix: ${{ github.event_name != 'pull_request' && fromJson(needs.generate-jobs.outputs.targets) || fromJson(needs.generate-jobs.outputs.platforms) }}
steps:
- name: Checkout code
uses: actions/checkout@v4.1.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608

- name: Setup QEMU
# kics-scan ignore-line
uses: docker/setup-qemu-action@v3.0.0
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3

- name: Setup Docker Buildx
# kics-scan ignore-line
uses: docker/setup-buildx-action@v3.0.0
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226
with:
driver: docker-container

# Login against a container registry
# https://github.com/docker/login-action
# kics-scan ignore-line
- uses: docker/login-action@v3.0.0
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
name: Login to ${{ env.CONTAINER_REGISTRY }}
with:
registry: ${{ env.CONTAINER_REGISTRY }}
Expand Down Expand Up @@ -142,7 +142,7 @@ jobs:

# Bake the image
# kics-scan ignore-line
- uses: docker/bake-action@v4.0.0
- uses: docker/bake-action@511fde2517761e303af548ec9e0ea74a8a100112
name: Build and Push
id: bake
with:
Expand All @@ -158,7 +158,7 @@ jobs:

# Docker-Scout - Create SBOM
# kics-scan ignore-line
- uses: docker/scout-action@v1.0.8
- uses: docker/scout-action@914f29b95fa18690ce41fdee98cf892d78f8c5c0
name: Create SBOM
id: docker-scout-sbom
continue-on-error: true
Expand All @@ -171,7 +171,7 @@ jobs:

# vulnerability scan the image for main branch
# kics-scan ignore-line
- uses: docker/scout-action@v1.0.8
- uses: docker/scout-action@914f29b95fa18690ce41fdee98cf892d78f8c5c0
name: Analyze for critical and high CVEs
id: docker-scout-cves
continue-on-error: true
Expand All @@ -184,7 +184,7 @@ jobs:
summary: false
# upload the results as a SARIF file to gh security tab
# kics-scan ignore-line
- uses: github/codeql-action/upload-sarif@v2.22.2
- uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
name: Upload SARIF result
id: upload-sarif
if: steps.docker-scout-cves.outcome == 'success'
Expand All @@ -193,7 +193,7 @@ jobs:

# vulnerability scanning to verify PRs
# kics-scan ignore-line
- uses: docker/scout-action@v1.0.8
- uses: docker/scout-action@914f29b95fa18690ce41fdee98cf892d78f8c5c0
name: Docker Scout compare
id: pr-compare
if: github.event_name == 'pull_request' && vars.DOCKERHUB_USERNAME != ''
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dockerhub-description.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
if: vars.DOCKERHUB_USERNAME != ''
steps:
- name: Checkout code
uses: actions/checkout@v4.1.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608

- name: Docker Hub Description
uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/mega-linter.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
steps:
# Git Checkout
# kics-scan ignore-line
- uses: actions/checkout@v4.1.0
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
name: Checkout Code
with:
set-safe-directory: true
Expand All @@ -48,7 +48,7 @@ jobs:
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/latest/flavors
# kics-scan ignore-line
- uses: oxsecurity/megalinter/flavors/terraform@v7.4.0
- uses: oxsecurity/megalinter/flavors/terraform@a87b2872713c6bdde46d2473c5d7ed23e5752dc2
name: MegaLinter
id: ml
env:
Expand All @@ -61,7 +61,7 @@ jobs:

# Upload MegaLinter artifacts
# kics-scan ignore-line
- uses: actions/upload-artifact@v3.1.3
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
name: Archive production artifacts
if: github.actor != 'nektos/act' && (success() || failure())
with:
Expand Down

0 comments on commit 355eb2d

Please sign in to comment.