From bb72594bf73ac0c3dff1ba0d1b3863bb822ae13f Mon Sep 17 00:00:00 2001 From: Phu Ngo <12547020+NgoKimPhu@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:28:33 +0700 Subject: [PATCH] chore: pin actions by commit --- .github/workflows/build.yaml | 2 +- .github/workflows/ci.yaml | 9 +++++---- .github/workflows/deploy.yaml | 2 +- .github/workflows/pr-bump-go-mod.yaml | 4 ++-- .github/workflows/release.yaml | 2 +- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 22efc0d..5f521ec 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -57,7 +57,7 @@ jobs: restore-keys: | buildx-${{ inputs.file }}-${{ runner.os }}- - name: Inject/extract cache into/from buildx - uses: reproducible-containers/buildkit-cache-dance@v3 + uses: reproducible-containers/buildkit-cache-dance@5b6db76d1da5c8b307d5d2e0706d266521b710de # v3.1.2 if: ${{ inputs.cache }} with: cache-map: | diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 247851e..39e62bc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -30,7 +30,7 @@ jobs: go-version-file: 'go.mod' cache: false - - uses: golangci/golangci-lint-action@v6 + - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: version: v1.60 args: --timeout=10m @@ -130,8 +130,9 @@ jobs: echo 'EOF' } >> $GITHUB_OUTPUT - name: Comment PR - uses: thollander/actions-comment-pull-request@v2 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - pr_number: ${{ github.event.pull_request.number }} - comment_tag: cov + github-token: ${{ secrets.GH_PAT }} message: ${{ steps.cov.outputs.report }} + pr-number: ${{ github.event.pull_request.number }} + comment-tag: cov diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index dd911a3..46103bc 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -24,7 +24,7 @@ jobs: with: repository: ${{ github.repository_owner }}/kyber-applications token: ${{ secrets.GH_PAT }} - - uses: crazy-max/ghaction-import-gpg@v6 + - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE }} git_user_signingkey: true diff --git a/.github/workflows/pr-bump-go-mod.yaml b/.github/workflows/pr-bump-go-mod.yaml index 3929214..8cc5494 100644 --- a/.github/workflows/pr-bump-go-mod.yaml +++ b/.github/workflows/pr-bump-go-mod.yaml @@ -47,14 +47,14 @@ jobs: [ $((++try)) -gt 3 ] && exit 1 done go mod tidy - - uses: crazy-max/ghaction-import-gpg@v6 + - uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE }} git_user_signingkey: true git_commit_gpgsign: true fingerprint: ${{ secrets.GPG_PUBLIC }} - id: pr - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: token: ${{ secrets.GH_PAT }} commit-message: 'chore: bump ${{ github.event.repository.name }} to ${{ github.ref_name }}' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 3984693..2596a19 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -90,7 +90,7 @@ jobs: VERSION: ${{ needs.prepare.outputs.version }} steps: - uses: actions/checkout@v4 - - uses: softprops/action-gh-release@v2 + - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: body: ${{ inputs.release_body }} name: ${{ inputs.release_name ||