From 557686c124073be354e37c059caa12a59e4ab50c Mon Sep 17 00:00:00 2001 From: William Murphy Date: Mon, 20 Nov 2023 11:11:42 -0500 Subject: [PATCH] chore: upgrade and pin all GH actions (#250) Signed-off-by: Will Murphy --- .github/workflows/demo.yml | 6 +++--- .github/workflows/release-drafter.yml | 2 +- .github/workflows/sarifdemo.yml | 4 ++-- .github/workflows/tag-release.yml | 2 +- .github/workflows/test.yml | 4 ++-- .github/workflows/update-grype-release.yml | 6 +++--- README.md | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/demo.yml b/.github/workflows/demo.yml index 19e7a5fd..4678550e 100644 --- a/.github/workflows/demo.yml +++ b/.github/workflows/demo.yml @@ -6,7 +6,7 @@ jobs: test-image: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./ with: image: "alpine:latest" @@ -16,7 +16,7 @@ jobs: test-directory: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./ with: path: "tests/fixtures/npm-project" @@ -27,7 +27,7 @@ jobs: sbom: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./ with: sbom: tests/fixtures/test_sbom.spdx.json diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index ae28a3d1..d2111b26 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -10,6 +10,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Draft release notes - uses: release-drafter/release-drafter@v5 + uses: release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7 # v5.25.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/sarifdemo.yml b/.github/workflows/sarifdemo.yml index bc36a8b4..43d464d2 100644 --- a/.github/workflows/sarifdemo.yml +++ b/.github/workflows/sarifdemo.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the code - uses: actions/checkout@v2 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run the local Scan Action with SARIF generation enabled id: scan @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the code - uses: actions/checkout@v2 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run the local Scan Action with SARIF generation enabled id: scan diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml index 063e4664..c9e01c4a 100644 --- a/.github/workflows/tag-release.yml +++ b/.github/workflows/tag-release.yml @@ -8,6 +8,6 @@ jobs: actions-tagger: runs-on: ubuntu-latest steps: - - uses: Actions-R-Us/actions-tagger@v2 + - uses: Actions-R-Us/actions-tagger@330ddfac760021349fef7ff62b372f2f691c20fb # v2.0.3 with: publish_latest_tag: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3514c181..37324933 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,7 +11,7 @@ jobs: build: # make sure build/ci work properly and there is no faked build ncc built scripts runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: npm ci - run: npm run audit - run: npm run build @@ -27,7 +27,7 @@ jobs: ports: - 5000:5000 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build images run: | for distro in alpine centos debian; do diff --git a/.github/workflows/update-grype-release.yml b/.github/workflows/update-grype-release.yml index 969176d5..0bfa4b9d 100644 --- a/.github/workflows/update-grype-release.yml +++ b/.github/workflows/update-grype-release.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'anchore/scan-action' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Get latest Grype version id: latest-version env: @@ -25,12 +25,12 @@ jobs: npm run build # export the version for use with create-pull-request: echo "LATEST_VERSION=$LATEST_VERSION" >> $GITHUB_OUTPUT - - uses: tibdex/github-app-token@v1 + - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 id: generate-token with: app_id: ${{ secrets.TOKEN_APP_ID }} private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} - - uses: peter-evans/create-pull-request@v4 + - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: signoff: true delete-branch: true diff --git a/README.md b/README.md index 61577c69..bd16308f 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build the container image run: docker build . --file Dockerfile --tag localbuild/testimage:latest - uses: anchore/scan-action@v3 @@ -170,7 +170,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build the Container image run: docker build . --file Dockerfile --tag localbuild/testimage:latest - uses: anchore/scan-action@v3