diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml index 99454e494..68f17d74c 100644 --- a/.github/workflows/deployment.yml +++ b/.github/workflows/deployment.yml @@ -86,7 +86,7 @@ jobs: # Also build the diracx metapackage python -m build --outdir $PWD/dist . - name: 'Upload Artifact' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: diracx-whl path: dist/diracx*.whl @@ -95,7 +95,7 @@ jobs: # https://docs.pypi.org/trusted-publishers/ - name: Publish package on PyPI if: steps.check-tag.outputs.create-release == 'true' - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 docker: needs: deploy-pypi @@ -109,14 +109,14 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Login to GitHub container registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push services (release) - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }} with: context: . @@ -126,7 +126,7 @@ jobs: tags: "ghcr.io/diracgrid/diracx/services:${{ needs.deploy-pypi.outputs.new-version }}" platforms: linux/amd64,linux/arm64 - name: Build and push tasks (release) - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }} with: context: . @@ -136,7 +136,7 @@ jobs: tags: "ghcr.io/diracgrid/diracx/tasks:${{ needs.deploy-pypi.outputs.new-version }}" platforms: linux/amd64,linux/arm64 - name: Build and push client (release) - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 if: ${{ needs.deploy-pypi.outputs.create-release == 'true' }} with: context: . @@ -147,7 +147,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: Build and push services (dev) - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: containers/Dockerfile @@ -156,7 +156,7 @@ jobs: tags: ghcr.io/diracgrid/diracx/services:dev platforms: linux/amd64,linux/arm64 - name: Build and push tasks (dev) - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: containers/Dockerfile @@ -165,7 +165,7 @@ jobs: tags: ghcr.io/diracgrid/diracx/tasks:dev platforms: linux/amd64,linux/arm64 - name: Build and push client (dev) - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: containers/Dockerfile diff --git a/.github/workflows/draft-on-changes-requested.yml b/.github/workflows/draft-on-changes-requested.yml index d8756d765..f9d58cb3c 100644 --- a/.github/workflows/draft-on-changes-requested.yml +++ b/.github/workflows/draft-on-changes-requested.yml @@ -26,7 +26,7 @@ jobs: draft: needs: get-pr - uses: DIRACGrid/.github/.github/workflows/draft-on-changes-requested.yml@eab297d50d33cf7eabf0b388ac57d1f91e36d14c # main + uses: DIRACGrid/.github/.github/workflows/draft-on-changes-requested.yml@a599200da5df9e3ea9104a6b9b99eb5bf83754a3 # main with: pr_number: ${{ fromJSON(needs.get-pr.outputs.pr_number) }} secrets: diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 1ba658d78..d658d52c9 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -91,7 +91,7 @@ jobs: echo "::group::DIRAC server logs" cd /tmp/DIRACRepo && ./integration_tests.py logs --no-follow --lines 1000 2>&1 | tee /tmp/service-logs/dirac.log || true echo "::endgroup::" - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 if: ${{ failure() }} with: name: service-logs-${{ github.job }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2483ff311..9e5652a8e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,11 +26,11 @@ jobs: steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: run-install: false post-cleanup: false - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: cache: false environments: shellcheck @@ -61,7 +61,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: run-install: false post-cleanup: false @@ -72,7 +72,7 @@ jobs: rm pixi.toml.bak # Show any changes git diff - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: cache: false environments: ${{ matrix.package }} @@ -112,7 +112,7 @@ jobs: df -h - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: run-install: false post-cleanup: false @@ -123,14 +123,14 @@ jobs: rm pixi.toml.bak # Show any changes git diff - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: cache: false environments: ${{ matrix.extension == 'diracx' && 'default' || 'default-gubbins' }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Build services image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: containers/Dockerfile @@ -139,7 +139,7 @@ jobs: tags: ghcr.io/${{ matrix.extension == 'diracx' && 'diracgrid/diracx' || 'gubbins' }}/services:dev outputs: type=docker,dest=/tmp/services_image.tar - name: Build tasks image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: containers/Dockerfile @@ -148,7 +148,7 @@ jobs: tags: ghcr.io/${{ matrix.extension == 'diracx' && 'diracgrid/diracx' || 'gubbins' }}/tasks:dev outputs: type=docker,dest=/tmp/tasks_image.tar - name: Build client image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . file: containers/Dockerfile @@ -234,11 +234,11 @@ jobs: steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: run-install: false post-cleanup: false - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: cache: false locked: false diff --git a/.github/workflows/record-changes-requested.yml b/.github/workflows/record-changes-requested.yml index 104dfb797..90fc8c39d 100644 --- a/.github/workflows/record-changes-requested.yml +++ b/.github/workflows/record-changes-requested.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - run: echo "${{ github.event.pull_request.number }}" > pr_number.txt - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7 with: name: pr-info path: pr_number.txt diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index debf5ea23..c1d688df4 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -14,7 +14,7 @@ jobs: release-please: runs-on: ubuntu-latest steps: - - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4 + - uses: googleapis/release-please-action@5c625bfb5d1ff62eadeeb3772007f7f66fdcf071 # v4 with: token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }} release-type: simple diff --git a/.github/workflows/update_security_txt_expiry.yml b/.github/workflows/update_security_txt_expiry.yml index 8784770d0..46b253ed3 100644 --- a/.github/workflows/update_security_txt_expiry.yml +++ b/.github/workflows/update_security_txt_expiry.yml @@ -74,7 +74,7 @@ jobs: - name: Create Pull Request if: steps.update_script.outputs.changes_made == 'true' - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "chore(security): Update security.txt expiry date" diff --git a/.github/workflows/vulnerabilities.yml b/.github/workflows/vulnerabilities.yml index e900e576f..638b898eb 100644 --- a/.github/workflows/vulnerabilities.yml +++ b/.github/workflows/vulnerabilities.yml @@ -29,7 +29,7 @@ jobs: output: "client-dev-vulnerability-report.sarif" - name: Upload SARIF to GitHub Security (client:dev) - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: "client-dev-vulnerability-report.sarif" category: "client-dev" @@ -43,7 +43,7 @@ jobs: skip-setup-trivy: true - name: Upload SARIF to GitHub Security (services:dev) - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: "services-dev-vulnerability-report.sarif" category: "services-dev" @@ -70,7 +70,7 @@ jobs: - name: Upload SARIF to GitHub Security (client:rel) if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }} - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: "client-rel-vulnerability-report.sarif" category: "client-rel" @@ -86,7 +86,7 @@ jobs: - name: Upload SARIF to GitHub Security (services:rel) if: ${{ steps.get-latest-tag.outputs.latest_tag != '' }} - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: "services-rel-vulnerability-report.sarif" category: "services-rel" diff --git a/extensions/gubbins/.github/workflows/main.yml b/extensions/gubbins/.github/workflows/main.yml index 2b1712a22..5aa787fbf 100644 --- a/extensions/gubbins/.github/workflows/main.yml +++ b/extensions/gubbins/.github/workflows/main.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: run-install: false post-cleanup: false @@ -37,7 +37,7 @@ jobs: rm pixi.toml.bak # Show any changes git diff - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: environments: ${{ matrix.package }} - name: Run pytest @@ -50,11 +50,11 @@ jobs: steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: run-install: false post-cleanup: false - - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e # v0.9.4 + - uses: prefix-dev/setup-pixi@1b2de7f3351f171c8b4dfeb558c639cb58ed4ec0 # v0.9.5 with: environments: generate-client - name: Run autorest