Skip to content

Commit 9e80da1

Browse files
authored
ci: pin actions (#252)
1 parent 97f909f commit 9e80da1

5 files changed

Lines changed: 20 additions & 19 deletions

File tree

.github/dependabot.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
version: 2
22
updates:
3-
# Maintain dependencies for GitHub Actions
43
- package-ecosystem: "github-actions"
54
directory: "/"
65
schedule:
@@ -9,3 +8,5 @@ updates:
98
commit-message:
109
prefix: "ci"
1110
include: "scope"
11+
cooldown:
12+
default-days: 7

.github/workflows/autoupdate.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ jobs:
1111
runs-on: ubuntu-latest
1212
steps:
1313
- name: Checkout repo
14-
uses: actions/checkout@v7
14+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
1515

1616
- name: Fetch latest Git release
1717
if: ${{ github.event.schedule == '0 18 14,28 * *' || github.event_name == 'workflow_dispatch' }}
@@ -43,7 +43,7 @@ jobs:
4343
4444
- name: Update Python 3.12 requirements
4545
if: ${{ github.event.schedule == '0 18 14,28 * *' || github.event_name == 'workflow_dispatch' }}
46-
uses: coatl-dev/actions/uv-pip-compile-upgrade@v5
46+
uses: coatl-dev/actions/uv-pip-compile-upgrade@25b15c8e562e6c9e509bd29ea0b0da5ec6b26a1f # v7.0.4
4747
with:
4848
path: requirements/3.12/pip.txt
4949
python-version: '3.12'
@@ -60,12 +60,12 @@ jobs:
6060
6161
- name: Detect changes
6262
id: git-diff
63-
uses: coatl-dev/actions/simple-git-diff@v5
63+
uses: coatl-dev/actions/simple-git-diff@25b15c8e562e6c9e509bd29ea0b0da5ec6b26a1f # v7.0.4
6464

6565
- name: Import GPG key
6666
if: ${{ steps.git-diff.outputs.diff == 'true' }}
6767
id: gpg-import
68-
uses: coatl-dev/actions/gpg-import@v5
68+
uses: coatl-dev/actions/gpg-import@25b15c8e562e6c9e509bd29ea0b0da5ec6b26a1f # v7.0.4
6969
with:
7070
passphrase: ${{ secrets.COATL_BOT_GPG_PASSPHRASE }}
7171
private-key: ${{ secrets.COATL_BOT_GPG_PRIVATE_KEY }}
@@ -80,6 +80,6 @@ jobs:
8080
8181
- name: Create Pull Request
8282
if: ${{ steps.git-diff.outputs.diff == 'true' }}
83-
uses: coatl-dev/actions/pr-create@v5
83+
uses: coatl-dev/actions/pr-create@25b15c8e562e6c9e509bd29ea0b0da5ec6b26a1f # v7.0.4
8484
with:
8585
gh-token: ${{ secrets.COATL_BOT_GH_TOKEN }}

.github/workflows/docker-build-push-multi-registry.yml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -84,31 +84,31 @@ jobs:
8484
8585
- name: Docker meta
8686
id: meta
87-
uses: docker/metadata-action@v6
87+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
8888
with:
8989
images: |
9090
${{ inputs.dockerhub-repo }}
9191
${{ inputs.quay-repo }}
9292
9393
- name: Login to Docker Hub
94-
uses: docker/login-action@v4
94+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
9595
with:
9696
username: ${{ inputs.dockerhub-username }}
9797
password: ${{ secrets.dockerhub-password }}
9898

9999
- name: Login to Quay
100-
uses: docker/login-action@v4
100+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
101101
with:
102102
registry: quay.io
103103
username: ${{ inputs.quay-username }}
104104
password: ${{ secrets.quay-password }}
105105

106106
- name: Setup Docker Builder
107-
uses: useblacksmith/setup-docker-builder@v1
107+
uses: useblacksmith/setup-docker-builder@ab5c1da94f53f5cd75c1038092aa276dddfccbba # v1.9.0
108108

109109
- name: Build and push by digest
110110
id: build
111-
uses: useblacksmith/build-push-action@v2
111+
uses: useblacksmith/build-push-action@fb9e3e6a9299c78462bfadd0d93352c316adc9b8 # v2.2.0
112112
with:
113113
context: ${{ inputs.build-context }}
114114
file: ${{ inputs.build-file }}
@@ -124,7 +124,7 @@ jobs:
124124
touch "${{ runner.temp }}/digests/${digest#sha256:}"
125125
126126
- name: Upload digest
127-
uses: actions/upload-artifact@v7
127+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
128128
with:
129129
name: digests-${{ inputs.build-digest-key }}-${{ steps.prepare.outputs.platform-pair }}
130130
path: ${{ runner.temp }}/digests/*
@@ -137,31 +137,31 @@ jobs:
137137
- build
138138
steps:
139139
- name: Download digests
140-
uses: actions/download-artifact@v8
140+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
141141
with:
142142
path: ${{ runner.temp }}/digests
143143
pattern: digests-${{ inputs.build-digest-key }}-*
144144
merge-multiple: true
145145

146146
- name: Login to Docker Hub
147-
uses: docker/login-action@v4
147+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
148148
with:
149149
username: ${{ inputs.dockerhub-username }}
150150
password: ${{ secrets.dockerhub-password }}
151151

152152
- name: Login to Quay
153-
uses: docker/login-action@v4
153+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
154154
with:
155155
registry: quay.io
156156
username: ${{ inputs.quay-username }}
157157
password: ${{ secrets.quay-password }}
158158

159159
- name: Set up Docker Buildx
160-
uses: docker/setup-buildx-action@v4
160+
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
161161

162162
- name: Docker meta
163163
id: meta
164-
uses: docker/metadata-action@v6
164+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
165165
with:
166166
images: |
167167
${{ inputs.dockerhub-repo }}

.github/workflows/publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919

2020
steps:
2121
- name: Checkout
22-
uses: actions/checkout@v7
22+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
2323

2424
- name: Extract version number
2525
id: tags

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ jobs:
7171

7272
steps:
7373
- name: Checkout repo
74-
uses: actions/checkout@v4
74+
uses: actions/checkout@v7
7575

7676
- name: Run tests
7777
run: |

0 commit comments

Comments
 (0)