Skip to content

Commit f4d015e

Browse files
Merge pull request #184 from openstack-k8s-operators/renovate/github-actions-dependencies
Pin dependencies
2 parents 2f280b2 + 903b181 commit f4d015e

9 files changed

Lines changed: 37 additions & 37 deletions

.github/workflows/build-custom-tobiko-image.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646

4747
steps:
4848
- name: 1. Checkout Repository
49-
uses: actions/checkout@v4
49+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
5050

5151
- name: 2. Prepare Config Files
5252
run: |
@@ -99,7 +99,7 @@ jobs:
9999
sudo chown $(whoami):$(whoami) ${{ env.CUSTOM_IMAGE_FILE }}
100100
101101
- name: 7. Create GitHub Release and Upload Artifact
102-
uses: softprops/action-gh-release@v2
102+
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
103103
with:
104104
# This is the tag you provided as input
105105
tag_name: ${{ inputs.release_tag }}

.github/workflows/build-custom-wntp-image.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ jobs:
6262
sudo chown $(whoami):$(whoami) ${{ env.CUSTOM_IMAGE_FILE }}
6363
6464
- name: 4. Create GitHub Release and Upload Artifact
65-
uses: softprops/action-gh-release@v2
65+
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
6666
with:
6767
# This is the tag you provided as input
6868
tag_name: ${{ inputs.release_tag }}

.github/workflows/build-nat64-appliance.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ jobs:
4949
echo "System dependencies installed"
5050
5151
- name: 2. Clone ci-framework Repository
52-
uses: actions/checkout@v4
52+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
5353
with:
5454
repository: ${{ inputs.ci_framework_repo || 'openstack-k8s-operators/ci-framework' }}
5555
ref: ${{ inputs.ci_framework_ref || 'main' }}
@@ -148,7 +148,7 @@ jobs:
148148
ls -lh ${{ github.workspace }}/${TAGGED_IMAGE}
149149
150150
- name: 8. Create Versioned GitHub Release
151-
uses: softprops/action-gh-release@v2
151+
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
152152
with:
153153
tag_name: ${{ steps.release_tag.outputs.release_tag }}
154154
name: "NAT64 Appliance ${{ steps.release_tag.outputs.release_tag }}"
@@ -170,7 +170,7 @@ jobs:
170170
files: ${{ steps.release_tag.outputs.tagged_image }}
171171

172172
- name: 9. Update 'latest' Release Tag
173-
uses: softprops/action-gh-release@v2
173+
uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
174174
with:
175175
tag_name: latest
176176
name: "NAT64 Appliance (Latest)"

.github/workflows/create-release-branch-v1.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ jobs:
6868
GIT_TIMEOUT: '300'
6969
steps:
7070
- name: Generate a token from the GitHub App
71-
uses: actions/create-github-app-token@v2
71+
uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2
7272
id: app-token
7373
with:
7474
app-id: ${{ secrets.APP_ID }}
@@ -129,7 +129,7 @@ jobs:
129129
echo "✅ Inputs and permissions validated successfully."
130130

131131
- name: Checkout code (for the workflow itself)
132-
uses: actions/checkout@v4
132+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
133133
with:
134134
token: ${{ steps.app-token.outputs.token }}
135135

.github/workflows/force-bump-pull-request.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ jobs:
2929

3030
steps:
3131
- name: Checkout repository
32-
uses: actions/checkout@v4
32+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
3333
with:
3434
ref: ${{ inputs.branch_name }}
3535

@@ -90,7 +90,7 @@ jobs:
9090
9191
- name: Create Pull Request
9292
if: steps.git_diff.outputs.changes == 'true'
93-
uses: peter-evans/create-pull-request@v7
93+
uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
9494
with:
9595
token: ${{ steps.token.outputs.token }}
9696
title: "openstack-k8s-operators dependency bump branch: ${{ inputs.branch_name }}"

.github/workflows/golangci-lint.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -8,15 +8,15 @@ jobs:
88
runs-on: ubuntu-latest
99
steps:
1010
- name: Install Go
11-
uses: actions/setup-go@v3
11+
uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3
1212
with:
1313
go-version: 1.21.x
1414
- name: Checkout project code
15-
uses: actions/checkout@v3
15+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
1616
with:
1717
repository: openstack-k8s-operators/osp-director-operator
1818
- name: Checkout openstack-k8s-operators-ci project
19-
uses: actions/checkout@v3
19+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
2020
with:
2121
path: ./openstack-k8s-operators-ci
2222
- name: Run govet.sh
@@ -32,16 +32,16 @@ jobs:
3232
runs-on: ubuntu-latest
3333
steps:
3434
- name: Install Go
35-
uses: actions/setup-go@v3
35+
uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3
3636
with:
3737
go-version: 1.16.0 # don't bump this until we drop OSPdO v1.2.x
3838
- name: Checkout project code
39-
uses: actions/checkout@v3
39+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
4040
with:
4141
repository: openstack-k8s-operators/osp-director-operator
4242
ref: v1.2.x
4343
- name: Checkout openstack-k8s-operators-ci project
44-
uses: actions/checkout@v3
44+
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
4545
with:
4646
path: ./openstack-k8s-operators-ci
4747
- name: Run govet.sh

.github/workflows/label-pr.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Add ${{ inputs.label_name }} label on the PR
16-
uses: actions/github-script@v7
16+
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
1717
with:
1818
script: |
1919
await github.rest.issues.addLabels({

.github/workflows/rabbitmq-cluster-operator-index-feature-tag.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,7 +107,7 @@ jobs:
107107
echo "FORCE_OVERWRITE=${{ github.event.inputs.force_overwrite || inputs.force_overwrite || 'false' }}" >> $GITHUB_ENV
108108
109109
- name: Log in to Quay.io
110-
uses: redhat-actions/podman-login@v1
110+
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
111111
with:
112112
registry: ${{ env.imageregistry }}
113113
username: ${{ secrets.QUAY_USERNAME }}

.github/workflows/reusable-build-operator.yaml

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ jobs:
6565
if: needs.check-secrets.outputs.missing-secrets != 'true'
6666

6767
steps:
68-
- uses: actions/checkout@v4
68+
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
6969

7070
- name: Set latest tag for non main branch
7171
if: github.ref_name != 'main'
@@ -77,15 +77,15 @@ jobs:
7777
7878
- name: Buildah Action
7979
id: build-operator
80-
uses: redhat-actions/buildah-build@v2
80+
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
8181
with:
8282
image: ${{ inputs.operator_name }}-operator
8383
tags: ${{ env.latesttag }} ${{ github.sha }}
8484
containerfiles: |
8585
./Dockerfile
8686
8787
- name: Push ${{ inputs.operator_name }}-operator To ${{ env.imageregistry }}
88-
uses: redhat-actions/push-to-registry@v2
88+
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
8989
with:
9090
image: ${{ steps.build-operator.outputs.image }}
9191
tags: ${{ steps.build-operator.outputs.tags }}
@@ -106,7 +106,7 @@ jobs:
106106
GITHUB_SHA: ${{ github.sha }}
107107

108108
- name: Push tag with digest ${{ env.OPERATOR_IMAGE_DIGEST }}
109-
uses: redhat-actions/push-to-registry@v2
109+
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
110110
with:
111111
image: ${{ steps.build-operator.outputs.image }}
112112
tags: ${{ env.OPERATOR_IMAGE_DIGEST }}
@@ -121,29 +121,29 @@ jobs:
121121

122122
steps:
123123
- name: Install Go
124-
uses: actions/setup-go@v4
124+
uses: actions/setup-go@7b8cf10d4e4a01d4992d18a89f4d7dc5a3e6d6f4 # v4
125125
with:
126126
go-version: ${{ inputs.go_version }}
127127
cache: false
128128

129129
- name: Checkout ${{ inputs.operator_name }}-operator repository
130-
uses: actions/checkout@v4
130+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
131131

132132
- name: Install operator-sdk
133-
uses: redhat-actions/openshift-tools-installer@v1
133+
uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
134134
with:
135135
source: github
136136
operator-sdk: ${{ inputs.operator_sdk_version }}
137137

138138
- name: Log in to Quay Registry
139-
uses: redhat-actions/podman-login@v1
139+
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
140140
with:
141141
registry: ${{ env.imageregistry }}
142142
username: ${{ secrets.QUAY_USERNAME }}
143143
password: ${{ secrets.QUAY_PASSWORD }}
144144

145145
- name: Log in to Red Hat Registry
146-
uses: redhat-actions/podman-login@v1
146+
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
147147
with:
148148
registry: registry.redhat.io
149149
username: ${{ secrets.REDHATIO_USERNAME }}
@@ -169,14 +169,14 @@ jobs:
169169
170170
- name: Build operator-bundle using buildah
171171
id: build-operator-bundle
172-
uses: redhat-actions/buildah-build@v2
172+
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
173173
with:
174174
image: ${{ inputs.operator_name }}-operator-bundle
175175
tags: ${{ env.latesttag }} ${{ github.sha }}
176176
containerfiles: ${{ inputs.bundle_dockerfile }}
177177

178178
- name: Push ${{ inputs.operator_name }}-operator To ${{ env.imageregistry }}
179-
uses: redhat-actions/push-to-registry@v2
179+
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
180180
with:
181181
image: ${{ steps.build-operator-bundle.outputs.image }}
182182
tags: ${{ steps.build-operator-bundle.outputs.tags }}
@@ -197,7 +197,7 @@ jobs:
197197
GITHUB_SHA: ${{ github.sha }}
198198

199199
- name: Push tag with digest ${{ env.OPERATOR_BUNDLE_IMAGE_DIGEST }}
200-
uses: redhat-actions/push-to-registry@v2
200+
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
201201
with:
202202
image: ${{ steps.build-operator-bundle.outputs.image }}
203203
tags: ${{ env.OPERATOR_BUNDLE_IMAGE_DIGEST }}
@@ -212,13 +212,13 @@ jobs:
212212

213213
steps:
214214
- name: Install Go
215-
uses: actions/setup-go@v4
215+
uses: actions/setup-go@7b8cf10d4e4a01d4992d18a89f4d7dc5a3e6d6f4 # v4
216216
with:
217217
go-version: ${{ inputs.go_version }}
218218
cache: false
219219

220220
- name: Checkout ${{ inputs.operator_name }}-operator repository
221-
uses: actions/checkout@v4
221+
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
222222

223223
- name: Set latest tag for non main branch
224224
if: github.ref_name != 'main'
@@ -229,20 +229,20 @@ jobs:
229229
echo "latesttag=${latesttag@L}" >> $GITHUB_ENV
230230
231231
- name: Install opm
232-
uses: redhat-actions/openshift-tools-installer@v1
232+
uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
233233
with:
234234
source: github
235235
opm: 'latest'
236236

237237
- name: Log in to Quay Registry
238-
uses: redhat-actions/podman-login@v1
238+
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
239239
with:
240240
registry: ${{ env.imageregistry }}
241241
username: ${{ secrets.QUAY_USERNAME }}
242242
password: ${{ secrets.QUAY_PASSWORD }}
243243

244244
- name: Log in to Red Hat Registry
245-
uses: redhat-actions/podman-login@v1
245+
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1
246246
with:
247247
registry: registry.redhat.io
248248
username: ${{ secrets.REDHATIO_USERNAME }}
@@ -298,7 +298,7 @@ jobs:
298298
CONTAINERS_REGISTRIES_CONF: /dev/null
299299

300300
- name: Push ${{ inputs.operator_name }}-operator-index To ${{ env.imageregistry }}
301-
uses: redhat-actions/push-to-registry@v2
301+
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
302302
with:
303303
image: ${{ inputs.operator_name }}-operator-index
304304
tags: ${{ env.latesttag }} ${{ github.sha }}
@@ -319,7 +319,7 @@ jobs:
319319
GITHUB_SHA: ${{ github.sha }}
320320

321321
- name: Push tag with digest ${{ env.OPERATOR_INDEX_IMAGE_DIGEST }}
322-
uses: redhat-actions/push-to-registry@v2
322+
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
323323
with:
324324
image: ${{ inputs.operator_name }}-operator-index
325325
tags: ${{ env.OPERATOR_INDEX_IMAGE_DIGEST }}

0 commit comments

Comments
 (0)