44 schedule :
55 - cron : " 0 0 * * *"
66
7+ permissions :
8+ contents : write
9+ packages : write
10+
711jobs :
812 create-release :
913 runs-on : ubuntu-latest
1014 steps :
1115 - name : Checkout
12- uses : actions/checkout@v6.0.2
16+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1317
1418 - name : Delete old release
1519 run : gh release delete --cleanup-tag --yes nightly || echo release not found
1923 REPO : ${{ github.event.repository.name }}
2024
2125 - name : Create release
22- uses : softprops/action-gh-release@v3
26+ uses : softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
2327 with :
2428 prerelease : true
2529 tag_name : nightly
3337 BUILD_TIMESTAMP : ${{ steps.metadata.outputs.BUILD_TIMESTAMP }}
3438 steps :
3539 - name : Checkout
36- uses : actions/checkout@v6.0.2
40+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3741 with :
3842 ref : nightly
3943
@@ -51,15 +55,15 @@ jobs:
5155 - generate-metadata
5256 steps :
5357 - name : Checkout
54- uses : actions/checkout@v6.0.2
58+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5559 with :
5660 ref : nightly
5761
5862 - name : Install bun
59- uses : oven-sh/setup-bun@v2
63+ uses : oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
6064
6165 - name : Install go
62- uses : actions/setup-go@v6
66+ uses : actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
6367 with :
6468 go-version : " ^1.26.0"
6569
8589 CGO_ENABLED : 0
8690
8791 - name : Upload artifact
88- uses : actions/upload-artifact@v7.0.1
92+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
8993 with :
9094 name : tinyauth-amd64
9195 path : tinyauth-amd64
@@ -97,15 +101,15 @@ jobs:
97101 - generate-metadata
98102 steps :
99103 - name : Checkout
100- uses : actions/checkout@v6.0.2
104+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
101105 with :
102106 ref : nightly
103107
104108 - name : Install bun
105- uses : oven-sh/setup-bun@v2
109+ uses : oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
106110
107111 - name : Install go
108- uses : actions/setup-go@v6
112+ uses : actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
109113 with :
110114 go-version : " ^1.26.0"
111115
@@ -131,7 +135,7 @@ jobs:
131135 CGO_ENABLED : 0
132136
133137 - name : Upload artifact
134- uses : actions/upload-artifact@v7.0.1
138+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
135139 with :
136140 name : tinyauth-arm64
137141 path : tinyauth-arm64
@@ -143,28 +147,28 @@ jobs:
143147 - generate-metadata
144148 steps :
145149 - name : Checkout
146- uses : actions/checkout@v6.0.2
150+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
147151 with :
148152 ref : nightly
149153
150154 - name : Docker meta
151155 id : meta
152- uses : docker/metadata-action@v6
156+ uses : docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
153157 with :
154158 images : ghcr.io/${{ github.repository_owner }}/tinyauth
155159
156160 - name : Login to GitHub Container Registry
157- uses : docker/login-action@v4
161+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
158162 with :
159163 registry : ghcr.io
160164 username : ${{ github.repository_owner }}
161165 password : ${{ secrets.GITHUB_TOKEN }}
162166
163167 - name : Set up Docker Buildx
164- uses : docker/setup-buildx-action@v4
168+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
165169
166170 - name : Build and push
167- uses : docker/build-push-action@v7
171+ uses : docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
168172 id : build
169173 with :
170174 platforms : linux/amd64
@@ -186,7 +190,7 @@ jobs:
186190 touch "${{ runner.temp }}/digests/${digest#sha256:}"
187191
188192name : Upload digest
189- uses : actions/upload-artifact@v7.0.1
193+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
190194 with :
191195 name : digests-linux-amd64
192196 path : ${{ runner.temp }}/digests/*
@@ -201,28 +205,28 @@ jobs:
201205 - image-build
202206 steps :
203207 - name : Checkout
204- uses : actions/checkout@v6.0.2
208+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
205209 with :
206210 ref : nightly
207211
208212 - name : Docker meta
209213 id : meta
210- uses : docker/metadata-action@v6
214+ uses : docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
211215 with :
212216 images : ghcr.io/${{ github.repository_owner }}/tinyauth
213217
214218 - name : Login to GitHub Container Registry
215- uses : docker/login-action@v4
219+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
216220 with :
217221 registry : ghcr.io
218222 username : ${{ github.repository_owner }}
219223 password : ${{ secrets.GITHUB_TOKEN }}
220224
221225 - name : Set up Docker Buildx
222- uses : docker/setup-buildx-action@v4
226+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
223227
224228 - name : Build and push
225- uses : docker/build-push-action@v7
229+ uses : docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
226230 id : build
227231 with :
228232 platforms : linux/amd64
@@ -245,7 +249,7 @@ jobs:
245249 touch "${{ runner.temp }}/digests/${digest#sha256:}"
246250
247251name : Upload digest
248- uses : actions/upload-artifact@v7.0.1
252+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
249253 with :
250254 name : digests-distroless-linux-amd64
251255 path : ${{ runner.temp }}/digests/*
@@ -259,28 +263,28 @@ jobs:
259263 - generate-metadata
260264 steps :
261265 - name : Checkout
262- uses : actions/checkout@v6.0.2
266+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
263267 with :
264268 ref : nightly
265269
266270 - name : Docker meta
267271 id : meta
268- uses : docker/metadata-action@v6
272+ uses : docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
269273 with :
270274 images : ghcr.io/${{ github.repository_owner }}/tinyauth
271275
272276 - name : Login to GitHub Container Registry
273- uses : docker/login-action@v4
277+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
274278 with :
275279 registry : ghcr.io
276280 username : ${{ github.repository_owner }}
277281 password : ${{ secrets.GITHUB_TOKEN }}
278282
279283 - name : Set up Docker Buildx
280- uses : docker/setup-buildx-action@v4
284+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
281285
282286 - name : Build and push
283- uses : docker/build-push-action@v7
287+ uses : docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
284288 id : build
285289 with :
286290 platforms : linux/arm64
@@ -302,7 +306,7 @@ jobs:
302306 touch "${{ runner.temp }}/digests/${digest#sha256:}"
303307
304308name : Upload digest
305- uses : actions/upload-artifact@v7.0.1
309+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
306310 with :
307311 name : digests-linux-arm64
308312 path : ${{ runner.temp }}/digests/*
@@ -317,28 +321,28 @@ jobs:
317321 - image-build-arm
318322 steps :
319323 - name : Checkout
320- uses : actions/checkout@v6.0.2
324+ uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
321325 with :
322326 ref : nightly
323327
324328 - name : Docker meta
325329 id : meta
326- uses : docker/metadata-action@v6
330+ uses : docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
327331 with :
328332 images : ghcr.io/${{ github.repository_owner }}/tinyauth
329333
330334 - name : Login to GitHub Container Registry
331- uses : docker/login-action@v4
335+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
332336 with :
333337 registry : ghcr.io
334338 username : ${{ github.repository_owner }}
335339 password : ${{ secrets.GITHUB_TOKEN }}
336340
337341 - name : Set up Docker Buildx
338- uses : docker/setup-buildx-action@v4
342+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
339343
340344 - name : Build and push
341- uses : docker/build-push-action@v7
345+ uses : docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
342346 id : build
343347 with :
344348 platforms : linux/arm64
@@ -361,7 +365,7 @@ jobs:
361365 touch "${{ runner.temp }}/digests/${digest#sha256:}"
362366
363367name : Upload digest
364- uses : actions/upload-artifact@v7.0.1
368+ uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
365369 with :
366370 name : digests-distroless-linux-arm64
367371 path : ${{ runner.temp }}/digests/*
@@ -375,25 +379,25 @@ jobs:
375379 - image-build-arm
376380 steps :
377381 - name : Download digests
378- uses : actions/download-artifact@v8
382+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
379383 with :
380384 path : ${{ runner.temp }}/digests
381385 pattern : digests-*
382386 merge-multiple : true
383387
384388 - name : Login to GitHub Container Registry
385- uses : docker/login-action@v4
389+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
386390 with :
387391 registry : ghcr.io
388392 username : ${{ github.repository_owner }}
389393 password : ${{ secrets.GITHUB_TOKEN }}
390394
391395 - name : Set up Docker Buildx
392- uses : docker/setup-buildx-action@v4
396+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
393397
394398 - name : Docker meta
395399 id : meta
396- uses : docker/metadata-action@v6
400+ uses : docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
397401 with :
398402 images : ghcr.io/${{ github.repository_owner }}/tinyauth
399403 flavor : |
@@ -414,25 +418,25 @@ jobs:
414418 - image-build-arm-distroless
415419 steps :
416420 - name : Download digests
417- uses : actions/download-artifact@v8
421+ uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
418422 with :
419423 path : ${{ runner.temp }}/digests
420424 pattern : digests-distroless-*
421425 merge-multiple : true
422426
423427 - name : Login to GitHub Container Registry
424- uses : docker/login-action@v4
428+ uses : docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
425429 with :
426430 registry : ghcr.io
427431 username : ${{ github.repository_owner }}
428432 password : ${{ secrets.GITHUB_TOKEN }}
429433
430434 - name : Set up Docker Buildx
431- uses : docker/setup-buildx-action@v4
435+ uses : docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
432436
433437 - name : Docker meta
434438 id : meta
435- uses : docker/metadata-action@v6
439+ uses : docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
436440 with :
437441 images : ghcr.io/${{ github.repository_owner }}/tinyauth
438442 flavor : |
@@ -452,14 +456,14 @@ jobs:
452456 - binary-build
453457 - binary-build-arm
454458 steps :
455- - uses : actions/download-artifact@v8
459+ - uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
456460 with :
457461 pattern : tinyauth-*
458462 path : binaries
459463 merge-multiple : true
460464
461465 - name : Release
462- uses : softprops/action-gh-release@v3
466+ uses : softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
463467 with :
464468 files : binaries/*
465469 tag_name : nightly
0 commit comments