Merge pull request #60 from uptick/plt-1209/pin-github-actions-sha

PLT-1209 security(gha): Pin all github actions to a fixed sha via ratchet

Author: uptickmetachu

.github/workflows/ci.yaml

@@ -2,10 +2,10 @@ name: Python
 on:
   push:
     branches:
-    - release/*
-    - develop
-    - master
-    - main
+      - release/*
+      - develop
+      - master
+      - main
   pull_request: {}
 
 permissions:
@@ -20,7 +20,7 @@ env:
 
 jobs:
   ci:
-    uses: uptick/actions/.github/workflows/ci.yaml@main
+    uses: uptick/actions/.github/workflows/ci.yaml@main # ratchet:exclude
     secrets:
       SECRET_ENV: "${{ secrets.DEPLOY_KEY }}"
     with:

.github/workflows/release-please.yaml

@@ -21,13 +21,13 @@ jobs:
       tag_name: ${{ steps.release.outputs.tag_name }}
       sha: ${{ steps.release.outputs.sha }}
     steps:
-      - uses: googleapis/release-please-action@v4
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # ratchet:googleapis/release-please-action@v4
         id: release
         with: {}
 
   publish_docker_image:
     name: Build and Push Docker Image
-    uses: uptick/actions/.github/workflows/ci.yaml@main
+    uses: uptick/actions/.github/workflows/ci.yaml@main # ratchet:exclude
     needs: release-please
     if: ${{ needs.release-please.outputs.release_created }}
     secrets:

.github/workflows/test.yml

@@ -12,7 +12,7 @@ permissions:
 jobs:
   build:
     name: Build and Push Docker Image
-    uses: uptick/actions/.github/workflows/ci.yaml@main
+    uses: uptick/actions/.github/workflows/ci.yaml@main # ratchet:exclude
     secrets:
       SECRET_ENV: "${{ secrets.DEPLOY_KEY }}"
     #https://github.com/uptick/actions/blob/main/.github/workflows/ci.yaml