diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 2828af7125..5b7410e4d0 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest name: lint github workflows steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Add problem matchers run: | # https://github.com/rhysd/actionlint/blob/3a2f2c7/docs/usage.md#problem-matchers diff --git a/.github/workflows/auto-assign-pr.yaml b/.github/workflows/auto-assign-pr.yaml index b9d22fb961..e5733e419c 100644 --- a/.github/workflows/auto-assign-pr.yaml +++ b/.github/workflows/auto-assign-pr.yaml @@ -9,4 +9,4 @@ jobs: auto-assign: runs-on: ubuntu-latest steps: - - uses: kentaro-m/auto-assign-action@v2.0.0 + - uses: kentaro-m/auto-assign-action@f4648c0a9fdb753479e9e75fc251f507ce17bb7e # v2.0.0 diff --git a/.github/workflows/conventional-commits.yaml b/.github/workflows/conventional-commits.yaml index c159caeae6..c11a3f44b4 100644 --- a/.github/workflows/conventional-commits.yaml +++ b/.github/workflows/conventional-commits.yaml @@ -13,4 +13,4 @@ jobs: fetch-depth: 0 - name: Conventional commits check - uses: oknozor/cocogitto-action@v3 + uses: oknozor/cocogitto-action@5ae166018d8265bb2df85c1eb521e86a17b61085 # v3 diff --git a/.github/workflows/create-release-prs.yaml b/.github/workflows/create-release-prs.yaml index 156bdbfac5..6fa7d98d78 100644 --- a/.github/workflows/create-release-prs.yaml +++ b/.github/workflows/create-release-prs.yaml @@ -12,14 +12,14 @@ jobs: createReleasePR: runs-on: ubuntu-latest steps: - - uses: googleapis/release-please-action@v4 + - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4 with: skip-github-release: true token: ${{ secrets.ACTIONS_BOT_TOKEN }} config-file: .github/release-please/config.json manifest-file: .github/release-please/manifest.json id: release-please - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 if: ${{ steps.release-please.outputs.prs_created == 'true' }} - name: Set PRs to auto-merge if: ${{ steps.release-please.outputs.prs_created == 'true' }} diff --git a/.github/workflows/get-changed-chart.yaml b/.github/workflows/get-changed-chart.yaml index e5c67444ba..cafeb3ffe0 100644 --- a/.github/workflows/get-changed-chart.yaml +++ b/.github/workflows/get-changed-chart.yaml @@ -13,12 +13,12 @@ jobs: outputs: chart: ${{ steps.getChangedChart.outputs.chart }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: helm/chart-testing-action@v2.6.1 + - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - id: getChangedChart name: Get changed chart in this commit diff --git a/.github/workflows/get-changed-charts.yaml b/.github/workflows/get-changed-charts.yaml index 1d41bda51b..b2a1d47b5f 100644 --- a/.github/workflows/get-changed-charts.yaml +++ b/.github/workflows/get-changed-charts.yaml @@ -13,12 +13,12 @@ jobs: outputs: charts: ${{ steps.getCharts.outputs.charts }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - - uses: helm/chart-testing-action@v2.6.1 + - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Get all charts id: getCharts diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index d902de3be9..847832a019 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -22,7 +22,7 @@ jobs: CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} CHART: ${{ matrix.chart }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 @@ -38,12 +38,12 @@ jobs: echo ) | tee -a "$GITHUB_OUTPUT" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 with: python-version: 3.7 - run: ./.github/scripts/prepare-values.sh "charts/$CHART" - - uses: helm/chart-testing-action@v2.6.1 + - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Lint chart run: | diff --git a/.github/workflows/pr-comment-diff.yaml b/.github/workflows/pr-comment-diff.yaml index bf1e94abb1..f0ae4fd352 100644 --- a/.github/workflows/pr-comment-diff.yaml +++ b/.github/workflows/pr-comment-diff.yaml @@ -20,7 +20,7 @@ jobs: CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - run: pip install yq - name: Install sponge run: sudo apt-get -yq install moreutils diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml index dcc7c17bf6..323efd47af 100644 --- a/.github/workflows/release-chart.yaml +++ b/.github/workflows/release-chart.yaml @@ -15,7 +15,7 @@ jobs: releases_created: ${{ steps.release.outputs.releases_created }} paths_released: ${{ steps.release.outputs.paths_released }} steps: - - uses: googleapis/release-please-action@v4 + - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4 id: release with: skip-github-pull-request: true @@ -32,7 +32,7 @@ jobs: env: CHART: ${{ matrix.chart }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - run: helm package --dependency-update "${CHART}" - run: helm registry login ghcr.io --username teutonet-bot --password ${{ secrets.ACTIONS_BOT_TOKEN }} diff --git a/.github/workflows/release-update-metadata.yaml b/.github/workflows/release-update-metadata.yaml index 3d38ca0b25..477b5e4a87 100644 --- a/.github/workflows/release-update-metadata.yaml +++ b/.github/workflows/release-update-metadata.yaml @@ -19,7 +19,7 @@ jobs: CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} CHART: ${{ needs.getChangedChart.outputs.chart }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 token: ${{ secrets.ACTIONS_BOT_TOKEN }} @@ -34,7 +34,7 @@ jobs: - run: ./.github/scripts/enforce-trusted-registries.sh "charts/$CHART" - name: Commit artifacthub images - uses: EndBug/add-and-commit@v9 + uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: message: "ci: [bot] Update images in 'Chart.yaml'" default_author: github_actions @@ -51,12 +51,12 @@ jobs: fi generate-schema-doc --config-file .github/json-schema-to-md.yaml "charts/$CHART/values.schema.json" "charts/$CHART/values.md" - name: generate Docs - uses: docker://jnorwood/helm-docs:latest + uses: docker://jnorwood/helm-docs:latest@sha256:717bd8f770bd1d25ccf79c876f1420e105832f2d6bbde12170405f58f540cb2d with: args: -g charts/${{ needs.getChangedChart.outputs.chart }} - name: Commit README - uses: EndBug/add-and-commit@v9 + uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: message: "ci: [bot] Update 'README.md'" default_author: github_actions diff --git a/.github/workflows/update-artifacthub-images.yaml b/.github/workflows/update-artifacthub-images.yaml index a970657dd3..14d19efde2 100644 --- a/.github/workflows/update-artifacthub-images.yaml +++ b/.github/workflows/update-artifacthub-images.yaml @@ -11,7 +11,7 @@ jobs: outputs: charts: ${{ steps.getCharts.outputs.charts }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Get all charts id: getCharts @@ -34,7 +34,7 @@ jobs: matrix: chart: ${{ fromJson(needs.getAllCharts.outputs.charts) }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: token: ${{ secrets.ACTIONS_BOT_TOKEN }} @@ -48,7 +48,7 @@ jobs: - run: ./.github/scripts/enforce-trusted-registries.sh "charts/${{ matrix.chart }}" - id: create-pr - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6 with: add-paths: | charts/${{ matrix.chart }}/Chart.yaml @@ -64,7 +64,7 @@ jobs: PR_NUMBER: ${{ steps.create-pr.outputs.pull-request-number }} merge-method: squash - if: ${{ steps.create-pr.outputs.pull-request-number }} - uses: juliangruber/approve-pull-request-action@v2.0.6 + uses: juliangruber/approve-pull-request-action@b71c44ff142895ba07fad34389f1938a4e8ee7b0 # v2.0.6 with: github-token: ${{ secrets.ACTIONS_BOT_TOKEN }} number: ${{ steps.create-pr.outputs.pull-request-number }} diff --git a/.github/workflows/update-codeowners.yaml b/.github/workflows/update-codeowners.yaml index fe2c8d99c8..08bb6d0778 100644 --- a/.github/workflows/update-codeowners.yaml +++ b/.github/workflows/update-codeowners.yaml @@ -12,14 +12,14 @@ jobs: generateCodeowners: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: generate CODEOWNERS run: ./.github/scripts/sync-codeowners.sh > .github/CODEOWNERS - name: Create PR id: create-pr - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6 with: add-paths: | .github/CODEOWNERS diff --git a/.github/workflows/validate-pullrequest.yaml b/.github/workflows/validate-pullrequest.yaml index 7b827645f8..bcd11f597a 100644 --- a/.github/workflows/validate-pullrequest.yaml +++ b/.github/workflows/validate-pullrequest.yaml @@ -17,13 +17,13 @@ jobs: name: Validate commits runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - name: Conventional commit check - uses: cocogitto/cocogitto-action@v3 + uses: cocogitto/cocogitto-action@5ae166018d8265bb2df85c1eb521e86a17b61085 # v3 validateAndLabelPR: if: ${{ !startsWith(github.head_ref, 'release-please--') }} name: Validate and label PR @@ -31,7 +31,7 @@ jobs: needs: getChangedChart steps: - name: Conventional commit check - uses: cocogitto/cocogitto-action@v3 + uses: cocogitto/cocogitto-action@5ae166018d8265bb2df85c1eb521e86a17b61085 # v3 with: check: false - run: |