diff options
| author | Patrick Linnane <patrick@linnane.io> | 2025-04-07 21:45:06 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-08 00:45:06 -0400 |
| commit | 16145049223cfb68c7a98bfc2cf0ef56f7e28ff5 (patch) | |
| tree | 74025957e0d511ed971bfae24eb87cf2a7e5ad41 | |
| parent | 2324395ae2dcdb4729f9c29e393a6a03a6e84af6 (diff) | |
| download | anubis-16145049223cfb68c7a98bfc2cf0ef56f7e28ff5.tar.xz anubis-16145049223cfb68c7a98bfc2cf0ef56f7e28ff5.zip | |
workflows: hash pin Actions (#203)
Signed-off-by: Patrick Linnane <patrick@linnane.io>
| -rw-r--r-- | .github/workflows/docker-pr.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/docker.yml | 12 | ||||
| -rw-r--r-- | .github/workflows/docs-deploy.yml | 14 | ||||
| -rw-r--r-- | .github/workflows/go.yml | 10 | ||||
| -rw-r--r-- | .github/workflows/zizmor.yml | 6 | ||||
| -rw-r--r-- | docs/docs/CHANGELOG.md | 1 |
6 files changed, 25 insertions, 24 deletions
diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml index 03539f7..9001ecb 100644 --- a/.github/workflows/docker-pr.yml +++ b/.github/workflows/docker-pr.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-tags: true fetch-depth: 0 @@ -25,7 +25,7 @@ jobs: uses: Homebrew/actions/setup-homebrew@master - name: Setup Homebrew cellar cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | /home/linuxbrew/.linuxbrew/Cellar @@ -47,7 +47,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ghcr.io/techarohq/anubis diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d094453..f1f0342 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-tags: true fetch-depth: 0 @@ -31,7 +31,7 @@ jobs: uses: Homebrew/actions/setup-homebrew@master - name: Setup Homebrew cellar cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | /home/linuxbrew/.linuxbrew/Cellar @@ -52,7 +52,7 @@ jobs: brew bundle - name: Log into registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: techarohq @@ -60,7 +60,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ghcr.io/techarohq/anubis @@ -74,8 +74,8 @@ jobs: SLOG_LEVEL: debug - name: Generate artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3 with: subject-name: ghcr.io/techarohq/anubis subject-digest: ${{ steps.build.outputs.digest }} - push-to-registry: true
\ No newline at end of file + push-to-registry: true diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 652351f..e2ca0b1 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -16,15 +16,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Log into registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: techarohq @@ -32,13 +32,13 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ghcr.io/techarohq/anubis/docs - name: Build and push id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: ./docs cache-to: type=gha @@ -49,14 +49,14 @@ jobs: push: true - name: Apply k8s manifests to aeacus - uses: actions-hub/kubectl@master + uses: actions-hub/kubectl@9270913c29699788b51bc04becd0ebdf048ffb49 # v1.32.3 env: KUBE_CONFIG: ${{ secrets.AEACUS_KUBECONFIG }} with: args: apply -k docs/manifest - name: Apply k8s manifests to aeacus - uses: actions-hub/kubectl@master + uses: actions-hub/kubectl@9270913c29699788b51bc04becd0ebdf048ffb49 # v1.32.3 env: KUBE_CONFIG: ${{ secrets.AEACUS_KUBECONFIG }} with: diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 18a8df7..0a19cf3 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -15,7 +15,7 @@ jobs: #runs-on: alrest-techarohq runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -28,7 +28,7 @@ jobs: uses: Homebrew/actions/setup-homebrew@master - name: Setup Homebrew cellar cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | /home/linuxbrew/.linuxbrew/Cellar @@ -49,7 +49,7 @@ jobs: brew bundle - name: Setup Golang caches - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.cache/go-build @@ -59,7 +59,7 @@ jobs: ${{ runner.os }}-golang- - name: Cache playwright binaries - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 id: playwright-cache with: path: | @@ -82,6 +82,6 @@ jobs: - name: Test run: npm run test - - uses: dominikh/staticcheck-action@v1 + - uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.3.1 with: version: "latest" diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index c2a03ab..daf4866 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -16,12 +16,12 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Install the latest version of uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1 - name: Run zizmor 🌈 run: uvx zizmor --format sarif . > results.sarif @@ -29,7 +29,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@1b549b9259bda1cb5ddde3b41741a82a2d15a841 # v3.28.13 with: sarif_file: results.sarif category: zizmor diff --git a/docs/docs/CHANGELOG.md b/docs/docs/CHANGELOG.md index 3d4aa31..ec57bb3 100644 --- a/docs/docs/CHANGELOG.md +++ b/docs/docs/CHANGELOG.md @@ -42,6 +42,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Added an `--extract-resources` flag to extract static resources to a local folder. - Add noindex flag to all Anubis pages ([#227](https://github.com/TecharoHQ/anubis/issues/227)). - Added `WEBMASTER_EMAIL` variable, if it is present then display that email address on error pages ([#235](https://github.com/TecharoHQ/anubis/pull/235), [#115](https://github.com/TecharoHQ/anubis/issues/115)) +- Hash pinned all GitHub Actions ## v1.15.1 |