diff --git a/.github/workflows/autotag.yml b/.github/workflows/autotag.yml index 461f868..8debc8e 100644 --- a/.github/workflows/autotag.yml +++ b/.github/workflows/autotag.yml @@ -15,13 +15,13 @@ jobs: contents: write steps: - name: Checkout the code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.merge_commit_sha }} fetch-depth: '0' - name: Bump version and push tag - uses: anothrNick/github-tag-action@1.71.0 + uses: anothrNick/github-tag-action@f278d49d30cdd8775cc3e7dd00b5ee11686ee297 # 1.71.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} WITH_V: true diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml index 593a878..5faaad7 100644 --- a/.github/workflows/build_container_image.yml +++ b/.github/workflows/build_container_image.yml @@ -71,13 +71,13 @@ jobs: image: ${{ steps.set_outputs.outputs.image }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Set release name and image tag run: | @@ -116,7 +116,7 @@ jobs: - name: Login to temporary registry id: ghcr - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{github.actor}} @@ -124,7 +124,7 @@ jobs: - name: Build container image id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: ${{ inputs.build_context }} file: "${{ inputs.build_context }}/${{ inputs.dockerfile_path }}" diff --git a/.github/workflows/build_node_package.yml b/.github/workflows/build_node_package.yml index aee8da8..eaaa74f 100644 --- a/.github/workflows/build_node_package.yml +++ b/.github/workflows/build_node_package.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Use Node.js ${{ matrix.node.version}} - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: ${{ matrix.node.version }} diff --git a/.github/workflows/build_node_package_with_pgsql.yml b/.github/workflows/build_node_package_with_pgsql.yml index 5087fb9..6491408 100644 --- a/.github/workflows/build_node_package_with_pgsql.yml +++ b/.github/workflows/build_node_package_with_pgsql.yml @@ -30,10 +30,10 @@ jobs: node-version: [16.x] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Use Node.js ${{ inputs.node_version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: ${{ inputs.node_version }} diff --git a/.github/workflows/deploy_container_image.yml b/.github/workflows/deploy_container_image.yml index f68a0f0..eb289ac 100644 --- a/.github/workflows/deploy_container_image.yml +++ b/.github/workflows/deploy_container_image.yml @@ -72,7 +72,7 @@ jobs: - name: Configure AWS credentials id: aws-config - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ secrets.aws_access_key_id }} aws-secret-access-key: ${{ secrets.aws_secret_access_key }} @@ -81,20 +81,20 @@ jobs: - name: Login to AWS ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1 with: mask-password: 'true' - name: Login to temporary registry id: login-ghcr - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.temporary_registry_token }} - name: Push image to ECR - uses: akhilerm/tag-push-action@v2.2.0 + uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0 with: src: ${{ inputs.image }} dst: | @@ -103,7 +103,7 @@ jobs: - name: Configure AWS credentials for EKS interaction if: ${{fromJson( inputs.deploy )}} - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-access-key-id: ${{ secrets.aws_access_key_id }} aws-secret-access-key: ${{ secrets.aws_secret_access_key }} @@ -113,7 +113,7 @@ jobs: - name: Setup kubectl if: ${{fromJson( inputs.deploy )}} - uses: azure/setup-kubectl@v4 + uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0 with: version: ${{ inputs.kubectl_version }} diff --git a/.github/workflows/deploy_helm_chart.yml b/.github/workflows/deploy_helm_chart.yml index ca0ed7b..f40478d 100644 --- a/.github/workflows/deploy_helm_chart.yml +++ b/.github/workflows/deploy_helm_chart.yml @@ -123,17 +123,17 @@ jobs: pull-requests: write steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 - name: Install Helm Diff plugin run: | helm plugin install https://github.com/databus23/helm-diff - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ inputs.cluster_region }} role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ inputs.iam_role_name }} @@ -141,7 +141,7 @@ jobs: role-duration-seconds: 900 - name: Setup kubectl - uses: azure/setup-kubectl@v4.0.0 + uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0 with: version: ${{ inputs.kubectl_version }} @@ -150,7 +150,7 @@ jobs: aws eks update-kubeconfig --region ${{ inputs.cluster_region }} --name ${{ secrets.cluster_name }} - name: Install 1Password CLI - uses: 1password/install-cli-action@v1 + uses: 1password/install-cli-action@143a85f84a90555d121cde2ff5872e393a47ab9f # v1.0.0 with: version: 2.25.0 @@ -235,7 +235,7 @@ jobs: fi - name: Create the diff summary - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 env: DIFF: ${{ steps.helm_diff.outputs.diff }} with: @@ -262,7 +262,7 @@ jobs: - name: Add diff summary to pull request if: github.event_name == 'pull_request' - uses: thollander/actions-comment-pull-request@v3 + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: file-path: ./summary.md comment-tag: 'helm-diff-${{ inputs.environment }}' @@ -276,10 +276,10 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 with: aws-region: ${{ inputs.cluster_region }} role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ inputs.iam_role_name }} @@ -287,7 +287,7 @@ jobs: role-duration-seconds: 900 - name: Install 1Password CLI - uses: 1password/install-cli-action@v1 + uses: 1password/install-cli-action@143a85f84a90555d121cde2ff5872e393a47ab9f # v1.0.0 with: version: 2.25.0 @@ -333,7 +333,7 @@ jobs: echo "LAST_COMMIT_MSG=$LAST_COMMIT_MSG" >> $GITHUB_ENV - name: Send notification - uses: slackapi/slack-github-action@v1.27.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 id: send_notification if: ${{ fromJson( inputs.slack_notification_enabled ) }} with: @@ -372,7 +372,7 @@ jobs: SLACK_BOT_TOKEN: ${{ secrets.slack_token }} - name: Deploy Helm - uses: bitovi/github-actions-deploy-eks-helm@v1.2.12 + uses: bitovi/github-actions-deploy-eks-helm@29f556cf128eb1b42f834caf13b60a630ee2a20b # v1.2.12 id: deploy with: action: ${{ inputs.chart_action }} @@ -392,7 +392,7 @@ jobs: - name: Validate deployment if: ${{ inputs.validate_url != '' }} - uses: jtalk/url-health-check-action@v4 + uses: jtalk/url-health-check-action@b716ccb6645355dd9fcce8002ce460e5474f7f00 # v4 with: url: ${{ inputs.validate_url }} follow-redirect: true @@ -419,7 +419,7 @@ jobs: - name: Update notification if: ${{ always() && fromJson( inputs.slack_notification_enabled ) }} - uses: slackapi/slack-github-action@v1.27.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1 with: channel-id: ${{ inputs.slack_channel_id }} update-ts: ${{ steps.send_notification.outputs.ts }} diff --git a/.github/workflows/merge_multiarch_images.yml b/.github/workflows/merge_multiarch_images.yml index cd50be6..f69decd 100644 --- a/.github/workflows/merge_multiarch_images.yml +++ b/.github/workflows/merge_multiarch_images.yml @@ -42,20 +42,20 @@ jobs: echo "repository_owner_lower=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV - name: Login to temporary registry - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{github.actor}} password: ${{secrets.temporary_registry_token}} - - uses: int128/docker-manifest-create-action@v2 + - uses: int128/docker-manifest-create-action@736aaa0f6ae97b2fb7f43e8dcef3ab47a02ea96e # v2.8.0 name: Merge and push with: tags: ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main suffixes: ${{ inputs.architecture_suffixes}} - name: Prune old images - uses: actions/delete-package-versions@v5 + uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0 with: package-name: ${{ inputs.image_name }} package-type: 'container' diff --git a/.github/workflows/publish_node_package.yml b/.github/workflows/publish_node_package.yml index 55f7cf3..6ebe5ba 100644 --- a/.github/workflows/publish_node_package.yml +++ b/.github/workflows/publish_node_package.yml @@ -85,7 +85,7 @@ jobs: release_name: ${{ env.release_name }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.repository_name }} ref: ${{ inputs.branch_name }} @@ -127,7 +127,7 @@ jobs: if: | inputs.publish_package || inputs.build_package - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: ${{ inputs.node_version }} registry-url: '${{ inputs.npm_registry_url }}'