Skip to content

chore: Pin all external actions to commit hash #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hardillb merged 2 commits into from
Mar 24, 2025
Merged

chore: Pin all external actions to commit hash #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2efc77d
Pin all external actions to commit hash
ppawlowski Mar 24, 2025
992eed7
Remove notify_on_slack workflow file
ppawlowski Mar 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/autotag.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,13 @@ jobs:
contents: write
steps:
- name: Checkout the code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.merge_commit_sha }}
fetch-depth: '0'

- name: Bump version and push tag
uses: anothrNick/[email protected]
uses: anothrNick/github-tag-action@f278d49d30cdd8775cc3e7dd00b5ee11686ee297 # 1.71.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: true
10 changes: 5 additions & 5 deletions .github/workflows/build_container_image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,13 +71,13 @@ jobs:
image: ${{ steps.set_outputs.outputs.image }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Setup QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0

- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

- name: Set release name and image tag
run: |
Expand Down Expand Up @@ -116,15 +116,15 @@ jobs:

- name: Login to temporary registry
id: ghcr
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.temporary_registry_token}}

- name: Build container image
id: build
uses: docker/build-push-action@v6
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: ${{ inputs.build_context }}
file: "${{ inputs.build_context }}/${{ inputs.dockerfile_path }}"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build_node_package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Use Node.js ${{ matrix.node.version}}
uses: actions/setup-node@v4
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: ${{ matrix.node.version }}

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build_node_package_with_pgsql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ jobs:
node-version: [16.x]
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Use Node.js ${{ inputs.node_version }}
uses: actions/setup-node@v4
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: ${{ inputs.node_version }}

Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/deploy_container_image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ jobs:

- name: Configure AWS credentials
id: aws-config
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
Expand All @@ -81,20 +81,20 @@ jobs:

- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
mask-password: 'true'

- name: Login to temporary registry
id: login-ghcr
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.temporary_registry_token }}

- name: Push image to ECR
uses: akhilerm/[email protected]
uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0
with:
src: ${{ inputs.image }}
dst: |
Expand All @@ -103,7 +103,7 @@ jobs:

- name: Configure AWS credentials for EKS interaction
if: ${{fromJson( inputs.deploy )}}
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-access-key-id: ${{ secrets.aws_access_key_id }}
aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
Expand All @@ -113,7 +113,7 @@ jobs:

- name: Setup kubectl
if: ${{fromJson( inputs.deploy )}}
uses: azure/setup-kubectl@v4
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
with:
version: ${{ inputs.kubectl_version }}

Expand Down
28 changes: 14 additions & 14 deletions .github/workflows/deploy_helm_chart.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,25 +123,25 @@ jobs:
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Helm
uses: azure/setup-helm@v4
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0

- name: Install Helm Diff plugin
run: |
helm plugin install https://github.com/databus23/helm-diff

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-region: ${{ inputs.cluster_region }}
role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ inputs.iam_role_name }}
role-session-name: GithubActionsRoleSession
role-duration-seconds: 900

- name: Setup kubectl
uses: azure/[email protected]
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
with:
version: ${{ inputs.kubectl_version }}

Expand All @@ -150,7 +150,7 @@ jobs:
aws eks update-kubeconfig --region ${{ inputs.cluster_region }} --name ${{ secrets.cluster_name }}

- name: Install 1Password CLI
uses: 1password/install-cli-action@v1
uses: 1password/install-cli-action@143a85f84a90555d121cde2ff5872e393a47ab9f # v1.0.0
with:
version: 2.25.0

Expand Down Expand Up @@ -235,7 +235,7 @@ jobs:
fi

- name: Create the diff summary
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
DIFF: ${{ steps.helm_diff.outputs.diff }}
with:
Expand All @@ -262,7 +262,7 @@ jobs:

- name: Add diff summary to pull request
if: github.event_name == 'pull_request'
uses: thollander/actions-comment-pull-request@v3
uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
with:
file-path: ./summary.md
comment-tag: 'helm-diff-${{ inputs.environment }}'
Expand All @@ -276,18 +276,18 @@ jobs:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0
with:
aws-region: ${{ inputs.cluster_region }}
role-to-assume: arn:aws:iam::${{ secrets.aws_account_id }}:role/${{ inputs.iam_role_name }}
role-session-name: GithubActionsRoleSession
role-duration-seconds: 900

- name: Install 1Password CLI
uses: 1password/install-cli-action@v1
uses: 1password/install-cli-action@143a85f84a90555d121cde2ff5872e393a47ab9f # v1.0.0
with:
version: 2.25.0

Expand Down Expand Up @@ -333,7 +333,7 @@ jobs:
echo "LAST_COMMIT_MSG=$LAST_COMMIT_MSG" >> $GITHUB_ENV

- name: Send notification
uses: slackapi/[email protected].0
uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
id: send_notification
if: ${{ fromJson( inputs.slack_notification_enabled ) }}
with:
Expand Down Expand Up @@ -372,7 +372,7 @@ jobs:
SLACK_BOT_TOKEN: ${{ secrets.slack_token }}

- name: Deploy Helm
uses: bitovi/[email protected]
uses: bitovi/github-actions-deploy-eks-helm@29f556cf128eb1b42f834caf13b60a630ee2a20b # v1.2.12
id: deploy
with:
action: ${{ inputs.chart_action }}
Expand All @@ -392,7 +392,7 @@ jobs:

- name: Validate deployment
if: ${{ inputs.validate_url != '' }}
uses: jtalk/url-health-check-action@v4
uses: jtalk/url-health-check-action@b716ccb6645355dd9fcce8002ce460e5474f7f00 # v4
with:
url: ${{ inputs.validate_url }}
follow-redirect: true
Expand All @@ -419,7 +419,7 @@ jobs:

- name: Update notification
if: ${{ always() && fromJson( inputs.slack_notification_enabled ) }}
uses: slackapi/[email protected].0
uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 # v1.27.1
with:
channel-id: ${{ inputs.slack_channel_id }}
update-ts: ${{ steps.send_notification.outputs.ts }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/merge_multiarch_images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,20 +42,20 @@ jobs:
echo "repository_owner_lower=${GITHUB_REPOSITORY_OWNER,,}" >> $GITHUB_ENV

- name: Login to temporary registry
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{github.actor}}
password: ${{secrets.temporary_registry_token}}

- uses: int128/docker-manifest-create-action@v2
- uses: int128/docker-manifest-create-action@736aaa0f6ae97b2fb7f43e8dcef3ab47a02ea96e # v2.8.0
name: Merge and push
with:
tags: ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main
suffixes: ${{ inputs.architecture_suffixes}}

- name: Prune old images
uses: actions/delete-package-versions@v5
uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0
with:
package-name: ${{ inputs.image_name }}
package-type: 'container'
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/publish_node_package.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ jobs:
release_name: ${{ env.release_name }}
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: ${{ inputs.repository_name }}
ref: ${{ inputs.branch_name }}
Expand Down Expand Up @@ -127,7 +127,7 @@ jobs:
if: |
inputs.publish_package ||
inputs.build_package
uses: actions/setup-node@v4
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: ${{ inputs.node_version }}
registry-url: '${{ inputs.npm_registry_url }}'
Expand Down