diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 584efa5..09a20f3 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Generate token id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} @@ -29,7 +29,7 @@ jobs: permission-issues: write - name: Fetch metadata - uses: dependabot/fetch-metadata@v3 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3 with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/binaries.yml b/.github/workflows/binaries.yml index 24caf6f..b615b14 100644 --- a/.github/workflows/binaries.yml +++ b/.github/workflows/binaries.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Generate token id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} @@ -31,10 +31,10 @@ jobs: permission-packages: write - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup golang - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: go.mod @@ -45,13 +45,13 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Setup goreleaser - uses: goreleaser/goreleaser-action@v7 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7 with: install-only: true - name: Setup signing if: github.event_name != 'pull_request' - uses: crazy-max/ghaction-import-gpg@v7 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7 with: gpg_private_key: ${{ secrets.GNUPG_KEY }} passphrase: ${{ secrets.GNUPG_PASSWORD }} @@ -68,7 +68,7 @@ jobs: - name: Install cloudsmith if: startsWith(github.ref, 'refs/tags/') - uses: cloudsmith-io/cloudsmith-cli-action@v2.0.3 + uses: cloudsmith-io/cloudsmith-cli-action@159f1619275d5d3147f059c3cc110938ec221d16 # v2.0.3 with: api-key: ${{ secrets.CLOUDSMITH_API_KEY }} diff --git a/.github/workflows/changes.yml b/.github/workflows/changes.yml index 8f3ba66..e8bd52c 100644 --- a/.github/workflows/changes.yml +++ b/.github/workflows/changes.yml @@ -22,7 +22,7 @@ jobs: - name: Generate token if: github.event_name != 'pull_request' id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} @@ -30,16 +30,16 @@ jobs: - name: Checkout source if: github.event_name != 'pull_request' - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: ${{ steps.token.outputs.token }} - name: PR checkout if: github.event_name == 'pull_request' - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup golang - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: go.mod @@ -58,7 +58,7 @@ jobs: - name: Commit changes if: github.event_name != 'pull_request' - uses: EndBug/add-and-commit@v10 + uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10 with: author_name: GitHub Actions author_email: github@webhippie.de @@ -74,7 +74,7 @@ jobs: - name: Generate token if: github.event_name != 'pull_request' id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} @@ -82,16 +82,16 @@ jobs: - name: Checkout source if: github.event_name != 'pull_request' - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: ${{ steps.token.outputs.token }} - name: PR checkout if: github.event_name == 'pull_request' - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup golang - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: go.mod @@ -110,7 +110,7 @@ jobs: - name: Commit changes if: github.event_name != 'pull_request' - uses: EndBug/add-and-commit@v10 + uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10 with: author_name: GitHub Actions author_email: github@webhippie.de @@ -126,7 +126,7 @@ jobs: - name: Generate token if: github.event_name != 'pull_request' id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} @@ -134,16 +134,16 @@ jobs: - name: Checkout source if: github.event_name != 'pull_request' - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: ${{ steps.token.outputs.token }} - name: PR checkout if: github.event_name == 'pull_request' - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup golang - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: go.mod @@ -162,7 +162,7 @@ jobs: - name: Commit changes if: github.event_name != 'pull_request' - uses: EndBug/add-and-commit@v10 + uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10 with: author_name: GitHub Actions author_email: github@webhippie.de diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4b05fa1..ae97d0f 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,11 +23,11 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Docker meta id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 with: github-token: ${{ secrets.GITHUB_TOKEN }} images: | @@ -39,14 +39,14 @@ jobs: type=sha,format=long,prefix= - name: Setup qemu - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4 - name: Setup buildx id: buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Ghcr login - uses: docker/login-action@v4 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 if: github.event_name != 'pull_request' with: registry: ghcr.io @@ -54,7 +54,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 with: builder: ${{ steps.buildx.outputs.name }} context: . diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index e136f69..46a3fc7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup hugo - uses: peaceiris/actions-hugo@v3 + uses: peaceiris/actions-hugo@2752ce1d29631191ea3f27c23495fa06139a5b78 # v3 with: hugo-version: latest extended: true @@ -39,7 +39,7 @@ jobs: - name: Deploy pages if: github.event_name != 'pull_request' - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: docs/public/ diff --git a/.github/workflows/flake.yml b/.github/workflows/flake.yml index 822b580..94a0a69 100644 --- a/.github/workflows/flake.yml +++ b/.github/workflows/flake.yml @@ -17,19 +17,19 @@ jobs: steps: - name: Generate token id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} permission-contents: write - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: ${{ steps.token.outputs.token }} - name: Install nix - uses: cachix/install-nix-action@v31 + uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31 - name: Update flake run: nix flake update @@ -38,7 +38,7 @@ jobs: run: git pull --autostash --rebase - name: Commit changes - uses: EndBug/add-and-commit@v10 + uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10 with: author_name: GitHub Actions author_email: github@webhippie.de diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml index 8549012..3b77762 100644 --- a/.github/workflows/general.yml +++ b/.github/workflows/general.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup golang - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: go.mod @@ -53,7 +53,7 @@ jobs: - name: Coverage report if: github.event_name != 'pull_request' - uses: codacy/codacy-coverage-reporter-action@v1 + uses: codacy/codacy-coverage-reporter-action@89d6c85cfafaec52c72b6c5e8b2878d33104c699 # v1 with: project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} coverage-reports: coverage.out diff --git a/.github/workflows/kustomize.yml b/.github/workflows/kustomize.yml index 86dbedf..14ae7d2 100644 --- a/.github/workflows/kustomize.yml +++ b/.github/workflows/kustomize.yml @@ -20,10 +20,10 @@ jobs: steps: - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Generate manifest - uses: actionhippie/kustomize@v3 + uses: actionhippie/kustomize@f570f804e966eb0370843768d8f0b9bcda52948e # v3 with: version: 5.7.0 path: deploy/kubernetes/ diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index c7e4177..364df1c 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Generate token id: token - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 with: app-id: ${{ secrets.TOKEN_EXCHANGE_APP }} private-key: ${{ secrets.TOKEN_EXCHANGE_KEY }} @@ -26,13 +26,13 @@ jobs: permission-issues: write - name: Checkout source - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Setup golang - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 with: go-version-file: go.mod @@ -56,7 +56,7 @@ jobs: - name: Create request id: request - uses: peter-evans/create-pull-request@v8 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8 with: branch: update/tools delete-branch: true diff --git a/deploy/kubernetes/kustomization.yml b/deploy/kubernetes/kustomization.yml index 279b8a3..8e7acf1 100644 --- a/deploy/kubernetes/kustomization.yml +++ b/deploy/kubernetes/kustomization.yml @@ -18,6 +18,6 @@ secretGenerator: images: - name: github-exporter newName: quay.io/promhippie/github-exporter - newTag: 12.1.0 + newTag: 12.1.0@sha256:e6a89ca75a5cc6702360a0f6a9ca0e44dd827f1cca87dc8d6d5d89cbdcf361ba ...