diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 465f6f6..9400259 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -29,13 +29,13 @@ jobs: apps: ${{ steps.set-matrix.outputs.apps }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 - name: Detect changed apps id: changed-files - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@48d8f15b2aaa3d255ca5af3eba4870f807ce6b3c # v45 with: files: apps/** dir_names: true @@ -76,16 +76,16 @@ jobs: attestations: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -116,7 +116,7 @@ jobs: - name: Extract metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.app }} tags: | @@ -127,7 +127,7 @@ jobs: - name: Build and push id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: ./apps/${{ matrix.app }} platforms: linux/amd64 @@ -141,7 +141,7 @@ jobs: - name: Generate artifact attestation if: github.event_name != 'pull_request' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2 with: subject-name: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ matrix.app }} subject-digest: ${{ steps.build.outputs.digest }} diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml index 92f4fa0..fa96d75 100644 --- a/.github/workflows/mega-linter.yaml +++ b/.github/workflows/mega-linter.yaml @@ -29,13 +29,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 # Full git history for better analysis - name: MegaLinter id: ml - uses: oxsecurity/megalinter@v8 + uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8 env: VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -46,7 +46,7 @@ jobs: # Upload reports as artifacts - name: Archive linting reports if: success() || failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: MegaLinter-reports path: | @@ -57,7 +57,7 @@ jobs: # Add PR comment with summary (only on PRs) - name: Create PR comment if: github.event_name == 'pull_request' && (success() || failure()) - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const fs = require('fs');