From ca10b81921a934f19ed17b105e2995b13f777831 Mon Sep 17 00:00:00 2001 From: Timothy Stewart Date: Mon, 29 Aug 2022 22:07:06 -0500 Subject: [PATCH] fix(github): pin actions to sha --- .github/workflows/main.yml | 18 ++++++++++-------- .github/workflows/pull-request.yml | 5 +++-- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b44211c..fe57ba6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,9 +12,10 @@ jobs: matrix: node-version: [v16.16.0] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2 + - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@master + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 with: node-version: ${{ matrix.node-version }} - name: Install Dependencies, Test, and Build @@ -30,29 +31,30 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2 + - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # 2.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6 # 2.0.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # 2.0.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.PAT }} - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # 2.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94 # 3.1.1 with: context: . file: ./Dockerfile diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index af2896c..932c43b 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -15,9 +15,10 @@ jobs: matrix: node-version: [v16.16.0] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # 3.0.2 + - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@master + uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 with: node-version: ${{ matrix.node-version }} - name: Install Dependencies, Test, and Build