From 3f98a11ad1d0e25a7abc4bee32fe5fe26ae1245a Mon Sep 17 00:00:00 2001 From: nscuro Date: Wed, 2 Nov 2022 20:07:26 +0100 Subject: [PATCH] build: pin github actions to commit digest Signed-off-by: nscuro --- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/goreleaser.yml | 13 +++++++------ 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cc0cd2e..c6474c9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,9 +17,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: Check license headers - uses: apache/skywalking-eyes@v0.4.0 + uses: apache/skywalking-eyes@438e4ea5682269933ea2c8b5608662e52af26959 # tag=v0.4.0 with: config: .licenserc.yml @@ -29,14 +29,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: Setup Go - uses: actions/setup-go@v3.3.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 with: go-version: "1.19" check-latest: true - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.3.0 + uses: golangci/golangci-lint-action@07db5389c99593f11ad7b44463c2d4233066a9b1 # tag=v3.3.0 with: version: latest @@ -52,7 +52,7 @@ jobs: - "1.19" steps: - name: Setup Go - uses: actions/setup-go@v3.3.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 with: go-version: ${{ matrix.go }} check-latest: true @@ -64,6 +64,6 @@ jobs: echo "ad736b1443aa6527fc8bffdca1f632414908d21a631f33c60f439f6942a47d3c $HOME/.local/bin/cyclonedx" | sha256sum -c chmod +x "$HOME/.local/bin/cyclonedx" - name: Checkout Repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: Test run: make test diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 89d28e6..bac8a67 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -5,30 +5,31 @@ on: tags: - 'v*' -permissions: - contents: write +permissions: { } jobs: goreleaser: name: Release timeout-minutes: 5 runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout Repository - uses: actions/checkout@v3.1.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@v3.3.0 + uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 with: go-version: "1.19" check-latest: true - name: Install cyclonedx-gomod - uses: CycloneDX/gh-gomod-generate-sbom@v1 + uses: CycloneDX/gh-gomod-generate-sbom@d4aee0cf5133055dbd98899978246c10c18c440f # tag=v1.1.0 with: version: v1 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v3 + uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # tag=v3.2.0 with: version: latest args: release --rm-dist