diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml index ae51732d9..dfc07b80c 100644 --- a/.github/workflows/continuous-delivery.yml +++ b/.github/workflows/continuous-delivery.yml @@ -48,7 +48,7 @@ jobs: stage: ${{ steps.get_metadata.outputs.stage }} steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get metadata id: get_metadata @@ -98,7 +98,7 @@ jobs: - name: Checkout code if: fromJSON(needs.metadata.outputs.has_diff) - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run merge if: fromJSON(needs.metadata.outputs.has_diff) @@ -161,19 +161,19 @@ jobs: fi - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.merge.outputs.sha }} - name: Start deployment - uses: bobheadxi/deployments@88ce5600046c82542f8246ac287d0a53c461bca3 # v1.4.0 + uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1.5.0 id: start_deployment with: step: start env: ${{ needs.metadata.outputs.stage }} - name: Deploy - uses: appleboy/ssh-action@55dabf81b49d4120609345970c91507e2d734799 # v1.0.0 + uses: appleboy/ssh-action@7eaf76671a0d7eec5d98ee897acda4f968735a17 # v1.2.0 env: STAGE: ${{ needs.metadata.outputs.stage }} with: @@ -188,7 +188,7 @@ jobs: docker-compose up -d - name: Finalize Sentry release - uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7 # v1.4.1 + uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 env: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_ORG: ${{ vars.SENTRY_ORG_NAME }} @@ -199,7 +199,7 @@ jobs: set_commits: skip - name: Finish deployment - uses: bobheadxi/deployments@88ce5600046c82542f8246ac287d0a53c461bca3 # v1.4.0 + uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1.5.0 if: steps.start_deployment.conclusion == 'success' && always() with: step: finish @@ -228,7 +228,7 @@ jobs: done - name: Update Continuous Delivery check run - uses: guidojw/actions/update-check-run@abb0ee8d1336edf73383f2e5a09abd3a22f25b13 # v1.3.3 + uses: guidojw/actions/update-check-run@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7 with: app_id: ${{ vars.GH_APP_ID }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index df42dd331..192759bef 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.sha }} - name: Build test image - uses: guidojw/actions/build-docker-image@abb0ee8d1336edf73383f2e5a09abd3a22f25b13 # v1.3.3 + uses: guidojw/actions/build-docker-image@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7 with: file: Dockerfile build-args: | @@ -56,7 +56,7 @@ jobs: - 5432:5432 steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.sha }} @@ -71,7 +71,7 @@ jobs: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.26 - name: Load test image - uses: guidojw/actions/load-docker-image@abb0ee8d1336edf73383f2e5a09abd3a22f25b13 # v1.3.3 + uses: guidojw/actions/load-docker-image@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7 with: name: app @@ -105,7 +105,7 @@ jobs: - 5432:5432 steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.sha }} @@ -114,7 +114,7 @@ jobs: echo '::add-matcher::.github/problem-matchers/rspec.json' - name: Load test image - uses: guidojw/actions/load-docker-image@abb0ee8d1336edf73383f2e5a09abd3a22f25b13 # v1.3.3 + uses: guidojw/actions/load-docker-image@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7 with: name: app @@ -128,7 +128,7 @@ jobs: - name: Upload coverage report to Codecov if: ${{ !cancelled() }} - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 with: fail_ci_if_error: true token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml index 3d65f8977..fffa179e4 100644 --- a/.github/workflows/publish-image.yml +++ b/.github/workflows/publish-image.yml @@ -51,16 +51,16 @@ jobs: needs: metadata steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.sha }} fetch-depth: 0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Login to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ${{ vars.DOCKER_REGISTRY_URL }} username: ${{ github.repository_owner }} @@ -68,7 +68,7 @@ jobs: - name: Build and push image id: build_push_image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: push: true context: . @@ -90,7 +90,7 @@ jobs: - name: Create Sentry release if: ${{ !(github.event_name == 'workflow_dispatch' && github.workflow == 'Publish Image') }} - uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7 # v1.4.1 + uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 env: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_ORG: ${{ vars.SENTRY_ORG_NAME }} @@ -121,7 +121,7 @@ jobs: done - name: Update Publish Image check run - uses: guidojw/actions/update-check-run@abb0ee8d1336edf73383f2e5a09abd3a22f25b13 # v1.3.3 + uses: guidojw/actions/update-check-run@3ad963828827110a6b716a011f242bf01fdf1db4 # v1.4.7 with: app_id: ${{ vars.GH_APP_ID }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}