diff --git a/.github/workflows/ci-gha-workflows.yaml b/.github/workflows/ci-gha-workflows.yaml index 4d6050424..09e266a95 100644 --- a/.github/workflows/ci-gha-workflows.yaml +++ b/.github/workflows/ci-gha-workflows.yaml @@ -15,7 +15,7 @@ jobs: permissions: security-events: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: false diff --git a/.github/workflows/ci-nodejs.yml b/.github/workflows/ci-nodejs.yml index fa5befc98..b0ac84ec6 100644 --- a/.github/workflows/ci-nodejs.yml +++ b/.github/workflows/ci-nodejs.yml @@ -51,7 +51,7 @@ jobs: timeout-minutes: 5 steps: - name: Restore previous test results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.TEST_STATUS_FILE }} @@ -65,14 +65,14 @@ jobs: echo 'TEST_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - name: Setup Node.js if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -92,7 +92,7 @@ jobs: - name: Restore cached playwright browsers if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 id: playwright-cache with: path: "~/.cache/ms-playwright" @@ -161,7 +161,7 @@ jobs: timeout-minutes: 10 steps: - name: Restore previous test results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.TEST_STATUS_FILE }} @@ -175,14 +175,14 @@ jobs: echo 'TEST_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - name: Setup Node.js if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -202,7 +202,7 @@ jobs: - name: Restore cached playwright browsers if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 id: playwright-cache with: path: "~/.cache/ms-playwright" @@ -264,7 +264,7 @@ jobs: pull-requests: write steps: - name: Restore previous test results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.TEST_STATUS_FILE }} @@ -278,14 +278,14 @@ jobs: echo 'TEST_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - name: Setup Node.js if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -305,7 +305,7 @@ jobs: - name: Restore cached playwright browsers if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 id: playwright-cache with: path: "~/.cache/ms-playwright" @@ -405,7 +405,7 @@ jobs: - name: Update artifact with performance results if: ${{ success() }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: performance-results path: | @@ -421,7 +421,7 @@ jobs: timeout-minutes: 5 steps: - name: Restore previous test results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.TEST_STATUS_FILE }} @@ -435,14 +435,14 @@ jobs: echo 'TEST_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - name: Setup Node.js if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -481,7 +481,7 @@ jobs: timeout-minutes: 10 steps: - name: Restore previous test results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.TEST_STATUS_FILE }} @@ -495,14 +495,14 @@ jobs: echo 'TEST_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - name: Setup Node.js if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -522,7 +522,7 @@ jobs: - name: Restore cached playwright browsers if: ${{ env.TEST_PREVIOUSLY_PASSED != 'true' }} - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 id: playwright-cache with: path: "~/.cache/ms-playwright" @@ -615,7 +615,7 @@ jobs: - name: Update artifact with build results if: ${{ needs.environment.outputs.name == 'development' }} - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: include-hidden-files: true name: build-results @@ -625,11 +625,11 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: fetch-depth: 0 persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -659,7 +659,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Restore previous lint results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.LINT_STATUS_FILE }} @@ -673,12 +673,12 @@ jobs: echo 'LINT_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.LINT_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 if: ${{ env.LINT_PREVIOUSLY_PASSED != 'true' }} with: node-version-file: .nvmrc @@ -712,7 +712,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Restore previous type check results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.TYPE_CHECK_STATUS_FILE }} @@ -726,12 +726,12 @@ jobs: echo 'TYPE_CHECK_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.TYPE_CHECK_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 if: ${{ env.TYPE_CHECK_PREVIOUSLY_PASSED != 'true' }} with: node-version-file: .nvmrc @@ -767,7 +767,7 @@ jobs: VALIDATE_STATUS_FILE: validate.success.txt steps: - name: Restore previous validate results - uses: actions/cache@v5 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 with: path: | ${{ env.VALIDATE_STATUS_FILE }} @@ -781,12 +781,12 @@ jobs: echo 'VALIDATE_PREVIOUSLY_PASSED=false' >> $GITHUB_ENV fi - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 if: ${{ env.VALIDATE_PREVIOUSLY_PASSED != 'true' }} with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 if: ${{ env.VALIDATE_PREVIOUSLY_PASSED != 'true' }} with: node-version-file: .nvmrc @@ -849,12 +849,12 @@ jobs: timeout-minutes: 10 if: ${{ needs.environment.outputs.name == 'production' }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: false - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index e980c744e..a83bb0090 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,12 +24,12 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: false - name: Dependency Review - uses: actions/dependency-review-action@v4 + uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4 # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. with: comment-summary-in-pr: on-failure diff --git a/.github/workflows/publish-demo.yaml b/.github/workflows/publish-demo.yaml index 4c573d2d3..05b160b90 100644 --- a/.github/workflows/publish-demo.yaml +++ b/.github/workflows/publish-demo.yaml @@ -28,10 +28,10 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc cache: npm @@ -49,13 +49,13 @@ jobs: exit 1 fi - - uses: actions/configure-pages@v5 + - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 - name: Upload dist folder - uses: actions/upload-pages-artifact@v4 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 with: path: demo/frontend/dist - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b8832bf95..2f09b5ee7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,11 +23,11 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: persist-credentials: true - name: Setup Node.js - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version-file: .nvmrc registry-url: https://registry.npmjs.org diff --git a/demo/backend/compose.yaml b/demo/backend/compose.yaml index f0ab3a00e..041a2132a 100644 --- a/demo/backend/compose.yaml +++ b/demo/backend/compose.yaml @@ -2,7 +2,7 @@ version: '3.8' services: nginx: - image: nginx:stable-alpine + image: nginx:stable-alpine@sha256:67c129e5545fd0c5fdbaf8e7039b8925d472679e94bd65f2a423578469e16718 ports: - '7070:7070' networks: @@ -15,7 +15,7 @@ services: restart: always grafana: - image: grafana/otel-lgtm + image: grafana/otel-lgtm@sha256:72628a43fbd8574b066cd06273545ec9cc74314f360598ee8de27770bd904faa ports: - '3000:3000' - '4317:4317'