From c2398ced0efdd5151b4322922b20459b3d37a0d4 Mon Sep 17 00:00:00 2001 From: Pedro Kaj Kjellerup Nacht Date: Wed, 6 Dec 2023 16:48:24 -0300 Subject: [PATCH] [infra] Hash-pin GitHub Actions, keep them updated with dependabot (#6815) --- .github/dependabot.yml | 15 +++++++++++++++ .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/coverage.yml | 6 +++--- .github/workflows/lock.yml | 6 +++--- .github/workflows/release.yml | 6 +++--- .github/workflows/stale.yml | 2 +- .github/workflows/testing.yml | 8 ++++---- 7 files changed, 32 insertions(+), 17 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000000..322a2b6ea8f9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + github-actions: + patterns: + - "*" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8f3250b28efc..54a847672101 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,13 +25,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 7d39c1c3eaa2..7cf029b174b8 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -9,10 +9,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Install checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install checkout - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: "stable" @@ -20,4 +20,4 @@ jobs: run: go test -coverprofile=coverage.out -coverpkg=./... ./... - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index 314766c5f9f9..60c43e91b013 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -15,8 +15,8 @@ jobs: issues: write pull-requests: write steps: - - uses: dessant/lock-threads@v2 + - uses: dessant/lock-threads@d42e5f49803f3c4e14ffee0378e31481265dda22 # v5.0.0 with: github-token: ${{ github.token }} - issue-lock-inactive-days: 180 - pr-lock-inactive-days: 180 + issue-inactive-days: 180 + pr-inactive-days: 180 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93ba67540244..21871a6fa28e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,10 +25,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - name: Download dependencies run: | @@ -57,7 +57,7 @@ jobs: echo "name=${PACKAGE_NAME}" >> $GITHUB_OUTPUT - name: Upload asset - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 59424963d397..bcb44e003bac 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v4 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 6 diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index c9f0afbe7813..487b109298d8 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -24,11 +24,11 @@ jobs: steps: # Setup the environment. - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: '1.21' - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Run the vet checks. - name: vet @@ -89,12 +89,12 @@ jobs: run: echo "${{ matrix.grpcenv }}" >> $GITHUB_ENV - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ matrix.goversion }} - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Only run vet for 'vet' runs. - name: Run vet.sh