Merge pull request #2453 from newrelic/andrew/NR-282993-pin-actions-t…

…o-sha Pin actions to commit SHA
newrelic · Jun 26, 2024 · 52a0ad5 · 52a0ad5
2 parents 7218c6e + 68445b8
commit 52a0ad5
Show file tree

Hide file tree

Showing 16 changed files with 76 additions and 78 deletions.
diff --git a/.github/actions/add-commit-status/action.yml b/.github/actions/add-commit-status/action.yml
@@ -11,7 +11,7 @@ runs:
   using: composite
   steps:
     - name: Add commit status
-      uses: actions/github-script@v6
+      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
       env:
         STATE: ${{ inputs.state }}
         STATUS_CONTEXT: ${{ inputs.statusContext }}
@@ -36,4 +36,4 @@ runs:
 
           const result = await github.rest.repos.createCommitStatus(args);
 
-          console.log("Result:", result)
+          console.log("Result:", result)
diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml
@@ -2,9 +2,9 @@ name: Bootstrap Workflow
 description: Reusable action for setting up the repo
 runs:
   using: composite
-  steps: 
+  steps:
     - name: Setup node
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7
       with:
         node-version: 16
 
@@ -14,7 +14,7 @@ runs:
       working-directory: utils
       run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c
       id: yarn-cache
       with:
         path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
@@ -24,4 +24,4 @@ runs:
 
     - name: Install dependencies
       shell: bash
-      run: cd utils && yarn install --frozen-lockfile
+      run: cd utils && yarn install --frozen-lockfile
diff --git a/.github/workflows/pr-merged.yml b/.github/workflows/pr-merged.yml
@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           token: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
           ref: "release"

diff --git a/.github/workflows/pr-project-board.yml b/.github/workflows/pr-project-board.yml
@@ -4,8 +4,7 @@ on:
   pull_request_target:
     types: [opened]
     paths:
-      - 'quickstarts/**'
-
+      - "quickstarts/**"
 
 env:
   GITHUB_TOKEN: ${{ secrets.OPENSOURCE_BOT_TOKEN }}
@@ -15,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
       - name: Move PR to Project Board for triage
         run: |

diff --git a/.github/workflows/preview-links.yml b/.github/workflows/preview-links.yml
@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Create preview links
         id: links

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
       # Checkout fetch-depth: 2 because there's a check to see if package.json
       # was updated, and need at least 2 commits for the check to function properly
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           fetch-depth: 2
 

diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml
@@ -15,17 +15,17 @@ jobs:
     steps:
       - name: Test Default Branch
         id: default-branch
-        uses: actions/github-script@v6
+        uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410
         with:
           script: |
             const data = await github.rest.repos.get(context.repo)
             return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
       - name: Checkout Self
         if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
       - name: Run Repolinter
         if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: newrelic/repolinter-action@v1
+        uses: newrelic/repolinter-action@3f4448f855c351e9695b24524a4111c7847b84cb
         with:
           config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-project.yml
           output_type: issue
diff --git a/.github/workflows/reusable.quickstart_submission.yml b/.github/workflows/reusable.quickstart_submission.yml
@@ -31,14 +31,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         # Ensure we have the most recent commit to `main`
         with:
           ref: "main"
           fetch-depth: 0
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Update install plans
         env:
@@ -55,14 +55,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         # Ensure we have the most recent commit to `main`
         with:
           ref: "main"
           fetch-depth: 0
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Update data sources
         env:
@@ -80,14 +80,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         # Ensure we have the most recent commit to `main`
         with:
           ref: "main"
           fetch-depth: 0
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Update quickstarts
         env:
@@ -105,14 +105,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         # Ensure we have the most recent commit to `main`
         with:
           ref: "main"
           fetch-depth: 0
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Update dashboards with required datasources from quickstarts
         env:
@@ -130,14 +130,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         # Ensure we have the most recent commit to `main`
         with:
           ref: "main"
           fetch-depth: 0
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Update dashboards with required datasources from quickstarts
         env:

diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml
@@ -14,10 +14,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Run tests
         run: cd utils && yarn test
diff --git a/.github/workflows/stale-message.yml b/.github/workflows/stale-message.yml
@@ -11,7 +11,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v7
+      - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b
         with:
           stale-issue-message: "Old issues will be closed after 105 days of inactivity. This issue has been quiet for 90 days and is being marked as stale. Reply here to keep this issue open."
           close-issue-message: "This issue is being closed due to inactivity. Is this a mistake? Please re-open this issue or create a new one."

diff --git a/.github/workflows/submit-gate.yml b/.github/workflows/submit-gate.yml
@@ -4,7 +4,7 @@
 # Having it setup this way allows us to have manual approval for this workflow run, and then the subsequent triggered runs can access secrets in the repository for validation (even for forked PRs).
 name: Submit Gate
 
-on: 
+on:
   pull_request:
     branches:
       - release
@@ -21,6 +21,6 @@ jobs:
         run: echo "${{ github.event.pull_request.number }}" > pr_number_submit.txt
 
       - name: upload artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
         with:
           path: pr_number_submit.txt
diff --git a/.github/workflows/validate_data_sources.yml b/.github/workflows/validate_data_sources.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e
         with:
           workflow: validation_gate.yml
           run_id: ${{ github.event.workflow_run.id }}
@@ -24,12 +24,12 @@ jobs:
           echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV
 
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           ref: "refs/pull/${{ env.pr-number }}/merge"
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Validate new files
         id: validation
@@ -50,7 +50,7 @@ jobs:
 
       - name: Add commit status
         if: always()
-        uses: './.github/actions/add-commit-status'
+        uses: "./.github/actions/add-commit-status"
         with:
           statusContext: "Validation / Data source schema compliance"
-          state: ${{ job.status }}
+          state: ${{ job.status }}
diff --git a/.github/workflows/validate_install_plans.yml b/.github/workflows/validate_install_plans.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
+        uses: dawidd6/action-download-artifact@268677152d06ba59fcec7a7f0b5d961b6ccd7e1e
         with:
           workflow: validation_gate.yml
           run_id: ${{ github.event.workflow_run.id }}
@@ -24,12 +24,12 @@ jobs:
           echo "pr-number=$PR_NUMBER" >> $GITHUB_ENV
 
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
         with:
           ref: "refs/pull/${{ env.pr-number }}/merge"
 
       - name: Setup workspace
-        uses: './.github/actions/bootstrap'
+        uses: "./.github/actions/bootstrap"
 
       - name: Validate new files
         id: validation
@@ -49,7 +49,7 @@ jobs:
           cd utils && yarn create-validate-install-plans $URL $DRY_RUN
       - name: Add commit status
         if: always()
-        uses: './.github/actions/add-commit-status'
+        uses: "./.github/actions/add-commit-status"
         with:
           statusContext: "Validation / Install plan schema compliance"
-          state: ${{ job.status }}
+          state: ${{ job.status }}