diff --git a/.github/workflows/github-release.yml b/.github/workflows/github-release.yml index d84fe51..80d87ca 100644 --- a/.github/workflows/github-release.yml +++ b/.github/workflows/github-release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - name: install autotag binary diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 7c148f4..d6c3996 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -15,15 +15,15 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v4 + uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4 with: distribution: goreleaser version: latest diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml index 26cd061..d9e1662 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test.yml @@ -7,12 +7,12 @@ jobs: lint-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6 with: version: latest @@ -35,7 +35,7 @@ jobs: contents: read id-token: write steps: - - uses: 'actions/checkout@v4' + - uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # v4 - name: Extract branch name shell: bash run: |- @@ -50,20 +50,20 @@ jobs: id: extract_tag - id: 'auth' name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v1' + uses: 'google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69' # v1 with: workload_identity_provider: ${{ secrets.GCLOUD_OIDC_POOL }} create_credentials_file: true service_account: ${{ secrets.GSA }} token_format: 'access_token' - - uses: 'docker/login-action@v3' + - uses: 'docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567' # v3 name: 'Docker login' with: registry: 'us-docker.pkg.dev' username: 'oauth2accesstoken' password: '${{ steps.auth.outputs.access_token }}' - name: Build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5 with: context: . push: true diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml index f4c51af..394a55c 100644 --- a/.github/workflows/run.yml +++ b/.github/workflows/run.yml @@ -27,7 +27,7 @@ jobs: group: "workbench-executions" cancel-in-progress: false steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Validate input run: ./scripts/validate.sh @@ -37,7 +37,7 @@ jobs: - id: 'auth_ro' name: 'Authenticate to Google Cloud (read only)' - uses: 'google-github-actions/auth@v1' + uses: 'google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69' # v1 with: workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }} create_credentials_file: true @@ -83,7 +83,7 @@ jobs: ACCESS_TOKEN: ${{ steps.auth_ro.outputs.access_token }} - name: Checkout workbench - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: lehigh-university-libraries/islandora_workbench ref: simple-field-json @@ -97,7 +97,7 @@ jobs: - id: 'auth_rw' name: 'Authenticate to Google Cloud (read+write)' - uses: 'google-github-actions/auth@v1' + uses: 'google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69' # v1 with: workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }} create_credentials_file: true