Hash-pin GitHub Actions

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2024-11-09 23:24:05 -08:00 · 2023-09-13 10:27:38 -03:00 · 2023-09-13 10:27:38 -03:00 · 142c829fce
parent 4419399e4e
commit 142c829fce
8 changed files with 43 additions and 43 deletions
--- a/.github/workflows/buf-lint.yml
+++ b/.github/workflows/buf-lint.yml
@ -12,14 +12,14 @@ jobs:
    name: lint
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
-      - uses: bufbuild/buf-setup-action@v1.26.1
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: bufbuild/buf-setup-action@eb60cd0de4f14f1f57cf346916b8cd69a9e7ed0b # v1.26.1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: bufbuild/buf-lint-action@v1
+      - uses: bufbuild/buf-lint-action@bd48f53224baaaf0fc55de9a913e7680ca6dbea4 # v1.0.3
        with:
          input: 'prompb'
-      - uses: bufbuild/buf-breaking-action@v1
+      - uses: bufbuild/buf-breaking-action@f47418c81c00bfd65394628385593542f64db477 # v1.1.2
        with:
          input: 'prompb'
          against: 'https://github.com/prometheus/prometheus.git#branch=main,ref=HEAD,subdir=prompb'
--- a/.github/workflows/buf.yml
+++ b/.github/workflows/buf.yml
@ -12,18 +12,18 @@ jobs:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'prometheus'
    steps:
-      - uses: actions/checkout@v3
-      - uses: bufbuild/buf-setup-action@v1.26.1
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: bufbuild/buf-setup-action@eb60cd0de4f14f1f57cf346916b8cd69a9e7ed0b # v1.26.1
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: bufbuild/buf-lint-action@v1
+      - uses: bufbuild/buf-lint-action@bd48f53224baaaf0fc55de9a913e7680ca6dbea4 # v1.0.3
        with:
          input: 'prompb'
-      - uses: bufbuild/buf-breaking-action@v1
+      - uses: bufbuild/buf-breaking-action@f47418c81c00bfd65394628385593542f64db477 # v1.1.2
        with:
          input: 'prompb'
          against: 'https://github.com/prometheus/prometheus.git#branch=main,ref=HEAD~1,subdir=prompb'
-      - uses: bufbuild/buf-push-action@v1
+      - uses: bufbuild/buf-push-action@342fc4cdcf29115a01cf12a2c6dd6aac68dc51e1 # v1.1.1
        with:
          input: 'prompb'
          buf_token: ${{ secrets.BUF_TOKEN }}
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -13,8 +13,8 @@ jobs:
    container:
      image: quay.io/prometheus/golang-builder:1.21-base
    steps:
-      - uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - uses: ./.github/promci/actions/setup_environment
      - run: make GO_ONLY=1 SKIP_GOLANGCI_LINT=1
      - run: go test ./tsdb/ -test.tsdb-isolation=false
@ -35,8 +35,8 @@ jobs:
      image: quay.io/prometheus/golang-builder:1.21-base

    steps:
-      - uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - uses: ./.github/promci/actions/setup_environment
        with:
          enable_go: false
@ -52,8 +52,8 @@ jobs:
    name: Go tests on Windows
    runs-on: windows-latest
    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
          go-version: '>=1.21 <1.22'
      - run: |
@ -68,7 +68,7 @@ jobs:
    container:
      image: quay.io/prometheus/golang-builder:1.20-base
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
      - run: make build
      - run: go test ./tsdb/...
      - run: go test ./tsdb/ -test.tsdb-isolation=false
@ -81,7 +81,7 @@ jobs:
    container:
      image: quay.io/prometheus/golang-builder:1.20-base
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
      - run: go install ./cmd/promtool/.
      - run: go install github.com/google/go-jsonnet/cmd/jsonnet@latest
      - run: go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
@ -104,8 +104,8 @@ jobs:
      matrix:
        thread: [ 0, 1, 2 ]
    steps:
-      - uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - uses: ./.github/promci/actions/build
        with:
          promu_opts: "-p linux/amd64 -p windows/amd64 -p linux/arm64 -p darwin/amd64 -p darwin/arm64 -p linux/386"
@ -127,8 +127,8 @@ jobs:
    # Whenever the Go version is updated here, .promu.yml
    # should also be updated.
    steps:
-      - uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - uses: ./.github/promci/actions/build
        with:
          parallelism: 12
@ -138,16 +138,16 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
      - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
          go-version: 1.20.x
      - name: Install snmp_exporter/generator dependencies
        run: sudo apt-get update && sudo apt-get -y install libsnmp-dev
        if: github.repository == 'prometheus/snmp_exporter'
      - name: Lint
-        uses: golangci/golangci-lint-action@v3.7.0
+        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
        with:
          args: --verbose
          version: v1.54.2
@ -163,8 +163,8 @@ jobs:
    needs: [test_ui, test_go, test_windows, golangci, codeql, build_all]
    if: github.event_name == 'push' && github.event.ref == 'refs/heads/main'
    steps:
-      - uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - uses: ./.github/promci/actions/publish_main
        with:
          docker_hub_login: ${{ secrets.docker_hub_login }}
@ -177,8 +177,8 @@ jobs:
    needs: [test_ui, test_go, test_windows, golangci, codeql, build_all]
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v2.')
    steps:
-      - uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - uses: ./.github/promci/actions/publish_release
        with:
          docker_hub_login: ${{ secrets.docker_hub_login }}
@ -192,14 +192,14 @@ jobs:
    needs: [test_ui, codeql]
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
-      - uses: prometheus/promci@v0.1.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: prometheus/promci@3cb0c3871f223bd5ce1226995bd52ffb314798b6 # v0.1.0
      - name: Install nodejs
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1
        with:
          node-version-file: "web/ui/.nvmrc"
          registry-url: "https://registry.npmjs.org"
-      - uses: actions/cache@v3.3.1
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
        with:
          path: ~/.npm
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -24,18 +24,18 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
        with:
          go-version: '>=1.21 <1.22'

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@ -21,7 +21,7 @@ jobs:
          fuzz-seconds: 600
          dry-run: false
      - name: Upload Crash
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
        if: failure() && steps.build.outcome == 'success'
        with:
          name: artifacts
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    if: github.repository_owner == 'prometheus'
    steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4.0.1
        with:
          process-only: 'issues'
          issue-inactive-days: '180'
--- a/.github/workflows/repo_sync.yml
+++ b/.github/workflows/repo_sync.yml
@ -13,7 +13,7 @@ jobs:
    container:
      image: quay.io/prometheus/golang-builder
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
      - run: ./scripts/sync_repo_files.sh
        env:
          GITHUB_TOKEN: ${{ secrets.PROMBOT_GITHUB_TOKEN }}
--- a/scripts/golangci-lint.yml
+++ b/scripts/golangci-lint.yml
@ -18,15 +18,15 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
      - name: install Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: 1.20.x
      - name: Install snmp_exporter/generator dependencies
        run: sudo apt-get update && sudo apt-get -y install libsnmp-dev
        if: github.repository == 'prometheus/snmp_exporter'
      - name: Lint
-        uses: golangci/golangci-lint-action@v3.4.0
+        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
        with:
          version: v1.54.2