From 38d39556ee166e77dc07f7b66d3cb294273e9612 Mon Sep 17 00:00:00 2001 From: Matt White <16320656+matt-FFFFFF@users.noreply.github.com> Date: Mon, 20 Jan 2025 10:15:23 +0000 Subject: [PATCH] ci: use commit hashes for actions --- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/docs-fmt-test.yml | 12 +++++++++--- .github/workflows/go-test-deployment.yml | 12 ++++++------ .github/workflows/go-test-unit.yml | 6 +++--- .github/workflows/housekeep.yml | 18 +++++++++--------- .github/workflows/module-version.yml | 2 +- .github/workflows/pr-lint.yml | 2 +- .github/workflows/super-linter.yml | 16 ++++++++++------ .github/workflows/wiki-sync.yml | 4 ++-- 9 files changed, 43 insertions(+), 33 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8c77c13e..7b317df1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL @@ -49,4 +49,4 @@ jobs: - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/docs-fmt-test.yml b/.github/workflows/docs-fmt-test.yml index cd4511ee..c4f8b9b7 100644 --- a/.github/workflows/docs-fmt-test.yml +++ b/.github/workflows/docs-fmt-test.yml @@ -17,12 +17,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 + with: + terraform_version: latest + terraform_wrapper: false - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: - go-version: '1.23.x' + go-version-file: tests/go.mod cache-dependency-path: tests/go.sum - name: Install tools diff --git a/.github/workflows/go-test-deployment.yml b/.github/workflows/go-test-deployment.yml index ee796b22..4640fdb3 100644 --- a/.github/workflows/go-test-deployment.yml +++ b/.github/workflows/go-test-deployment.yml @@ -55,25 +55,25 @@ jobs: run: env | sort - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: ${{ matrix.terraform_version }} terraform_wrapper: false - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: - go-version: '1.20.x' + go-version-file: tests/go.mod cache-dependency-path: tests/go.sum - name: Azure login - uses: azure/login@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -108,7 +108,7 @@ jobs: # This only works on Linux based runners - name: Azure logout - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 if: always() with: inlineScript: | diff --git a/.github/workflows/go-test-unit.yml b/.github/workflows/go-test-unit.yml index 15a8e7d0..3f26334c 100644 --- a/.github/workflows/go-test-unit.yml +++ b/.github/workflows/go-test-unit.yml @@ -61,19 +61,19 @@ jobs: terraform_version: ['latest', '1.8.0'] steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: ${{ matrix.terraform_version }} terraform_wrapper: false - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: tests/go.mod cache-dependency-path: tests/go.sum diff --git a/.github/workflows/housekeep.yml b/.github/workflows/housekeep.yml index d2e4b3e5..4ef27b6d 100644 --- a/.github/workflows/housekeep.yml +++ b/.github/workflows/housekeep.yml @@ -14,14 +14,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Azure login - uses: azure/login@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} allow-no-subscriptions: true - name: Azure cancel subscriptions - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 continue-on-error: true with: inlineScript: | @@ -31,7 +31,7 @@ jobs: az account subscription list | jq -r '.[] | select(.state == "Enabled") | select(.displayName | test("^testdeploy.*")) | .subscriptionId' | xargs -n1 -I% az account subscription cancel --yes --id % echo "==> Done cancelling subscriptions" - name: Azure logout - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 if: always() with: inlineScript: | @@ -44,14 +44,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Azure login - uses: azure/login@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} allow-no-subscriptions: true - name: Azure delete subscription aliases - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 continue-on-error: true with: inlineScript: | @@ -61,7 +61,7 @@ jobs: az rest --method GET --uri '/providers/Microsoft.Subscription/aliases/?api-version=2021-10-01' | jq -r '.value[] | select(.name | test("^testdeploy")) | .name' | xargs -n1 -I% az rest --method DELETE --uri '/providers/Microsoft.Subscription/aliases/%?api-version=2021-10-01' echo "==> Done deleting subscription aliases" - name: Azure logout - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 if: always() with: inlineScript: | @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Azure login - uses: azure/login@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -89,14 +89,14 @@ jobs: echo "==> removing locks" az lock list | jq '.[].id' | xargs az lock delete --ids fi - + echo "==> Deleting the following resource groups:" az group list | jq -r '.[] | select(.name | test("^testdeploy-")) | .name' az group list | jq -r '.[] | select(.name | test("^testdeploy-")) | .name' | xargs -I% -P5 az group delete --yes --name % echo "==> Done deleting resource groups" - name: Azure logout - uses: azure/CLI@v2 + uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 if: always() with: inlineScript: | diff --git a/.github/workflows/module-version.yml b/.github/workflows/module-version.yml index 1440e809..16275f7f 100644 --- a/.github/workflows/module-version.yml +++ b/.github/workflows/module-version.yml @@ -21,7 +21,7 @@ jobs: MODULE_JSON_QUERY: .locals.module_version runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: | VER=$(curl --silent -L -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r .name | sed s/^v//) diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 77e3fdef..04d31e64 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' steps: - - uses: amannn/action-semantic-pull-request@v5.5.3 + - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml index c5ab947a..5d599b08 100644 --- a/.github/workflows/super-linter.yml +++ b/.github/workflows/super-linter.yml @@ -14,14 +14,16 @@ jobs: name: super linter runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_version: latest terraform_wrapper: false + - name: Run github/super-linter/slim - uses: github/super-linter/slim@v5 + uses: github/super-linter/slim@b807e99ddd37e444d189cfd2c2ca1274d8ae8ef1 # v7 env: # Lint all code VALIDATE_ALL_CODEBASE: true @@ -51,14 +53,16 @@ jobs: name: golangci-lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: tests/go.mod cache-dependency-path: tests/go.sum + - name: golangci-lint - uses: golangci/golangci-lint-action@v4 + uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0 with: version: v1.55.2 working-directory: ${{ github.workspace }}/tests diff --git a/.github/workflows/wiki-sync.yml b/.github/workflows/wiki-sync.yml index dc009e7f..0b097816 100644 --- a/.github/workflows/wiki-sync.yml +++ b/.github/workflows/wiki-sync.yml @@ -21,13 +21,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ env.wiki_source_repo }} path: ${{ env.wiki_source_repo }} - name: Checkout Wiki Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ env.wiki_target_repo }} path: ${{ env.wiki_target_repo }}