Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3795

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): pin trusted workflows based on HashiCorp TSCCR #3795

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,14 +34,14 @@ jobs:
echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT
mkdir -p /usr/local/share/.cache/go
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-build
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-build
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cdktf-provider-docs-rollout.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
if: failure()
steps:
- name: Send failures to Slack
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
payload: |
{
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Cache Docker layers
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ hashFiles('/Dockerfile', '.terraform.versions.json') }}
Expand All @@ -46,7 +46,7 @@ jobs:
GIT_SHA=$(git rev-parse HEAD)
echo "git-sha=$GIT_SHA" >> $GITHUB_OUTPUT
- name: Build and push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
pull: true
push: true
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/examples.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,20 +59,20 @@ jobs:
echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT
mkdir -p /usr/local/share/.cache/go
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-examples
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
key: terraform-${{ runner.os }}-${{ matrix.terraform }}-examples
restore-keys: |
terraform-${{ runner.os }}-${{ matrix.terraform }}
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-examples
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,14 @@ jobs:
echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT
mkdir -p /usr/local/share/.cache/go
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-integration
Expand Down Expand Up @@ -116,21 +116,21 @@ jobs:
mkdir -p /usr/local/share/.cache/go
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
# only restore as an individual cache as per matrix explodes our cache usage
- uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
# put matrix before integration to not restore caches from other sibling matrix jobs
key: terraform-${{ runner.os }}-${{ matrix.terraform }}-matrix-integration-${{ matrix.target }}
restore-keys: |
terraform-${{ runner.os }}-${{ matrix.terraform }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
# put matrix before integration to not restore caches from other sibling matrix jobs
Expand Down Expand Up @@ -188,21 +188,21 @@ jobs:
mkdir -p /usr/local/share/.cache/go
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
# only restore as an individual cache as per matrix explodes our cache usage
- uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
# put matrix before integration to not restore caches from other sibling matrix jobs
key: terraform-${{ runner.os }}-${{ matrix.terraform }}-matrix-integration-${{ matrix.target }}
restore-keys: |
terraform-${{ runner.os }}-${{ matrix.terraform }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
# put matrix before integration to not restore caches from other sibling matrix jobs
Expand All @@ -219,7 +219,7 @@ jobs:
- name: Install pipenv
run: pip install pipenv
- name: Install Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: 1.18.x
cache: false # This is disabled because we don't have a go.sum file and setup-go expects it to use caching. Thus, caching is always broken anyways
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/provider-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,14 +45,14 @@ jobs:
echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT
mkdir -p /usr/local/share/.cache/go
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-provider-integration
Expand Down Expand Up @@ -111,14 +111,14 @@ jobs:
mkdir -p /usr/local/share/.cache/terraform
echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT
# Only restoring yarn caches as the dependencies are not indiviual to each matrix job
- uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
# put matrix before provider-integration to not restore caches from other sibling matrix jobs
Expand Down Expand Up @@ -156,7 +156,7 @@ jobs:
- name: Install pipenv
run: pip install pipenv
- name: Install Go
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: 1.16.x
- name: Download dist
Expand All @@ -172,14 +172,14 @@ jobs:
mkdir -p /usr/local/share/.cache/terraform
echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT
# Only restoring yarn caches to save available cache storage size
- uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
# put matrix before provider-integration to not restore caches from other sibling matrix jobs
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,7 @@ jobs:
- unit_test
steps:
- name: Send failures to Slack
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
payload: |
{
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release_next.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,7 @@ jobs:
- unit_test
steps:
- name: Send failures to Slack
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
payload: |
{
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/unit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,21 +42,21 @@ jobs:
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
mkdir -p /usr/local/share/.cache/providerSchema
echo "providerSchema=/usr/local/share/.cache/providerSchema" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-unit
restore-keys: |
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
yarn-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.go }}
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-unit
restore-keys: |
go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-
go-${{ runner.os }}-
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.providerSchema }}
key: providerSchema-${{ runner.os }}-${{ inputs.terraform_version }}-unit-${{ inputs.package }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/yarn-upgrade.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
- name: Get yarn cache directory path
id: global-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.dir }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-upgrade
Expand Down Expand Up @@ -152,7 +152,7 @@ jobs:
- name: Get yarn cache directory path
id: global-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.dir }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-upgrade
Expand Down Expand Up @@ -218,7 +218,7 @@ jobs:
- name: Get yarn cache directory path
id: global-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ${{ steps.global-cache-dir-path.outputs.dir }}
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-upgrade
Expand Down
Loading