Skip to content

Commit 4c7096d

Browse files
authored
[chore] Ping GitHub Actions to exact SHA+tags (#3166)
1 parent 1cdd4e0 commit 4c7096d

9 files changed

Lines changed: 30 additions & 30 deletions

.github/workflows/assign-reviewers.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
if: github.repository == 'open-telemetry/opentelemetry-demo'
2121
runs-on: ubuntu-latest
2222
steps:
23-
- uses: dyladan/component-owners@main
23+
- uses: dyladan/component-owners@7ff2b343629407c4dbe1c28ae66f55f723543d2b # v0.2.0
2424
with:
2525
# using this action to request review only (not assignment)
2626
assign-owners: false

.github/workflows/checks.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ jobs:
3030
runs-on: ubuntu-latest
3131
steps:
3232
- name: check out code
33-
uses: actions/checkout@v6.0.2
33+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3434
- name: install dependencies
3535
run: npm install
3636
- name: run markdownlint
@@ -40,8 +40,8 @@ jobs:
4040
runs-on: ubuntu-latest
4141
steps:
4242
- name: check out code
43-
uses: actions/checkout@v6.0.2
44-
- uses: actions/setup-python@v6
43+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
44+
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
4545
with:
4646
python-version: '3.x'
4747
- name: install yamllint
@@ -53,17 +53,17 @@ jobs:
5353
runs-on: ubuntu-latest
5454
steps:
5555
- name: check out code
56-
uses: actions/checkout@v6.0.2
56+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5757
- name: run misspell
5858
run: make misspell
5959

6060
checklinks:
6161
name: linkspector
6262
runs-on: ubuntu-latest
6363
steps:
64-
- uses: actions/checkout@v6.0.2
64+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6565
- name: Run linkspector
66-
uses: umbrelladocs/action-linkspector@v1
66+
uses: umbrelladocs/action-linkspector@37c85bcde51b30bf929936502bac6bfb7e8f0a4d # v1.4.1
6767
with:
6868
level: info
6969
fail_level: any
@@ -72,15 +72,15 @@ jobs:
7272
sanity:
7373
runs-on: ubuntu-latest
7474
steps:
75-
- uses: actions/checkout@v6.0.2
75+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7676
- name: run sanitycheck.py
7777
run: python3 ./internal/tools/sanitycheck.py
7878

7979
checklicense:
8080
runs-on: ubuntu-latest
8181
steps:
8282
- name: check out code
83-
uses: actions/checkout@v6.0.2
83+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
8484
- name: run checklicense
8585
run: make checklicense
8686

.github/workflows/component-build-images.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333
runs-on: ubuntu-latest
3434
steps:
3535
- name: Checkout
36-
uses: actions/checkout@v6.0.2
36+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3737
- name: Generate
3838
run: make clean docker-generate-protobuf
3939
- name: Check Clean Work Tree
@@ -148,7 +148,7 @@ jobs:
148148
setup-qemu: true
149149

150150
steps:
151-
- uses: actions/checkout@v6.0.2
151+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
152152
with:
153153
fetch-depth: 0
154154
- name: Load environment variables from .env file
@@ -179,32 +179,32 @@ jobs:
179179
echo "skip=false" >> "$GITHUB_OUTPUT"
180180
fi
181181
- name: Log in to the Container registry
182-
uses: docker/login-action@v4
182+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
183183
with:
184184
registry: ghcr.io
185185
username: ${{ github.repository_owner }}
186186
password: ${{ secrets.GITHUB_TOKEN }}
187187
if: ${{ inputs.push }}
188188
- name: Log in to Docker Hub
189-
uses: docker/login-action@v4
189+
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
190190
with:
191191
username: ${{ secrets.DOCKER_USERNAME }}
192192
password: ${{ secrets.DOCKER_PASSWORD }}
193193
if: ${{ inputs.push }}
194194
- name: Set up QEMU
195195
if: ${{ matrix.file_tag.setup-qemu }}
196-
uses: docker/setup-qemu-action@v4
196+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
197197
with:
198198
image: tonistiigi/binfmt:master
199199
- name: Set up Docker Buildx
200-
uses: docker/setup-buildx-action@v4
200+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
201201
with:
202202
buildkitd-config-inline: |
203203
[worker.oci]
204204
max-parallelism = 2
205205
- name: Matrix Build and push demo images
206206
if: steps.check_changes.outputs.skip == 'false'
207-
uses: docker/build-push-action@v7.0.0
207+
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
208208
with:
209209
context: ${{ matrix.file_tag.context }}
210210
file: ${{ matrix.file_tag.file }}

.github/workflows/dependabot-auto-update-protobuf-diff.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
if: github.event.pull_request.user.login == 'dependabot[bot]'
1919
steps:
2020
- name: Checkout
21-
uses: actions/checkout@v6.0.2
21+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222
with:
2323
ref: ${{ github.head_ref }}
2424
token: ${{ secrets.DEPENDABOT_TOKEN }}

.github/workflows/gradle-wrapper-validation.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,6 @@ jobs:
1616
validation:
1717
runs-on: ubuntu-latest
1818
steps:
19-
- uses: actions/checkout@v6.0.2
19+
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2020

21-
- uses: gradle/actions/wrapper-validation@v5.0.2
21+
- uses: gradle/actions/wrapper-validation@0723195856401067f7a2779048b490ace7a47d7c # v5.0.2

.github/workflows/label-pr.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,11 @@ jobs:
1818
contents: read
1919
steps:
2020
- name: Checkout
21-
uses: actions/checkout@v6.0.2
21+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2222

2323
- name: Check for changed files
2424
id: file_changes
25-
uses: dorny/paths-filter@v4
25+
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
2626
with:
2727
list-files: shell
2828
filters: |
@@ -40,7 +40,7 @@ jobs:
4040
4141
- name: "Add Label: docs-update-required"
4242
if: steps.file_changes.outputs.docsUpdateRequired == 'true'
43-
uses: actions/github-script@v8
43+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
4444
with:
4545
script: |
4646
const issue_number = context.issue.number;
@@ -53,7 +53,7 @@ jobs:
5353
5454
- name: "Add Label: helm-update-required"
5555
if: steps.file_changes.outputs.helmUpdateRequired == 'true'
56-
uses: actions/github-script@v8
56+
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
5757
with:
5858
script: |
5959
const issue_number = context.issue.number;

.github/workflows/ossf-scorecard.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ on:
88
branches:
99
- main
1010
schedule:
11-
- cron: "25 11 * * 3" # once a week
11+
- cron: "25 11 * * 3" # once a week
1212
workflow_dispatch:
1313

1414
permissions: read-all
@@ -22,11 +22,11 @@ jobs:
2222
# Needed for GitHub OIDC token if publish_results is true
2323
id-token: write
2424
steps:
25-
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
25+
- uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v5.0.1
2626
with:
2727
persist-credentials: false
2828

29-
- uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
29+
- uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
3030
with:
3131
results_file: results.sarif
3232
results_format: sarif
@@ -36,7 +36,7 @@ jobs:
3636
# uploads of run results in SARIF format to the repository Actions tab.
3737
# https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
3838
- name: "Upload artifact"
39-
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
39+
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
4040
with:
4141
name: SARIF file
4242
path: results.sarif
@@ -45,6 +45,6 @@ jobs:
4545
# Upload the results to GitHub's code scanning dashboard (optional).
4646
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
4747
- name: "Upload to code-scanning"
48-
uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
48+
uses: github/codeql-action/upload-sarif@c6f931105cb2c34c8f901cc885ba1e2e259cf745 # v4.34.0
4949
with:
5050
sarif_file: results.sarif

.github/workflows/run-integration-tests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
if: github.event.review.state == 'APPROVED'
1818
steps:
1919
- name: check out code
20-
uses: actions/checkout@v6.0.2
20+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
2121
- name: run tracetesting
2222
run: |
2323
make build && docker system prune -f && make run-tracetesting

.github/workflows/stale.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
pull-requests: write # for actions/stale to close stale PRs
1919
runs-on: ubuntu-latest
2020
steps:
21-
- uses: actions/stale@v10
21+
- uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
2222
with:
2323
stale-pr-message: 'This PR was marked stale due to lack of activity. It will be closed in 7 days.'
2424
close-pr-message: 'Closed as inactive. Feel free to reopen if this PR is still being worked on.'

0 commit comments

Comments
 (0)