From 001c60ecf4c11a4ea3553f1b4fdc5e1380026788 Mon Sep 17 00:00:00 2001 From: picatz <14850816+picatz@users.noreply.github.com> Date: Thu, 11 Jun 2026 14:36:41 -0400 Subject: [PATCH] VLN-1524: fix unpinned-github-actions --- .github/workflows/compose.yaml | 10 +++++----- .github/workflows/extensibility.yaml | 4 ++-- .github/workflows/promql-to-dd-go_build-publish.yaml | 10 +++++----- .github/workflows/promql-to-dd-go_test.yaml | 4 ++-- .github/workflows/promql-to-scrape.yaml | 12 ++++++------ 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/compose.yaml b/.github/workflows/compose.yaml index fd8644c..1157ee0 100644 --- a/.github/workflows/compose.yaml +++ b/.github/workflows/compose.yaml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 5 steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Lint actions run: | @@ -54,7 +54,7 @@ jobs: COMPOSE_FILE: ${{ matrix.compose-file }} run: echo "head_ref=$HEAD_REF ref=$REF compose=$COMPOSE_FILE" - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Start compose stack working-directory: compose @@ -84,7 +84,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Start dev compose stack working-directory: compose @@ -142,7 +142,7 @@ jobs: REF: ${{ github.ref }} run: echo "head_ref=$HEAD_REF ref=$REF compose=docker-compose-tls.yml" - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Generate TLS certificates working-directory: compose @@ -192,7 +192,7 @@ jobs: REF: ${{ github.ref }} run: echo "head_ref=$HEAD_REF ref=$REF compose=docker-compose-multirole.yaml" - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Install loki Docker plugin run: docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions diff --git a/.github/workflows/extensibility.yaml b/.github/workflows/extensibility.yaml index 28f83d3..a63ab59 100644 --- a/.github/workflows/extensibility.yaml +++ b/.github/workflows/extensibility.yaml @@ -22,9 +22,9 @@ jobs: REF: ${{ github.ref }} OS: ${{ matrix.os }} run: echo "head_ref=$HEAD_REF ref=$REF os=$OS" - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: extensibility/go.mod - name: build and test diff --git a/.github/workflows/promql-to-dd-go_build-publish.yaml b/.github/workflows/promql-to-dd-go_build-publish.yaml index 57228d4..3aff834 100644 --- a/.github/workflows/promql-to-dd-go_build-publish.yaml +++ b/.github/workflows/promql-to-dd-go_build-publish.yaml @@ -15,13 +15,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log in to registry # This is where you will update the personal access token to GITHUB_TOKEN @@ -29,7 +29,7 @@ jobs: - name: Setup Docker metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: | ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} @@ -41,7 +41,7 @@ jobs: type=sha - name: Build and Push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 with: context: cloud/observability/promql-to-dd-go tags: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/promql-to-dd-go_test.yaml b/.github/workflows/promql-to-dd-go_test.yaml index 1edbe7a..ad7dd9b 100644 --- a/.github/workflows/promql-to-dd-go_test.yaml +++ b/.github/workflows/promql-to-dd-go_test.yaml @@ -20,9 +20,9 @@ jobs: REF: ${{ github.ref }} OS: ${{ matrix.os }} run: echo "head_ref=$HEAD_REF ref=$REF os=$OS" - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up Go - uses: actions/setup-go@v6 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: '1.20' - name: build diff --git a/.github/workflows/promql-to-scrape.yaml b/.github/workflows/promql-to-scrape.yaml index 1a4b65a..43adb87 100644 --- a/.github/workflows/promql-to-scrape.yaml +++ b/.github/workflows/promql-to-scrape.yaml @@ -24,16 +24,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -41,7 +41,7 @@ jobs: - name: Setup Docker metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: | ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }} @@ -53,7 +53,7 @@ jobs: type=sha - name: Build and Push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 with: context: cloud/observability/promql-to-scrape tags: ${{ steps.meta.outputs.tags }}