diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 40016c7..b40aff2 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -26,15 +26,15 @@ jobs: matrix: python-version: ['3.12', '3.13', '3.14'] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: ${{ matrix.python-version }} - name: Set up uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@8d55fbecc275b1c35dbe060458839f8d30439ccf # v3 with: version: "latest" @@ -66,12 +66,12 @@ jobs: tag: ${{ steps.semrel.outputs.new_release_git_tag }} steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: fetch-depth: 0 - name: Setup Node - uses: actions/setup-node@v6 + uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 with: node-version: 20 @@ -80,7 +80,7 @@ jobs: - name: Run semantic-release id: semrel - uses: cycjimmy/semantic-release-action@v4 + uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -110,23 +110,23 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PAT }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: graystorm/amcrest2mqtt tags: | @@ -160,7 +160,7 @@ jobs: - name: Build and push id: build-and-push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: context: . pull: true @@ -176,7 +176,7 @@ jobs: provenance: true - name: Install Cosign - uses: sigstore/cosign-installer@v3 + uses: sigstore/cosign-installer@f713795cb21599bc4e5c4b58cbad1da852d7eeb9 # v3 - name: Sign the image env: @@ -185,7 +185,7 @@ jobs: cosign sign --yes graystorm/amcrest2mqtt@${DIGEST} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@22438a435773de8c97dc0958cc0b823c45b064ac # master with: image-ref: graystorm/amcrest2mqtt@${{ steps.build-and-push.outputs.digest }} format: 'sarif' @@ -193,7 +193,7 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@27fcff4ecb39e96348e7ceddcc2d9ef42308b6fc # v4 if: always() with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/dockerhub-description.yaml b/.github/workflows/dockerhub-description.yaml index 6e8183e..623fd3d 100644 --- a/.github/workflows/dockerhub-description.yaml +++ b/.github/workflows/dockerhub-description.yaml @@ -10,10 +10,10 @@ jobs: dockerHubDescription: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v4 + uses: peter-evans/dockerhub-description@432a30c9e07499fd01da9f8a49f0faf9e0ca5b77 # v4 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PAT }}