From 48e4f8da2aa5bce55fd2ae65b1388c1f0415aa5c Mon Sep 17 00:00:00 2001 From: Matthew Kilgore Date: Sat, 27 Dec 2025 19:05:33 -0500 Subject: [PATCH] That should be all the actions pinned --- .github/workflows/binaries-publish.yaml | 16 ++++----- .../workflows/clear-stale-docker-images.yml | 4 +-- .github/workflows/e2e-partial.yaml | 28 +++++++-------- .github/workflows/partial-backend.yaml | 8 ++--- .github/workflows/partial-frontend.yaml | 34 ++++++++----------- .github/workflows/update-currencies.yml | 6 ++-- 6 files changed, 43 insertions(+), 53 deletions(-) diff --git a/.github/workflows/binaries-publish.yaml b/.github/workflows/binaries-publish.yaml index 84f2f1a8..707b297b 100644 --- a/.github/workflows/binaries-publish.yaml +++ b/.github/workflows/binaries-publish.yaml @@ -17,19 +17,17 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version: "1.24" cache-dependency-path: backend/go.mod - - uses: pnpm/action-setup@v2 - with: - version: 9.15.3 + - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 - name: Build Frontend and Copy to Backend working-directory: frontend @@ -51,7 +49,7 @@ jobs: - name: Run GoReleaser id: releaser if: startsWith(github.ref, 'refs/tags/') - uses: goreleaser/goreleaser-action@v5 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a with: workdir: "backend" distribution: goreleaser @@ -75,7 +73,7 @@ jobs: - name: Run GoReleaser No Release if: ${{ !startsWith(github.ref, 'refs/tags/') }} - uses: goreleaser/goreleaser-action@v5 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a with: workdir: "backend" distribution: goreleaser @@ -93,7 +91,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release @@ -105,7 +103,7 @@ jobs: permissions: read-all steps: - name: Install the verifier - uses: slsa-framework/slsa-verifier/actions/installer@v2.4.0 + uses: slsa-framework/slsa-verifier/actions/installer@ea584f4502babc6f60d9bc799dbbb13c1caa9ee6 - name: Download assets env: diff --git a/.github/workflows/clear-stale-docker-images.yml b/.github/workflows/clear-stale-docker-images.yml index 6811a5ff..928a5744 100644 --- a/.github/workflows/clear-stale-docker-images.yml +++ b/.github/workflows/clear-stale-docker-images.yml @@ -12,7 +12,7 @@ jobs: permissions: packages: write steps: - - uses: dataaxiom/ghcr-cleanup-action@v1 + - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 with: dry-run: true delete-ghost-images: true @@ -32,7 +32,7 @@ jobs: permissions: packages: write steps: - - uses: dataaxiom/ghcr-cleanup-action@v1 + - uses: dataaxiom/ghcr-cleanup-action@cd0cdb900b5dbf3a6f2cc869f0dbb0b8211f50c4 with: dry-run: false delete-untagged: true diff --git a/.github/workflows/e2e-partial.yaml b/.github/workflows/e2e-partial.yaml index f6ee9213..4a1d18da 100644 --- a/.github/workflows/e2e-partial.yaml +++ b/.github/workflows/e2e-partial.yaml @@ -15,28 +15,26 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: - go-version: "1.23" + go-version: "1.24" cache-dependency-path: backend/go.mod - - uses: actions/setup-node@v4 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: node-version: lts/* - - uses: pnpm/action-setup@v3.0.0 - with: - version: 9.12.2 + - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 - name: Install dependencies run: pnpm install @@ -49,7 +47,7 @@ jobs: - name: Run E2E Tests run: task test:e2e -- --shard=${{ matrix.shardIndex }}/${{ matrix.shardTotal }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 name: Upload partial Playwright report if: ${{ !cancelled() }} with: @@ -64,20 +62,18 @@ jobs: name: Merge Playwright Reports runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: node-version: lts/* - - uses: pnpm/action-setup@v3.0.0 - with: - version: 9.12.2 + - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 - name: Install dependencies run: pnpm install working-directory: frontend - name: Download blob reports from GitHub Actions Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 with: path: frontend/all-blob-reports pattern: blob-report-* @@ -88,7 +84,7 @@ jobs: working-directory: frontend - name: Upload HTML report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with: name: html-report--attempt-${{ github.run_attempt }} path: frontend/playwright-report diff --git a/.github/workflows/partial-backend.yaml b/.github/workflows/partial-backend.yaml index 7c620b08..246cdfb4 100644 --- a/.github/workflows/partial-backend.yaml +++ b/.github/workflows/partial-backend.yaml @@ -7,21 +7,21 @@ jobs: Go: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: go-version: "1.24" cache-dependency-path: backend/go.mod - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: golangci-lint - uses: golangci/golangci-lint-action@v7 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: latest diff --git a/.github/workflows/partial-frontend.yaml b/.github/workflows/partial-frontend.yaml index b219fed3..1b20c299 100644 --- a/.github/workflows/partial-frontend.yaml +++ b/.github/workflows/partial-frontend.yaml @@ -9,11 +9,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - - uses: pnpm/action-setup@v3.0.0 + - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: version: 9.12.2 @@ -48,28 +48,26 @@ jobs: --health-retries 5 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: - go-version: "1.23" + go-version: "1.24" cache-dependency-path: backend/go.mod - - uses: actions/setup-node@v4 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: - node-version: 18 + node-version: lts/* - - uses: pnpm/action-setup@v3.0.0 - with: - version: 9.12.2 + - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 - name: Install dependencies run: pnpm install @@ -99,28 +97,26 @@ jobs: - 5432:5432 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - name: Install Task - uses: arduino/setup-task@v1 + uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 with: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c with: - go-version: "1.23" + go-version: "1.24" cache-dependency-path: backend/go.mod - - uses: actions/setup-node@v4 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f with: node-version: lts/* - - uses: pnpm/action-setup@v3.0.0 - with: - version: 9.12.2 + - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 - name: Install dependencies run: pnpm install diff --git a/.github/workflows/update-currencies.yml b/.github/workflows/update-currencies.yml index b5bc3965..0c56c48e 100644 --- a/.github/workflows/update-currencies.yml +++ b/.github/workflows/update-currencies.yml @@ -15,12 +15,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 with: python-version: '3.8' cache: 'pip' @@ -44,7 +44,7 @@ jobs: - name: Create Pull Request if: env.changed == 'true' - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 with: token: ${{ secrets.GITHUB_TOKEN }} branch: update-currencies