Skip to content

Commit c8f06d3

Browse files
whi-twwhi-tw
committed
BAU: use full SHAs for actions
1 parent ca2831d commit c8f06d3

6 files changed

Lines changed: 14 additions & 12 deletions

File tree

.github/workflows/docker_build.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@ jobs:
1111
runs-on: ubuntu-24.04-arm
1212
steps:
1313
- name: Checkout code
14-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
14+
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
15+
- name: Run docker build
16+
run: docker build .
1517

1618
- name: Set up Docker Buildx
1719
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

.github/workflows/lint_workflows.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
actionlint:
1313
runs-on: ubuntu-latest
1414
steps:
15-
- uses: actions/checkout@v5
15+
- uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
1616
- name: Download actionlint
1717
id: get_actionlint
1818
run: |

.github/workflows/review_apps_on_pr_change.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
echo "CONTAINER_IMAGE_URI=842676007477.dkr.ecr.eu-west-2.amazonaws.com/forms-runner:pr-${{github.event.pull_request.number}}-${{github.event.pull_request.head.sha}}-$(date +%s)" >> "$GITHUB_ENV"
2121
2222
- name: Checkout code
23-
uses: actions/checkout@v5
23+
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
2424

2525
- name: Build container
2626
run: |
@@ -47,7 +47,7 @@ jobs:
4747
run: |
4848
echo "TF_VERSION=$(< .review_apps/.terraform-version)" >> "$GITHUB_OUTPUT"
4949
50-
- uses: hashicorp/setup-terraform@v3
50+
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
5151
with:
5252
terraform_version: ${{steps.terraform-version.outputs.TF_VERSION}}
5353

.github/workflows/review_apps_on_pr_close.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,14 @@ jobs:
1313

1414
steps:
1515
- name: Checkout code
16-
uses: actions/checkout@v5
16+
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
1717

1818
- name: Determine Terraform version
1919
id: terraform-version
2020
run: |
2121
echo "TF_VERSION=$(< .review_apps/.terraform-version)" >> "$GITHUB_OUTPUT"
2222
23-
- uses: hashicorp/setup-terraform@v3
23+
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
2424
with:
2525
terraform_version: ${{steps.terraform-version.outputs.TF_VERSION}}
2626

.github/workflows/terraform.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout code
16-
uses: actions/checkout@v5
16+
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
1717

18-
- uses: hashicorp/setup-terraform@v3
18+
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
1919
with:
2020
terraform_version: ${{env.TERRAFORM_VERSION}}
2121

.github/workflows/test.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,26 +34,26 @@ jobs:
3434
QUEUE_DATABASE_URL: "postgres://postgres:postgres@localhost:5432/forms_runner_test_queue"
3535
steps:
3636
# TODO: remove these steps once we can use latest Chrome again (see https://github.com/teamcapybara/capybara/issues/2800)
37-
- uses: nanasess/setup-chromedriver@v2
37+
- uses: nanasess/setup-chromedriver@e93e57b843c0c92788f22483f1a31af8ee48db25 # v2.3.0
3838
with:
3939
chromedriver-version: '128.0.6613.8600'
4040
chromeapp: chrome
4141
- run: |
4242
sudo apt-get purge google-chrome-stable
43-
- uses: browser-actions/setup-chrome@v2
43+
- uses: browser-actions/setup-chrome@b94431e051d1c52dcbe9a7092a4f10f827795416 # v2.1.0
4444
with:
4545
chrome-version: 128
4646
install-chromedriver: 'false'
4747
- name: Checkout code
48-
uses: actions/checkout@v5
48+
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
4949
# Add or replace dependency steps here
5050
- name: Install Ruby and gems
5151
# The ruby version is taken from the .ruby-version file, no need to specify here.
5252
uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0
5353
with:
5454
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
5555
- name: Install Node.js
56-
uses: actions/setup-node@v6
56+
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
5757
with:
5858
node-version-file: ".nvmrc"
5959
cache: "npm"

0 commit comments

Comments
 (0)