From eac341ea3ab32f9cd2b4efba63ac3365c0e6df4b Mon Sep 17 00:00:00 2001 From: Julio Lopez <1953782+julio-lopez@users.noreply.github.com> Date: Thu, 14 Sep 2023 14:42:22 -0700 Subject: [PATCH] chore(deps): use commit id for GH action versions (#3298) * deps(gha): use commit id for actions/setup-go version 4.1.0 * deps(gha): add comment with semver for golang/govulncheck-action * deps(gha): upgrade actions/upload-artifact to v3.1.3 Release notes: https://github.com/actions/upload-artifact/releases * deps(gha): upgrade codecov-action to 3.1.4 Release notes: https://github.com/codecov/codecov-action/releases/tag/v3.1.4 --- .github/workflows/code-coverage.yml | 6 +++--- .github/workflows/compat-test.yml | 6 +++--- .github/workflows/endurance-test.yml | 4 ++-- .github/workflows/htmlui-tests.yml | 6 +++--- .github/workflows/license-check.yml | 2 +- .github/workflows/lint.yml | 4 ++-- .github/workflows/make.yml | 6 +++--- .github/workflows/ossf-scorecard.yml | 2 +- .github/workflows/providers-core.yml | 2 +- .github/workflows/providers-extra.yml | 2 +- .github/workflows/race-detector.yml | 2 +- .github/workflows/stress-test.yml | 4 ++-- .github/workflows/tests.yml | 4 ++-- 13 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/code-coverage.yml b/.github/workflows/code-coverage.yml index e74c9a5f0..623f4b6ac 100644 --- a/.github/workflows/code-coverage.yml +++ b/.github/workflows/code-coverage.yml @@ -16,7 +16,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -24,11 +24,11 @@ jobs: - name: Run Tests run: make test-with-coverage - name: Upload Coverage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: files: coverage.txt - name: Upload Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: logs path: .logs/**/*.log diff --git a/.github/workflows/compat-test.yml b/.github/workflows/compat-test.yml index 1b1873d91..c6626db67 100644 --- a/.github/workflows/compat-test.yml +++ b/.github/workflows/compat-test.yml @@ -18,7 +18,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -26,9 +26,9 @@ jobs: - name: Compat Test run: make compat-tests - name: Upload Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: logs path: .logs/**/*.log if-no-files-found: ignore - if: ${{ always() }} \ No newline at end of file + if: ${{ always() }} diff --git a/.github/workflows/endurance-test.yml b/.github/workflows/endurance-test.yml index 0a5d373a8..356fd690f 100644 --- a/.github/workflows/endurance-test.yml +++ b/.github/workflows/endurance-test.yml @@ -23,7 +23,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -31,7 +31,7 @@ jobs: - name: Endurance Tests run: make endurance-tests - name: Upload Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: logs path: .logs/**/*.log diff --git a/.github/workflows/htmlui-tests.yml b/.github/workflows/htmlui-tests.yml index 7769f48c4..1db619aba 100644 --- a/.github/workflows/htmlui-tests.yml +++ b/.github/workflows/htmlui-tests.yml @@ -31,7 +31,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -39,8 +39,8 @@ jobs: - name: Run Tests run: make htmlui-e2e-test - name: Upload Screenshots - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: path: .screenshots/**/*.png if-no-files-found: ignore - if: ${{ always() }} \ No newline at end of file + if: ${{ always() }} diff --git a/.github/workflows/license-check.yml b/.github/workflows/license-check.yml index 3cb3bb75a..9754592d2 100644 --- a/.github/workflows/license-check.yml +++ b/.github/workflows/license-check.yml @@ -16,7 +16,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 17d027b35..365081ea5 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -30,14 +30,14 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true id: go if: ${{ !contains(matrix.os, 'ARMHF') }} - id: govulncheck - uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4 + uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4 # v1.0.1 with: repo-checkout: false cache: false diff --git a/.github/workflows/make.yml b/.github/workflows/make.yml index c0c78a54a..11ea5cda9 100644 --- a/.github/workflows/make.yml +++ b/.github/workflows/make.yml @@ -44,7 +44,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -100,7 +100,7 @@ jobs: # macOS signing certificate (base64-encoded), used by Electron Builder MACOS_SIGNING_IDENTITY: ${{ secrets.MACOS_SIGNING_IDENTITY }} - name: Upload Kopia Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: kopia path: | @@ -122,7 +122,7 @@ jobs: if-no-files-found: ignore if: ${{ !contains(matrix.os, 'self-hosted') }} - name: Upload Kopia Binary - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: kopia_binaries path: | diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 702d13178..e68f280d9 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -44,7 +44,7 @@ jobs: sarif_file: results.sarif - name: "Upload analysis results as 'Job Artifact'" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/providers-core.yml b/.github/workflows/providers-core.yml index 1441a1574..1e99e0e3e 100644 --- a/.github/workflows/providers-core.yml +++ b/.github/workflows/providers-core.yml @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 ref: ${{ github.event.inputs.ref_name || github.ref }} - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true diff --git a/.github/workflows/providers-extra.yml b/.github/workflows/providers-extra.yml index 991fb37c8..fbaeb3b0e 100644 --- a/.github/workflows/providers-extra.yml +++ b/.github/workflows/providers-extra.yml @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 ref: ${{ github.event.inputs.ref_name || github.ref }} - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true diff --git a/.github/workflows/race-detector.yml b/.github/workflows/race-detector.yml index 68d469524..4f2e6aca1 100644 --- a/.github/workflows/race-detector.yml +++ b/.github/workflows/race-detector.yml @@ -16,7 +16,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true diff --git a/.github/workflows/stress-test.yml b/.github/workflows/stress-test.yml index d7fa005d1..b20c8d7d6 100644 --- a/.github/workflows/stress-test.yml +++ b/.github/workflows/stress-test.yml @@ -22,7 +22,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -30,7 +30,7 @@ jobs: - name: Stress Test run: make stress-test - name: Upload Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: logs path: .logs/**/*.log diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index baf3a6b04..3b32dba01 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -42,7 +42,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' check-latest: true @@ -64,7 +64,7 @@ jobs: - name: Integration Tests run: make -j2 ci-integration-tests - name: Upload Logs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: logs path: .logs/**/*.log