From afc77f55b82852d85aeadb88dff87f6565ddc0d5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 23:44:53 +0200 Subject: [PATCH] chore(deps): pin dependencies (#729) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../actions/install-dependencies/action.yml | 4 ++-- .github/workflows/checks.yml | 12 +++++------ .github/workflows/e2e.yml | 6 +++--- .github/workflows/nightly.yml | 12 +++++------ .github/workflows/release.yml | 20 +++++++++---------- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml index 702b87ab..b25341e0 100644 --- a/.github/actions/install-dependencies/action.yml +++ b/.github/actions/install-dependencies/action.yml @@ -5,11 +5,11 @@ description: Install dependencies runs: using: "composite" steps: - - uses: socketdev/action@v1 + - uses: socketdev/action@937f824ec476dfd164d4a4d9995751427b0be143 # v1 with: mode: firewall - - uses: oven-sh/setup-bun@v2 + - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 name: Install Bun with: bun-version: "1.3.11" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 4d703f63..4a73802e 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -20,14 +20,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 - name: Install dependencies uses: "./.github/actions/install-dependencies" - - uses: oxc-project/oxlint-action@latest + - uses: oxc-project/oxlint-action@0cc5d219e22e8cdfd8f67be492213ad3860e25e4 # latest with: config: .oxlintrc.json deny-warnings: true @@ -38,7 +38,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 @@ -54,7 +54,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 @@ -86,7 +86,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index a8167be0..cdf84137 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -12,7 +12,7 @@ jobs: timeout-minutes: 20 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install dependencies uses: "./.github/actions/install-dependencies" @@ -26,7 +26,7 @@ jobs: - name: Cache Playwright Browsers id: playwright-cache - uses: actions/cache@v5 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 with: path: ~/.cache/ms-playwright key: ${{ runner.os }}-playwright-${{ steps.playwright-version.outputs.version }} @@ -94,7 +94,7 @@ jobs: run: | docker exec zerobyte /bin/ash -c "ls -la /test-data" || true - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 if: always() with: name: playwright-report diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 9c7721a9..873bc7f1 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -14,23 +14,23 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Log in to Docker Hub - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 with: driver: cloud endpoint: "meienberger/runtipi-builder" install: true - name: Login to GitHub Container Registry - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -38,14 +38,14 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ghcr.io/${{ github.repository_owner }}/zerobyte tags: | type=raw,value=nightly - name: Push images to GitHub Container Registry - uses: docker/build-push-action@v7 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . target: production diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 612e3a91..3f7f01c2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -43,33 +43,33 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 ref: ${{ github.ref }} - name: Log in to Docker Hub - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 with: driver: cloud endpoint: "meienberger/runtipi-builder" install: true - name: Login to GitHub Container Registry - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build docker image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . target: production @@ -82,7 +82,7 @@ jobs: - name: Scan new image for vulnerabilities if: needs.determine-release-type.outputs.release_type == 'release' - uses: anchore/scan-action@v7 + uses: anchore/scan-action@e1165082ffb1fe366ebaf02d8526e7c4989ea9d2 # v7 id: scan with: image: local/zerobyte:ci @@ -92,13 +92,13 @@ jobs: - name: upload Anchore scan report if: needs.determine-release-type.outputs.release_type == 'release' - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4 with: sarif_file: ${{ steps.scan.outputs.sarif }} - name: Docker meta id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: ghcr.io/${{ github.repository_owner }}/zerobyte tags: | @@ -110,7 +110,7 @@ jobs: latest=${{ needs.determine-release-type.outputs.release_type == 'release' }} - name: Push images to GitHub Container Registry - uses: docker/build-push-action@v7 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 with: context: . target: production @@ -130,7 +130,7 @@ jobs: steps: - name: Create GitHub release id: create_release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: