Browse code
ci: pin all actions
results of;
zizmor --fix=all --min-severity=high .
as a follow-up we should use the full versions (but renovate may do
that for us).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sebastiaan van Stijn authored on 2026/03/25 22:32:47Showing 12 changed files
- .github/workflows/.dco.yml
- .github/workflows/.test-unit.yml
- .github/workflows/.test.yml
- .github/workflows/.vm.yml
- .github/workflows/.windows.yml
- .github/workflows/arm64.yml
- .github/workflows/bin-image.yml
- .github/workflows/buildkit.yml
- .github/workflows/ci.yml
- .github/workflows/codeql.yml
- .github/workflows/labeler.yml
- .github/workflows/test.yml
| ... | ... |
@@ -25,19 +25,19 @@ jobs: |
| 25 | 25 |
steps: |
| 26 | 26 |
- |
| 27 | 27 |
name: Checkout |
| 28 |
- uses: actions/checkout@v6 |
|
| 28 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 29 | 29 |
with: |
| 30 | 30 |
fetch-depth: 0 |
| 31 | 31 |
- |
| 32 | 32 |
name: Dump context |
| 33 |
- uses: actions/github-script@v8 |
|
| 33 |
+ uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 |
|
| 34 | 34 |
with: |
| 35 | 35 |
script: | |
| 36 | 36 |
console.log(JSON.stringify(context, null, 2)); |
| 37 | 37 |
- |
| 38 | 38 |
name: Get base ref |
| 39 | 39 |
id: base-ref |
| 40 |
- uses: actions/github-script@v8 |
|
| 40 |
+ uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 |
|
| 41 | 41 |
with: |
| 42 | 42 |
result-encoding: string |
| 43 | 43 |
script: | |
| ... | ... |
@@ -36,7 +36,7 @@ jobs: |
| 36 | 36 |
steps: |
| 37 | 37 |
- |
| 38 | 38 |
name: Checkout |
| 39 |
- uses: actions/checkout@v6 |
|
| 39 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 40 | 40 |
- |
| 41 | 41 |
name: Set up runner |
| 42 | 42 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -58,7 +58,7 @@ jobs: |
| 58 | 58 |
buildkitd-flags: --debug |
| 59 | 59 |
- |
| 60 | 60 |
name: Build dev image |
| 61 |
- uses: docker/bake-action@v7 |
|
| 61 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 62 | 62 |
with: |
| 63 | 63 |
targets: dev |
| 64 | 64 |
set: | |
| ... | ... |
@@ -78,7 +78,7 @@ jobs: |
| 78 | 78 |
tree -nh /tmp/reports |
| 79 | 79 |
- |
| 80 | 80 |
name: Send to Codecov |
| 81 |
- uses: codecov/codecov-action@v5 |
|
| 81 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 82 | 82 |
with: |
| 83 | 83 |
directory: ./bundles |
| 84 | 84 |
env_vars: RUNNER_OS |
| ... | ... |
@@ -87,7 +87,7 @@ jobs: |
| 87 | 87 |
- |
| 88 | 88 |
name: Upload reports |
| 89 | 89 |
if: always() |
| 90 |
- uses: actions/upload-artifact@v7 |
|
| 90 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 91 | 91 |
with: |
| 92 | 92 |
name: test-reports-unit--${{ matrix.mode }}
|
| 93 | 93 |
path: /tmp/reports/* |
| ... | ... |
@@ -103,13 +103,13 @@ jobs: |
| 103 | 103 |
steps: |
| 104 | 104 |
- |
| 105 | 105 |
name: Set up Go |
| 106 |
- uses: actions/setup-go@v6 |
|
| 106 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 107 | 107 |
with: |
| 108 | 108 |
go-version: ${{ env.GO_VERSION }}
|
| 109 | 109 |
cache: false |
| 110 | 110 |
- |
| 111 | 111 |
name: Download reports |
| 112 |
- uses: actions/download-artifact@v8 |
|
| 112 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 113 | 113 |
with: |
| 114 | 114 |
pattern: test-reports-unit-* |
| 115 | 115 |
path: /tmp/reports |
| ... | ... |
@@ -39,7 +39,7 @@ jobs: |
| 39 | 39 |
steps: |
| 40 | 40 |
- |
| 41 | 41 |
name: Checkout |
| 42 |
- uses: actions/checkout@v6 |
|
| 42 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 43 | 43 |
- |
| 44 | 44 |
name: Set up runner |
| 45 | 45 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -55,7 +55,7 @@ jobs: |
| 55 | 55 |
buildkitd-flags: --debug |
| 56 | 56 |
- |
| 57 | 57 |
name: Build dev image |
| 58 |
- uses: docker/bake-action@v7 |
|
| 58 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 59 | 59 |
with: |
| 60 | 60 |
targets: dev |
| 61 | 61 |
set: | |
| ... | ... |
@@ -82,7 +82,7 @@ jobs: |
| 82 | 82 |
- |
| 83 | 83 |
name: Upload reports |
| 84 | 84 |
if: always() |
| 85 |
- uses: actions/upload-artifact@v7 |
|
| 85 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 86 | 86 |
with: |
| 87 | 87 |
name: test-reports-docker-py-${{ inputs.storage }}
|
| 88 | 88 |
path: /tmp/reports/* |
| ... | ... |
@@ -95,7 +95,7 @@ jobs: |
| 95 | 95 |
steps: |
| 96 | 96 |
- |
| 97 | 97 |
name: Checkout |
| 98 |
- uses: actions/checkout@v6 |
|
| 98 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 99 | 99 |
- |
| 100 | 100 |
name: Set up runner |
| 101 | 101 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -108,7 +108,7 @@ jobs: |
| 108 | 108 |
buildkitd-flags: --debug |
| 109 | 109 |
- |
| 110 | 110 |
name: Build dev image |
| 111 |
- uses: docker/bake-action@v7 |
|
| 111 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 112 | 112 |
with: |
| 113 | 113 |
targets: dev |
| 114 | 114 |
set: | |
| ... | ... |
@@ -130,7 +130,7 @@ jobs: |
| 130 | 130 |
- |
| 131 | 131 |
name: Create matrix includes |
| 132 | 132 |
id: set |
| 133 |
- uses: actions/github-script@v8 |
|
| 133 |
+ uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 |
|
| 134 | 134 |
with: |
| 135 | 135 |
script: | |
| 136 | 136 |
let includes = [ |
| ... | ... |
@@ -169,7 +169,7 @@ jobs: |
| 169 | 169 |
steps: |
| 170 | 170 |
- |
| 171 | 171 |
name: Checkout |
| 172 |
- uses: actions/checkout@v6 |
|
| 172 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 173 | 173 |
- |
| 174 | 174 |
name: Set up runner |
| 175 | 175 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -204,7 +204,7 @@ jobs: |
| 204 | 204 |
buildkitd-flags: --debug |
| 205 | 205 |
- |
| 206 | 206 |
name: Build dev image |
| 207 |
- uses: docker/bake-action@v7 |
|
| 207 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 208 | 208 |
with: |
| 209 | 209 |
targets: dev |
| 210 | 210 |
set: | |
| ... | ... |
@@ -236,7 +236,7 @@ jobs: |
| 236 | 236 |
tree -nh $reportsPath |
| 237 | 237 |
- |
| 238 | 238 |
name: Send to Codecov |
| 239 |
- uses: codecov/codecov-action@v5 |
|
| 239 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 240 | 240 |
with: |
| 241 | 241 |
directory: ./bundles/test-integration |
| 242 | 242 |
env_vars: RUNNER_OS |
| ... | ... |
@@ -250,7 +250,7 @@ jobs: |
| 250 | 250 |
- |
| 251 | 251 |
name: Upload reports |
| 252 | 252 |
if: always() |
| 253 |
- uses: actions/upload-artifact@v7 |
|
| 253 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 254 | 254 |
with: |
| 255 | 255 |
name: test-reports-integration-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
|
| 256 | 256 |
path: /tmp/reports/* |
| ... | ... |
@@ -266,13 +266,13 @@ jobs: |
| 266 | 266 |
steps: |
| 267 | 267 |
- |
| 268 | 268 |
name: Set up Go |
| 269 |
- uses: actions/setup-go@v6 |
|
| 269 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 270 | 270 |
with: |
| 271 | 271 |
go-version: ${{ env.GO_VERSION }}
|
| 272 | 272 |
cache: false |
| 273 | 273 |
- |
| 274 | 274 |
name: Download reports |
| 275 |
- uses: actions/download-artifact@v8 |
|
| 275 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 276 | 276 |
with: |
| 277 | 277 |
path: /tmp/reports |
| 278 | 278 |
pattern: test-reports-integration-${{ inputs.storage }}-*
|
| ... | ... |
@@ -295,10 +295,10 @@ jobs: |
| 295 | 295 |
steps: |
| 296 | 296 |
- |
| 297 | 297 |
name: Checkout |
| 298 |
- uses: actions/checkout@v6 |
|
| 298 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 299 | 299 |
- |
| 300 | 300 |
name: Set up Go |
| 301 |
- uses: actions/setup-go@v6 |
|
| 301 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 302 | 302 |
with: |
| 303 | 303 |
go-version: ${{ env.GO_VERSION }}
|
| 304 | 304 |
cache: false |
| ... | ... |
@@ -321,7 +321,7 @@ jobs: |
| 321 | 321 |
- |
| 322 | 322 |
name: Create gha matrix |
| 323 | 323 |
id: set |
| 324 |
- uses: actions/github-script@v8 |
|
| 324 |
+ uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 |
|
| 325 | 325 |
with: |
| 326 | 326 |
script: | |
| 327 | 327 |
let matrix = {
|
| ... | ... |
@@ -393,7 +393,7 @@ jobs: |
| 393 | 393 |
steps: |
| 394 | 394 |
- |
| 395 | 395 |
name: Checkout |
| 396 |
- uses: actions/checkout@v6 |
|
| 396 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 397 | 397 |
- |
| 398 | 398 |
name: Set up runner |
| 399 | 399 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -421,7 +421,7 @@ jobs: |
| 421 | 421 |
buildkitd-flags: --debug |
| 422 | 422 |
- |
| 423 | 423 |
name: Build dev image |
| 424 |
- uses: docker/bake-action@v7 |
|
| 424 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 425 | 425 |
with: |
| 426 | 426 |
targets: dev |
| 427 | 427 |
set: | |
| ... | ... |
@@ -452,7 +452,7 @@ jobs: |
| 452 | 452 |
tree -nh $reportsPath |
| 453 | 453 |
- |
| 454 | 454 |
name: Send to Codecov |
| 455 |
- uses: codecov/codecov-action@v5 |
|
| 455 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 456 | 456 |
with: |
| 457 | 457 |
directory: ./bundles/test-integration |
| 458 | 458 |
env_vars: RUNNER_OS |
| ... | ... |
@@ -466,7 +466,7 @@ jobs: |
| 466 | 466 |
- |
| 467 | 467 |
name: Upload reports |
| 468 | 468 |
if: always() |
| 469 |
- uses: actions/upload-artifact@v7 |
|
| 469 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 470 | 470 |
with: |
| 471 | 471 |
name: test-reports-integration-cli-${{ inputs.storage }}-${{ matrix.mode }}-${{ env.TESTREPORTS_NAME }}
|
| 472 | 472 |
path: /tmp/reports/* |
| ... | ... |
@@ -482,13 +482,13 @@ jobs: |
| 482 | 482 |
steps: |
| 483 | 483 |
- |
| 484 | 484 |
name: Set up Go |
| 485 |
- uses: actions/setup-go@v6 |
|
| 485 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 486 | 486 |
with: |
| 487 | 487 |
go-version: ${{ env.GO_VERSION }}
|
| 488 | 488 |
cache: false |
| 489 | 489 |
- |
| 490 | 490 |
name: Download reports |
| 491 |
- uses: actions/download-artifact@v8 |
|
| 491 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 492 | 492 |
with: |
| 493 | 493 |
path: /tmp/reports |
| 494 | 494 |
pattern: test-reports-integration-cli-${{ inputs.storage }}-${{ matrix.mode }}-*
|
| ... | ... |
@@ -45,7 +45,7 @@ jobs: |
| 45 | 45 |
steps: |
| 46 | 46 |
- |
| 47 | 47 |
name: Checkout |
| 48 |
- uses: actions/checkout@v6 |
|
| 48 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 49 | 49 |
- |
| 50 | 50 |
name: Set up Lima |
| 51 | 51 |
uses: lima-vm/lima-actions/setup@55627e31b78637bf254a8b2a14da8ea7d12564e5 # v1.1.0 |
| ... | ... |
@@ -54,7 +54,7 @@ jobs: |
| 54 | 54 |
version: v2.0.2 |
| 55 | 55 |
- |
| 56 | 56 |
name: Cache ~/.cache/lima |
| 57 |
- uses: actions/cache@v5 |
|
| 57 |
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 |
|
| 58 | 58 |
with: |
| 59 | 59 |
path: ~/.cache/lima |
| 60 | 60 |
key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ inputs.template }}
|
| ... | ... |
@@ -67,7 +67,9 @@ jobs: |
| 67 | 67 |
--cpus=4 \ |
| 68 | 68 |
--memory=12 \ |
| 69 | 69 |
--plain \ |
| 70 |
- ${{ inputs.template }}
|
|
| 70 |
+ ${INPUTS_TEMPLATE}
|
|
| 71 |
+ env: |
|
| 72 |
+ INPUTS_TEMPLATE: ${{ inputs.template }}
|
|
| 71 | 73 |
- |
| 72 | 74 |
name: Load kernel modules in the guest VM |
| 73 | 75 |
run: | |
| ... | ... |
@@ -142,13 +144,15 @@ jobs: |
| 142 | 142 |
# TODO: enable GHA cache? |
| 143 | 143 |
LIMA_WORKDIR=/tmp/docker lima \ |
| 144 | 144 |
TEST_SKIP_INTEGRATION_CLI=1 \ |
| 145 |
- TEST_INTEGRATION_DIR="${{ inputs.integration_dir }}" \
|
|
| 145 |
+ TEST_INTEGRATION_DIR="${INPUTS_INTEGRATION_DIR}" \
|
|
| 146 | 146 |
TEST_INTEGRATION_USE_GRAPHDRIVER=1 \ |
| 147 | 147 |
DOCKER_ROOTLESS=${DOCKER_ROOTLESS} \
|
| 148 | 148 |
DOCKER_GRAPHDRIVER=${DOCKER_GRAPHDRIVER} \
|
| 149 | 149 |
DOCKER_IGNORE_BR_NETFILTER_ERROR=${DOCKER_IGNORE_BR_NETFILTER_ERROR} \
|
| 150 | 150 |
TIMEOUT=15m \ |
| 151 | 151 |
make test-integration |
| 152 |
+ env: |
|
| 153 |
+ INPUTS_INTEGRATION_DIR: ${{ inputs.integration_dir }}
|
|
| 152 | 154 |
- |
| 153 | 155 |
name: Prepare reports |
| 154 | 156 |
if: always() |
| ... | ... |
@@ -176,7 +180,7 @@ jobs: |
| 176 | 176 |
- |
| 177 | 177 |
name: Upload reports |
| 178 | 178 |
if: always() |
| 179 |
- uses: actions/upload-artifact@v7 |
|
| 179 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 180 | 180 |
with: |
| 181 | 181 |
name: test-reports-integration-${{ env.TESTREPORTS_NAME }}
|
| 182 | 182 |
path: /tmp/reports/* |
| ... | ... |
@@ -192,7 +196,7 @@ jobs: |
| 192 | 192 |
steps: |
| 193 | 193 |
- |
| 194 | 194 |
name: Set up Go |
| 195 |
- uses: actions/setup-go@v6 |
|
| 195 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 196 | 196 |
with: |
| 197 | 197 |
go-version: ${{ env.GO_VERSION }}
|
| 198 | 198 |
cache: false |
| ... | ... |
@@ -204,7 +208,7 @@ jobs: |
| 204 | 204 |
echo "TESTREPORTS_NAME=${TEMPLATE}*" >> $GITHUB_ENV
|
| 205 | 205 |
- |
| 206 | 206 |
name: Download reports |
| 207 |
- uses: actions/download-artifact@v8 |
|
| 207 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 208 | 208 |
with: |
| 209 | 209 |
path: /tmp/reports |
| 210 | 210 |
pattern: test-reports-integration-${{ env.TESTREPORTS_NAME }}
|
| ... | ... |
@@ -53,7 +53,7 @@ jobs: |
| 53 | 53 |
steps: |
| 54 | 54 |
- |
| 55 | 55 |
name: Checkout |
| 56 |
- uses: actions/checkout@v6 |
|
| 56 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 57 | 57 |
with: |
| 58 | 58 |
path: ${{ env.GOPATH }}/src/github.com/docker/docker
|
| 59 | 59 |
- |
| ... | ... |
@@ -100,7 +100,7 @@ jobs: |
| 100 | 100 |
Get-ChildItem -Path ${{ env.BIN_OUT }}
|
| 101 | 101 |
- |
| 102 | 102 |
name: Upload artifacts |
| 103 |
- uses: actions/upload-artifact@v7 |
|
| 103 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 104 | 104 |
with: |
| 105 | 105 |
name: build-${{ inputs.storage }}-${{ inputs.os }}
|
| 106 | 106 |
path: ${{ env.BIN_OUT }}/*
|
| ... | ... |
@@ -119,7 +119,7 @@ jobs: |
| 119 | 119 |
steps: |
| 120 | 120 |
- |
| 121 | 121 |
name: Checkout |
| 122 |
- uses: actions/checkout@v6 |
|
| 122 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 123 | 123 |
with: |
| 124 | 124 |
path: ${{ env.GOPATH }}/src/github.com/docker/docker
|
| 125 | 125 |
- |
| ... | ... |
@@ -158,7 +158,7 @@ jobs: |
| 158 | 158 |
- |
| 159 | 159 |
name: Send to Codecov |
| 160 | 160 |
if: inputs.send_coverage |
| 161 |
- uses: codecov/codecov-action@v5 |
|
| 161 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 162 | 162 |
with: |
| 163 | 163 |
working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
|
| 164 | 164 |
directory: bundles |
| ... | ... |
@@ -168,7 +168,7 @@ jobs: |
| 168 | 168 |
- |
| 169 | 169 |
name: Upload reports |
| 170 | 170 |
if: always() |
| 171 |
- uses: actions/upload-artifact@v7 |
|
| 171 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 172 | 172 |
with: |
| 173 | 173 |
name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
|
| 174 | 174 |
path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
|
| ... | ... |
@@ -183,13 +183,13 @@ jobs: |
| 183 | 183 |
steps: |
| 184 | 184 |
- |
| 185 | 185 |
name: Set up Go |
| 186 |
- uses: actions/setup-go@v6 |
|
| 186 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 187 | 187 |
with: |
| 188 | 188 |
go-version: ${{ env.GO_VERSION }}
|
| 189 | 189 |
cache: false |
| 190 | 190 |
- |
| 191 | 191 |
name: Download artifacts |
| 192 |
- uses: actions/download-artifact@v8 |
|
| 192 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 193 | 193 |
with: |
| 194 | 194 |
name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
|
| 195 | 195 |
path: /tmp/artifacts |
| ... | ... |
@@ -210,10 +210,10 @@ jobs: |
| 210 | 210 |
steps: |
| 211 | 211 |
- |
| 212 | 212 |
name: Checkout |
| 213 |
- uses: actions/checkout@v6 |
|
| 213 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 214 | 214 |
- |
| 215 | 215 |
name: Set up Go |
| 216 |
- uses: actions/setup-go@v6 |
|
| 216 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 217 | 217 |
with: |
| 218 | 218 |
go-version: ${{ env.GO_VERSION }}
|
| 219 | 219 |
cache: false |
| ... | ... |
@@ -266,12 +266,12 @@ jobs: |
| 266 | 266 |
steps: |
| 267 | 267 |
- |
| 268 | 268 |
name: Checkout |
| 269 |
- uses: actions/checkout@v6 |
|
| 269 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 270 | 270 |
with: |
| 271 | 271 |
path: ${{ env.GOPATH }}/src/github.com/docker/docker
|
| 272 | 272 |
- |
| 273 | 273 |
name: Set up Go |
| 274 |
- uses: actions/setup-go@v6 |
|
| 274 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 275 | 275 |
with: |
| 276 | 276 |
go-version: ${{ env.GO_VERSION }}
|
| 277 | 277 |
cache: false |
| ... | ... |
@@ -297,7 +297,7 @@ jobs: |
| 297 | 297 |
Get-ChildItem Env: | Out-String |
| 298 | 298 |
- |
| 299 | 299 |
name: Download artifacts |
| 300 |
- uses: actions/download-artifact@v8 |
|
| 300 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 301 | 301 |
with: |
| 302 | 302 |
name: build-${{ inputs.storage }}-${{ inputs.os }}
|
| 303 | 303 |
path: ${{ env.BIN_OUT }}
|
| ... | ... |
@@ -443,7 +443,7 @@ jobs: |
| 443 | 443 |
- |
| 444 | 444 |
name: Send to Codecov |
| 445 | 445 |
if: inputs.send_coverage |
| 446 |
- uses: codecov/codecov-action@v5 |
|
| 446 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 447 | 447 |
with: |
| 448 | 448 |
working-directory: ${{ env.GOPATH }}\src\github.com\docker\docker
|
| 449 | 449 |
directory: bundles |
| ... | ... |
@@ -482,7 +482,7 @@ jobs: |
| 482 | 482 |
- |
| 483 | 483 |
name: Upload reports |
| 484 | 484 |
if: always() |
| 485 |
- uses: actions/upload-artifact@v7 |
|
| 485 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 486 | 486 |
with: |
| 487 | 487 |
name: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-${{ env.TESTREPORTS_NAME }}
|
| 488 | 488 |
path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
|
| ... | ... |
@@ -509,13 +509,13 @@ jobs: |
| 509 | 509 |
steps: |
| 510 | 510 |
- |
| 511 | 511 |
name: Set up Go |
| 512 |
- uses: actions/setup-go@v6 |
|
| 512 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 513 | 513 |
with: |
| 514 | 514 |
go-version: ${{ env.GO_VERSION }}
|
| 515 | 515 |
cache: false |
| 516 | 516 |
- |
| 517 | 517 |
name: Download reports |
| 518 |
- uses: actions/download-artifact@v8 |
|
| 518 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 519 | 519 |
with: |
| 520 | 520 |
path: /tmp/reports |
| 521 | 521 |
pattern: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-*
|
| ... | ... |
@@ -56,7 +56,7 @@ jobs: |
| 56 | 56 |
buildkitd-flags: --debug |
| 57 | 57 |
- |
| 58 | 58 |
name: Build |
| 59 |
- uses: docker/bake-action@v7 |
|
| 59 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 60 | 60 |
with: |
| 61 | 61 |
targets: ${{ matrix.target }}
|
| 62 | 62 |
- |
| ... | ... |
@@ -84,7 +84,7 @@ jobs: |
| 84 | 84 |
buildkitd-flags: --debug |
| 85 | 85 |
- |
| 86 | 86 |
name: Build dev image |
| 87 |
- uses: docker/bake-action@v7 |
|
| 87 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 88 | 88 |
with: |
| 89 | 89 |
targets: dev |
| 90 | 90 |
set: | |
| ... | ... |
@@ -101,7 +101,7 @@ jobs: |
| 101 | 101 |
steps: |
| 102 | 102 |
- |
| 103 | 103 |
name: Checkout |
| 104 |
- uses: actions/checkout@v6 |
|
| 104 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 105 | 105 |
- |
| 106 | 106 |
name: Set up runner |
| 107 | 107 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -117,7 +117,7 @@ jobs: |
| 117 | 117 |
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 |
| 118 | 118 |
- |
| 119 | 119 |
name: Build dev image |
| 120 |
- uses: docker/bake-action@v7 |
|
| 120 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 121 | 121 |
with: |
| 122 | 122 |
targets: dev |
| 123 | 123 |
set: | |
| ... | ... |
@@ -137,7 +137,7 @@ jobs: |
| 137 | 137 |
tree -nh /tmp/reports |
| 138 | 138 |
- |
| 139 | 139 |
name: Send to Codecov |
| 140 |
- uses: codecov/codecov-action@v5 |
|
| 140 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 141 | 141 |
with: |
| 142 | 142 |
directory: ./bundles |
| 143 | 143 |
env_vars: RUNNER_OS |
| ... | ... |
@@ -146,7 +146,7 @@ jobs: |
| 146 | 146 |
- |
| 147 | 147 |
name: Upload reports |
| 148 | 148 |
if: always() |
| 149 |
- uses: actions/upload-artifact@v7 |
|
| 149 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 150 | 150 |
with: |
| 151 | 151 |
name: test-reports-unit-arm64-graphdriver |
| 152 | 152 |
path: /tmp/reports/* |
| ... | ... |
@@ -162,13 +162,13 @@ jobs: |
| 162 | 162 |
steps: |
| 163 | 163 |
- |
| 164 | 164 |
name: Set up Go |
| 165 |
- uses: actions/setup-go@v6 |
|
| 165 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 166 | 166 |
with: |
| 167 | 167 |
go-version: ${{ env.GO_VERSION }}
|
| 168 | 168 |
cache: false |
| 169 | 169 |
- |
| 170 | 170 |
name: Download reports |
| 171 |
- uses: actions/download-artifact@v8 |
|
| 171 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 172 | 172 |
with: |
| 173 | 173 |
pattern: test-reports-unit-arm64-* |
| 174 | 174 |
path: /tmp/reports |
| ... | ... |
@@ -191,7 +191,7 @@ jobs: |
| 191 | 191 |
steps: |
| 192 | 192 |
- |
| 193 | 193 |
name: Checkout |
| 194 |
- uses: actions/checkout@v6 |
|
| 194 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 195 | 195 |
- |
| 196 | 196 |
name: Set up runner |
| 197 | 197 |
uses: ./.github/actions/setup-runner |
| ... | ... |
@@ -210,7 +210,7 @@ jobs: |
| 210 | 210 |
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 |
| 211 | 211 |
- |
| 212 | 212 |
name: Build dev image |
| 213 |
- uses: docker/bake-action@v7 |
|
| 213 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 214 | 214 |
with: |
| 215 | 215 |
targets: dev |
| 216 | 216 |
set: | |
| ... | ... |
@@ -236,7 +236,7 @@ jobs: |
| 236 | 236 |
tree -nh $reportsPath |
| 237 | 237 |
- |
| 238 | 238 |
name: Send to Codecov |
| 239 |
- uses: codecov/codecov-action@v5 |
|
| 239 |
+ uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5 |
|
| 240 | 240 |
with: |
| 241 | 241 |
directory: ./bundles/test-integration |
| 242 | 242 |
env_vars: RUNNER_OS |
| ... | ... |
@@ -250,7 +250,7 @@ jobs: |
| 250 | 250 |
- |
| 251 | 251 |
name: Upload reports |
| 252 | 252 |
if: always() |
| 253 |
- uses: actions/upload-artifact@v7 |
|
| 253 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 254 | 254 |
with: |
| 255 | 255 |
name: test-reports-integration-arm64-graphdriver |
| 256 | 256 |
path: /tmp/reports/* |
| ... | ... |
@@ -266,13 +266,13 @@ jobs: |
| 266 | 266 |
steps: |
| 267 | 267 |
- |
| 268 | 268 |
name: Set up Go |
| 269 |
- uses: actions/setup-go@v6 |
|
| 269 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 270 | 270 |
with: |
| 271 | 271 |
go-version: ${{ env.GO_VERSION }}
|
| 272 | 272 |
cache: false |
| 273 | 273 |
- |
| 274 | 274 |
name: Download reports |
| 275 |
- uses: actions/download-artifact@v8 |
|
| 275 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 276 | 276 |
with: |
| 277 | 277 |
path: /tmp/reports |
| 278 | 278 |
pattern: test-reports-integration-arm64-* |
| ... | ... |
@@ -32,7 +32,7 @@ jobs: |
| 32 | 32 |
|
| 33 | 33 |
build: |
| 34 | 34 |
if: ${{ !failure() && !cancelled() && (github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'ci/validate-only')) }}
|
| 35 |
- uses: docker/github-builder/.github/workflows/bake.yml@v1 |
|
| 35 |
+ uses: docker/github-builder@70313223e2665c3211b454b3fea6534624e78d64 # v1 |
|
| 36 | 36 |
needs: |
| 37 | 37 |
- validate-dco |
| 38 | 38 |
permissions: |
| ... | ... |
@@ -48,12 +48,12 @@ jobs: |
| 48 | 48 |
buildkitd-flags: --debug |
| 49 | 49 |
- |
| 50 | 50 |
name: Build |
| 51 |
- uses: docker/bake-action@v7 |
|
| 51 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 52 | 52 |
with: |
| 53 | 53 |
targets: binary |
| 54 | 54 |
- |
| 55 | 55 |
name: Upload artifacts |
| 56 |
- uses: actions/upload-artifact@v7 |
|
| 56 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 57 | 57 |
with: |
| 58 | 58 |
name: binary |
| 59 | 59 |
path: ${{ env.DESTDIR }}
|
| ... | ... |
@@ -97,15 +97,15 @@ jobs: |
| 97 | 97 |
# https://github.com/moby/buildkit/blob/567a99433ca23402d5e9b9f9124005d2e59b8861/client/client_test.go#L5407-L5411 |
| 98 | 98 |
- |
| 99 | 99 |
name: Expose GitHub Runtime |
| 100 |
- uses: crazy-max/ghaction-github-runtime@v4 |
|
| 100 |
+ uses: crazy-max/ghaction-github-runtime@04d248b84655b509d8c44dc1d6f990c879747487 # v4 |
|
| 101 | 101 |
- |
| 102 | 102 |
name: Checkout |
| 103 |
- uses: actions/checkout@v6 |
|
| 103 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 104 | 104 |
with: |
| 105 | 105 |
path: moby |
| 106 | 106 |
- |
| 107 | 107 |
name: Set up Go |
| 108 |
- uses: actions/setup-go@v6 |
|
| 108 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 109 | 109 |
with: |
| 110 | 110 |
go-version: ${{ env.GO_VERSION }}
|
| 111 | 111 |
cache: false |
| ... | ... |
@@ -116,7 +116,7 @@ jobs: |
| 116 | 116 |
working-directory: moby |
| 117 | 117 |
- |
| 118 | 118 |
name: Checkout BuildKit ${{ env.BUILDKIT_REF }}
|
| 119 |
- uses: actions/checkout@v6 |
|
| 119 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 120 | 120 |
with: |
| 121 | 121 |
repository: ${{ env.BUILDKIT_REPO }}
|
| 122 | 122 |
ref: ${{ env.BUILDKIT_REF }}
|
| ... | ... |
@@ -133,7 +133,7 @@ jobs: |
| 133 | 133 |
buildkitd-flags: --debug |
| 134 | 134 |
- |
| 135 | 135 |
name: Download binary artifacts |
| 136 |
- uses: actions/download-artifact@v8 |
|
| 136 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 137 | 137 |
with: |
| 138 | 138 |
name: binary |
| 139 | 139 |
path: ./buildkit/build/moby/ |
| ... | ... |
@@ -146,7 +146,7 @@ jobs: |
| 146 | 146 |
docker info |
| 147 | 147 |
- |
| 148 | 148 |
name: Build test image |
| 149 |
- uses: docker/bake-action@v7 |
|
| 149 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 150 | 150 |
with: |
| 151 | 151 |
source: ./buildkit |
| 152 | 152 |
targets: integration-tests |
| ... | ... |
@@ -183,7 +183,7 @@ jobs: |
| 183 | 183 |
working-directory: ${{ env.GOPATH }}/src/github.com/docker/docker
|
| 184 | 184 |
steps: |
| 185 | 185 |
- name: Checkout |
| 186 |
- uses: actions/checkout@v6 |
|
| 186 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 187 | 187 |
with: |
| 188 | 188 |
path: ${{ env.GOPATH }}/src/github.com/docker/docker
|
| 189 | 189 |
|
| ... | ... |
@@ -198,7 +198,7 @@ jobs: |
| 198 | 198 |
echo "WINDOWS_BASE_IMAGE_TAG=${{ env.WINDOWS_BASE_TAG_2022 }}" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append
|
| 199 | 199 |
|
| 200 | 200 |
- name: Set up Go |
| 201 |
- uses: actions/setup-go@v6 |
|
| 201 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 202 | 202 |
with: |
| 203 | 203 |
go-version: ${{ env.GO_VERSION }}
|
| 204 | 204 |
cache: false |
| ... | ... |
@@ -224,7 +224,7 @@ jobs: |
| 224 | 224 |
go install github.com/distribution/distribution/v3/cmd/registry@latest |
| 225 | 225 |
|
| 226 | 226 |
- name: Checkout BuildKit |
| 227 |
- uses: actions/checkout@v6 |
|
| 227 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 228 | 228 |
with: |
| 229 | 229 |
repository: moby/buildkit |
| 230 | 230 |
ref: master |
| ... | ... |
@@ -247,7 +247,7 @@ jobs: |
| 247 | 247 |
cp ${{ env.GOPATH }}\bin\buildctl.exe ${{ env.BIN_OUT }}
|
| 248 | 248 |
|
| 249 | 249 |
- name: Upload artifacts |
| 250 |
- uses: actions/upload-artifact@v7 |
|
| 250 |
+ uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 |
|
| 251 | 251 |
with: |
| 252 | 252 |
name: build-windows |
| 253 | 253 |
path: ${{ env.BIN_OUT }}/*
|
| ... | ... |
@@ -303,15 +303,15 @@ jobs: |
| 303 | 303 |
echo "BUILDKIT_TEST_DISABLE_FEATURES=${disabledFeatures}" >> $GITHUB_ENV
|
| 304 | 304 |
|
| 305 | 305 |
- name: Expose GitHub Runtime |
| 306 |
- uses: crazy-max/ghaction-github-runtime@v4 |
|
| 306 |
+ uses: crazy-max/ghaction-github-runtime@04d248b84655b509d8c44dc1d6f990c879747487 # v4 |
|
| 307 | 307 |
|
| 308 | 308 |
- name: Checkout |
| 309 |
- uses: actions/checkout@v6 |
|
| 309 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 310 | 310 |
with: |
| 311 | 311 |
path: moby |
| 312 | 312 |
|
| 313 | 313 |
- name: Set up Go |
| 314 |
- uses: actions/setup-go@v6 |
|
| 314 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 315 | 315 |
with: |
| 316 | 316 |
go-version: ${{ env.GO_VERSION }}
|
| 317 | 317 |
cache: false |
| ... | ... |
@@ -323,14 +323,14 @@ jobs: |
| 323 | 323 |
working-directory: moby |
| 324 | 324 |
|
| 325 | 325 |
- name: Checkout BuildKit ${{ env.BUILDKIT_REF }}
|
| 326 |
- uses: actions/checkout@v6 |
|
| 326 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 327 | 327 |
with: |
| 328 | 328 |
repository: ${{ env.BUILDKIT_REPO }}
|
| 329 | 329 |
ref: ${{ env.BUILDKIT_REF }}
|
| 330 | 330 |
path: buildkit |
| 331 | 331 |
|
| 332 | 332 |
- name: Download Moby artifacts |
| 333 |
- uses: actions/download-artifact@v8 |
|
| 333 |
+ uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 |
|
| 334 | 334 |
with: |
| 335 | 335 |
name: build-windows |
| 336 | 336 |
path: ${{ env.BIN_OUT }}
|
| ... | ... |
@@ -52,7 +52,7 @@ jobs: |
| 52 | 52 |
buildkitd-flags: --debug |
| 53 | 53 |
- |
| 54 | 54 |
name: Build |
| 55 |
- uses: docker/bake-action@v7 |
|
| 55 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 56 | 56 |
with: |
| 57 | 57 |
targets: ${{ matrix.target }}
|
| 58 | 58 |
- |
| ... | ... |
@@ -75,7 +75,7 @@ jobs: |
| 75 | 75 |
steps: |
| 76 | 76 |
- |
| 77 | 77 |
name: Checkout |
| 78 |
- uses: actions/checkout@v6 |
|
| 78 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 79 | 79 |
- |
| 80 | 80 |
name: Create matrix |
| 81 | 81 |
id: platforms |
| ... | ... |
@@ -113,7 +113,7 @@ jobs: |
| 113 | 113 |
buildkitd-flags: --debug |
| 114 | 114 |
- |
| 115 | 115 |
name: Build |
| 116 |
- uses: docker/bake-action@v7 |
|
| 116 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 117 | 117 |
with: |
| 118 | 118 |
targets: all |
| 119 | 119 |
set: | |
| ... | ... |
@@ -146,7 +146,7 @@ jobs: |
| 146 | 146 |
buildkitd-flags: --debug |
| 147 | 147 |
- |
| 148 | 148 |
name: Run |
| 149 |
- uses: docker/bake-action@v7 |
|
| 149 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 150 | 150 |
with: |
| 151 | 151 |
targets: govulncheck |
| 152 | 152 |
env: |
| ... | ... |
@@ -154,7 +154,7 @@ jobs: |
| 154 | 154 |
- |
| 155 | 155 |
name: Upload SARIF report |
| 156 | 156 |
if: ${{ github.event_name != 'pull_request' && github.repository == 'moby/moby' }}
|
| 157 |
- uses: github/codeql-action/upload-sarif@v4 |
|
| 157 |
+ uses: github/codeql-action@38697555549f1db7851b81482ff19f1fa5c4fedc # v4 |
|
| 158 | 158 |
with: |
| 159 | 159 |
sarif_file: ${{ env.DESTDIR }}/govulncheck.out
|
| 160 | 160 |
|
| ... | ... |
@@ -173,7 +173,7 @@ jobs: |
| 173 | 173 |
buildkitd-flags: --debug |
| 174 | 174 |
- |
| 175 | 175 |
name: Build dind image |
| 176 |
- uses: docker/bake-action@v7 |
|
| 176 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 177 | 177 |
with: |
| 178 | 178 |
targets: dind |
| 179 | 179 |
set: | |
| ... | ... |
@@ -47,21 +47,21 @@ jobs: |
| 47 | 47 |
|
| 48 | 48 |
steps: |
| 49 | 49 |
- name: Checkout |
| 50 |
- uses: actions/checkout@v6 |
|
| 50 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 51 | 51 |
with: |
| 52 | 52 |
fetch-depth: 2 |
| 53 | 53 |
- name: Set up Go |
| 54 |
- uses: actions/setup-go@v6 |
|
| 54 |
+ uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 |
|
| 55 | 55 |
with: |
| 56 | 56 |
go-version: ${{ env.GO_VERSION }}
|
| 57 | 57 |
cache: false |
| 58 | 58 |
- name: Initialize CodeQL |
| 59 |
- uses: github/codeql-action/init@v4 |
|
| 59 |
+ uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 |
|
| 60 | 60 |
with: |
| 61 | 61 |
languages: go |
| 62 | 62 |
- name: Autobuild |
| 63 |
- uses: github/codeql-action/autobuild@v4 |
|
| 63 |
+ uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 |
|
| 64 | 64 |
- name: Perform CodeQL Analysis |
| 65 |
- uses: github/codeql-action/analyze@v4 |
|
| 65 |
+ uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 |
|
| 66 | 66 |
with: |
| 67 | 67 |
category: "/language:go" |
| ... | ... |
@@ -61,7 +61,7 @@ jobs: |
| 61 | 61 |
buildkitd-flags: --debug |
| 62 | 62 |
- |
| 63 | 63 |
name: Build dev image |
| 64 |
- uses: docker/bake-action@v7 |
|
| 64 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 65 | 65 |
with: |
| 66 | 66 |
targets: dev |
| 67 | 67 |
set: | |
| ... | ... |
@@ -71,7 +71,7 @@ jobs: |
| 71 | 71 |
- |
| 72 | 72 |
name: Cache dev image |
| 73 | 73 |
if: matrix.mode == '' |
| 74 |
- uses: actions/cache/save@v5 |
|
| 74 |
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 |
|
| 75 | 75 |
with: |
| 76 | 76 |
key: dev-image-${{ github.run_id }}
|
| 77 | 77 |
path: /tmp/dev-image.tar |
| ... | ... |
@@ -110,7 +110,7 @@ jobs: |
| 110 | 110 |
steps: |
| 111 | 111 |
- |
| 112 | 112 |
name: Checkout |
| 113 |
- uses: actions/checkout@v6 |
|
| 113 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 114 | 114 |
- |
| 115 | 115 |
name: Create matrix |
| 116 | 116 |
id: scripts |
| ... | ... |
@@ -134,7 +134,7 @@ jobs: |
| 134 | 134 |
steps: |
| 135 | 135 |
- |
| 136 | 136 |
name: Checkout |
| 137 |
- uses: actions/checkout@v6 |
|
| 137 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 138 | 138 |
with: |
| 139 | 139 |
fetch-depth: 0 |
| 140 | 140 |
- |
| ... | ... |
@@ -149,7 +149,7 @@ jobs: |
| 149 | 149 |
buildkitd-flags: --debug |
| 150 | 150 |
- |
| 151 | 151 |
name: Restore dev image |
| 152 |
- uses: actions/cache/restore@v5 |
|
| 152 |
+ uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 |
|
| 153 | 153 |
with: |
| 154 | 154 |
key: dev-image-${{ github.run_id }}
|
| 155 | 155 |
path: /tmp/dev-image.tar |
| ... | ... |
@@ -175,7 +175,7 @@ jobs: |
| 175 | 175 |
steps: |
| 176 | 176 |
- |
| 177 | 177 |
name: Checkout |
| 178 |
- uses: actions/checkout@v6 |
|
| 178 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 179 | 179 |
- |
| 180 | 180 |
name: Build api module image |
| 181 | 181 |
run: | |
| ... | ... |
@@ -197,7 +197,7 @@ jobs: |
| 197 | 197 |
steps: |
| 198 | 198 |
- |
| 199 | 199 |
name: Checkout |
| 200 |
- uses: actions/checkout@v6 |
|
| 200 |
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 |
|
| 201 | 201 |
- |
| 202 | 202 |
name: Create matrix |
| 203 | 203 |
id: platforms |
| ... | ... |
@@ -237,7 +237,7 @@ jobs: |
| 237 | 237 |
buildkitd-flags: --debug |
| 238 | 238 |
- |
| 239 | 239 |
name: Test |
| 240 |
- uses: docker/bake-action@v7 |
|
| 240 |
+ uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7 |
|
| 241 | 241 |
with: |
| 242 | 242 |
targets: binary-smoketest |
| 243 | 243 |
set: | |