diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 059c5fcf3..8cdff5e47 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -22,10 +22,10 @@ jobs: steps: - name: Checkout git repository 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: Set up Python 3.10 🐍 - uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 with: python-version: '3.10' @@ -35,12 +35,12 @@ jobs: shell: bash - name: Install poetry 🦄 - uses: Gr1N/setup-poetry@09236184f6c1ab47c0dc9c1001c7fe200cf2afb0 # v7 + uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Load Poetry Cached Libraries ⬇ - uses: actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-3.10-${{ hashFiles('**/poetry.lock') }} @@ -78,10 +78,10 @@ jobs: steps: - name: Checkout git repository 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: Set up Python ${{ matrix.python-version }} 🐍 - uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 with: python-version: ${{ matrix.python-version }} @@ -91,12 +91,12 @@ jobs: shell: bash - name: Install poetry 🦄 - uses: Gr1N/setup-poetry@09236184f6c1ab47c0dc9c1001c7fe200cf2afb0 # v7 + uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 with: poetry-version: ${{ env.POETRY_VERSION }} - name: Load Poetry Cached Libraries ⬇ - uses: actions/cache@70655ec8323daeeaa7ef06d7c56e1b9191396cbe + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 with: path: ~/.cache/pypoetry/virtualenvs key: ${{ runner.os }}-poetry-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }} @@ -119,7 +119,7 @@ jobs: name: Lint Dockerfile runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: Lint Dockerfile uses: brpaz/hadolint-action@1623ba61710b974b55ba455930e6f2c8ef919778 with: @@ -138,13 +138,13 @@ jobs: # to checkout HEAD commit for a pull request. # More details: https://github.com/actions/checkout/issues/299 - name: Checkout pull request HEAD commit instead of merge commit 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 if: github.event_name == 'pull_request' with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout git repository 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 if: github.event_name != 'pull_request' # Set environment variables for a pull request @@ -218,17 +218,17 @@ jobs: # to checkout HEAD commit for a pull request. # More details: https://github.com/actions/checkout/issues/299 - name: Checkout pull request HEAD commit instead of merge commit 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 if: github.event_name == 'pull_request' with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout git repository 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 if: github.event_name != 'pull_request' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@154c24e1f33dbb5865a021c99f1318cfebf27b32 + uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c with: version: v0.5.1 driver: docker @@ -269,10 +269,10 @@ jobs: steps: - name: Checkout git repository 🕝 - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: Set up Python 3.10 🐍 - uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5 + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 with: python-version: '3.10' @@ -282,7 +282,7 @@ jobs: shell: bash - name: Install poetry 🦄 - uses: Gr1N/setup-poetry@09236184f6c1ab47c0dc9c1001c7fe200cf2afb0 # v7 + uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 with: poetry-version: ${{ env.POETRY_VERSION }} diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml index c8f441142..9713fb3d9 100644 --- a/.github/workflows/security-scans.yml +++ b/.github/workflows/security-scans.yml @@ -8,7 +8,7 @@ jobs: snyk: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 - name: Run Snyk to check for package vulnerabilities uses: snyk/actions/python-3.8@master continue-on-error: true @@ -22,7 +22,7 @@ jobs: name: Detecting hardcoded secrets runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 with: # Fetch all history for all tags and branches fetch-depth: '0' diff --git a/.github/workflows/semgrep-check.yml b/.github/workflows/semgrep-check.yml index a6545d0e1..10e428e94 100644 --- a/.github/workflows/semgrep-check.yml +++ b/.github/workflows/semgrep-check.yml @@ -25,7 +25,7 @@ jobs: steps: # Fetch project source with GitHub Actions Checkout. - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # Run the "semgrep ci" command on the command line of the docker image. - run: semgrep ci env: