Skip to content

Commit f61b328

Browse files
J12934Reet00
J12934
authored and
Reet00
committed
Pin all github actions to their latest corresponding commits
Following best practices recommended by github: https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
1 parent bca0f31 commit f61b328

11 files changed

Lines changed: 138 additions & 141 deletions

.github/workflows/ci.yaml

Lines changed: 51 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,10 @@ jobs:
3434
name: "Unit Test | Node.js Scanner Test Helpers"
3535
runs-on: ubuntu-24.04
3636
steps:
37-
- uses: actions/checkout@v5
37+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
3838

3939
- name: Install bun
40-
uses: oven-sh/setup-bun@v2
40+
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2
4141

4242
- name: Install dependencies
4343
working-directory: tests/integration
@@ -50,7 +50,7 @@ jobs:
5050
name: "Setup Kind & Kubectl & Helm & Task"
5151
runs-on: ubuntu-24.04
5252
steps:
53-
- uses: actions/checkout@v5
53+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
5454

5555
- name: Install Kind
5656
run: |
@@ -75,25 +75,25 @@ jobs:
7575
chmod +x ./task
7676
7777
- name: Archive Kind
78-
uses: actions/upload-artifact@v4
78+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
7979
with:
8080
name: kind
8181
path: ./kind
8282

8383
- name: Archive Kubectl
84-
uses: actions/upload-artifact@v4
84+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
8585
with:
8686
name: kubectl
8787
path: ./kubectl
8888

8989
- name: Archive Helm
90-
uses: actions/upload-artifact@v4
90+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
9191
with:
9292
name: helm
9393
path: ./linux-amd64/helm
9494

9595
- name: Archive Task
96-
uses: actions/upload-artifact@v4
96+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
9797
with:
9898
name: task
9999
path: ./task
@@ -108,9 +108,9 @@ jobs:
108108
needs:
109109
- k8s-setup
110110
steps:
111-
- uses: actions/checkout@v5
111+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
112112
- name: Download Helm
113-
uses: actions/download-artifact@v5
113+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
114114
with:
115115
name: helm
116116
path: ./helm
@@ -128,7 +128,7 @@ jobs:
128128
helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST_VERSION }}
129129
130130
- name: Download Task
131-
uses: actions/download-artifact@v5
131+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
132132
with:
133133
name: task
134134
path: ./task
@@ -147,24 +147,24 @@ jobs:
147147
matrix:
148148
unit: ["persistence-defectdojo"]
149149
steps:
150-
- uses: actions/checkout@v5
150+
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
151151
with:
152152
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
153153
- name: Set up JDK 17
154-
uses: actions/setup-java@v4
154+
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4
155155
with:
156156
distribution: "temurin" # required Java distribution
157157
java-version: "17" # The JDK version to make available on the path.
158158
java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk
159159
architecture: x64 # (x64 or x86) - defaults to x64
160160
- name: Cache SonarCloud packages
161-
uses: actions/cache@v4
161+
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
162162
with:
163163
path: ~/.sonar/cache
164164
key: ${{ runner.os }}-sonar
165165
restore-keys: ${{ runner.os }}-sonar
166166
- name: Cache Gradle packages
167-
uses: actions/cache@v4
167+
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
168168
with:
169169
path: ~/.gradle/caches
170170
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
@@ -188,10 +188,10 @@ jobs:
188188
component: ["operator", "lurker"]
189189
steps:
190190
- name: Checkout
191-
uses: actions/checkout@v5
191+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
192192

193193
- name: Go Setup
194-
uses: actions/setup-go@v5
194+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
195195
with:
196196
go-version-file: 'operator/go.mod'
197197

@@ -214,7 +214,7 @@ jobs:
214214
run: make docker-export-${{ matrix.component }}
215215

216216
- name: Upload Image As Artifact
217-
uses: actions/upload-artifact@v4
217+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
218218
with:
219219
name: ${{ matrix.component }}-image
220220
path: ./operator/${{ matrix.component }}.tar
@@ -227,10 +227,10 @@ jobs:
227227
runs-on: ubuntu-24.04
228228
steps:
229229
- name: Checkout
230-
uses: actions/checkout@v5
230+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
231231

232232
- name: Go Setup
233-
uses: actions/setup-go@v5
233+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
234234
with:
235235
go-version-file: 'auto-discovery/kubernetes/go.mod'
236236

@@ -253,7 +253,7 @@ jobs:
253253
run: make docker-export
254254

255255
- name: Upload Image As Artifact
256-
uses: actions/upload-artifact@v4
256+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
257257
with:
258258
name: auto-discovery-image
259259
path: ./auto-discovery/kubernetes/auto-discovery-kubernetes.tar
@@ -267,27 +267,27 @@ jobs:
267267
- k8s-setup
268268
steps:
269269
- name: Checkout
270-
uses: actions/checkout@v5
270+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
271271

272272
- name: Setup Python Version
273-
uses: actions/setup-python@v5
273+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
274274
with:
275275
python-version: "${{ env.PYTHON_VERSION }}"
276276

277277
- name: Download Kind
278-
uses: actions/download-artifact@v5
278+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
279279
with:
280280
name: kind
281281
path: ./kind
282282

283283
- name: Download Kubectl
284-
uses: actions/download-artifact@v5
284+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
285285
with:
286286
name: kubectl
287287
path: ./kubectl
288288

289289
- name: Download Helm
290-
uses: actions/download-artifact@v5
290+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
291291
with:
292292
name: helm
293293
path: ./helm
@@ -317,7 +317,7 @@ jobs:
317317
run: make docker-export
318318

319319
- name: Upload Image As Artifact
320-
uses: actions/upload-artifact@v4
320+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
321321
with:
322322
name: auto-discovery-pull-secret-extractor
323323
path: ./auto-discovery/kubernetes/pull-secret-extractor/auto-discovery-secret-extractor.tar
@@ -344,10 +344,10 @@ jobs:
344344
runs-on: ubuntu-24.04
345345
steps:
346346
- name: Checkout
347-
uses: actions/checkout@v5
347+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
348348

349349
- name: Go Setup
350-
uses: actions/setup-go@v5
350+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
351351
with:
352352
go-version-file: 'auto-discovery/cloud-aws/go.mod'
353353

@@ -370,7 +370,7 @@ jobs:
370370
run: make docker-export
371371

372372
- name: Upload Image As Artifact
373-
uses: actions/upload-artifact@v4
373+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
374374
with:
375375
name: auto-discovery-cloud-aws-image
376376
path: ./auto-discovery/cloud-aws/auto-discovery-cloud-aws.tar
@@ -388,7 +388,7 @@ jobs:
388388
- hook-sdk
389389
steps:
390390
- name: Checkout
391-
uses: actions/checkout@v5
391+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
392392

393393
- name: Build Image
394394
working-directory: ./${{ matrix.sdk }}/nodejs
@@ -399,7 +399,7 @@ jobs:
399399
run: make docker-export-sdk
400400

401401
- name: Upload Artifact
402-
uses: actions/upload-artifact@v4
402+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
403403
with:
404404
name: ${{ matrix.sdk }}-image
405405
path: ./${{ matrix.sdk }}/nodejs/${{ matrix.sdk }}.tar
@@ -438,13 +438,13 @@ jobs:
438438
- zap-automation-framework
439439
steps:
440440
- name: Checkout
441-
uses: actions/checkout@v5
441+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
442442

443443
- name: Install bun
444-
uses: oven-sh/setup-bun@v2
444+
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2
445445

446446
- name: Download Task
447-
uses: actions/download-artifact@v5
447+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
448448
with:
449449
name: task
450450
path: ./task
@@ -454,19 +454,19 @@ jobs:
454454
chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task
455455
456456
- name: Download Kind
457-
uses: actions/download-artifact@v5
457+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
458458
with:
459459
name: kind
460460
path: ./kind
461461

462462
- name: Download Kubectl
463-
uses: actions/download-artifact@v5
463+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
464464
with:
465465
name: kubectl
466466
path: ./kubectl
467467

468468
- name: Download Helm
469-
uses: actions/download-artifact@v5
469+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
470470
with:
471471
name: helm
472472
path: ./helm
@@ -488,7 +488,7 @@ jobs:
488488
run: task test:unit
489489

490490
- name: Download Parser SDK Image
491-
uses: actions/download-artifact@v5
491+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
492492
with:
493493
name: parser-sdk-image
494494
path: /tmp
@@ -499,7 +499,7 @@ jobs:
499499
docker images | grep sdk
500500
501501
- name: Download Operator Image
502-
uses: actions/download-artifact@v5
502+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
503503
with:
504504
name: operator-image
505505
path: ./operator
@@ -510,7 +510,7 @@ jobs:
510510
docker images | grep operator
511511
512512
- name: Download Lurker Image
513-
uses: actions/download-artifact@v5
513+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
514514
with:
515515
name: lurker-image
516516
path: ./operator
@@ -591,13 +591,13 @@ jobs:
591591
# - persistence-static-report (WIP)
592592
steps:
593593
- name: Checkout
594-
uses: actions/checkout@v5
594+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
595595

596596
- name: Install bun
597-
uses: oven-sh/setup-bun@v2
597+
uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2
598598

599599
- name: Download Task
600-
uses: actions/download-artifact@v5
600+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
601601
with:
602602
name: task
603603
path: ./task
@@ -607,19 +607,19 @@ jobs:
607607
chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task
608608
609609
- name: Download Kind
610-
uses: actions/download-artifact@v5
610+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
611611
with:
612612
name: kind
613613
path: ./kind
614614

615615
- name: Download Kubectl
616-
uses: actions/download-artifact@v5
616+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
617617
with:
618618
name: kubectl
619619
path: ./kubectl
620620

621621
- name: Download Helm
622-
uses: actions/download-artifact@v5
622+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
623623
with:
624624
name: helm
625625
path: ./helm
@@ -641,7 +641,7 @@ jobs:
641641
run: task test:unit
642642

643643
- name: Download Parser SDK Image
644-
uses: actions/download-artifact@v5
644+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
645645
with:
646646
name: hook-sdk-image
647647
path: /tmp
@@ -652,7 +652,7 @@ jobs:
652652
docker images | grep sdk
653653
654654
- name: Download Operator Image
655-
uses: actions/download-artifact@v5
655+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
656656
with:
657657
name: operator-image
658658
path: ./operator
@@ -663,7 +663,7 @@ jobs:
663663
docker images | grep operator
664664
665665
- name: Download Lurker Image
666-
uses: actions/download-artifact@v5
666+
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
667667
with:
668668
name: lurker-image
669669
path: ./operator
@@ -725,10 +725,10 @@ jobs:
725725
runs-on: ubuntu-24.04
726726
steps:
727727
- name: Checkout code
728-
uses: actions/checkout@v5
728+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
729729

730730
- name: Set up Go
731-
uses: actions/setup-go@v5
731+
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
732732
with:
733733
go-version-file: 'scbctl/go.mod'
734734

.github/workflows/documentation-roulette.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ jobs:
1717
if: github.repository == 'secureCodeBox/secureCodeBox'
1818
steps:
1919
- name: Checkout repository
20-
uses: actions/checkout@v5
20+
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
2121

2222
# Request team members with the GitHub API using their gh cli
2323
- name: Fetch core-team members
@@ -38,7 +38,7 @@ jobs:
3838
echo "MEMBER=${MEMBERS[$index]}" >> $GITHUB_ENV
3939
4040
# Create issue and insert chosen member ({{ env.MEMBER}} in template)
41-
- uses: JasonEtco/create-an-issue@v2
41+
- uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2
4242
env:
4343
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4444
with:

0 commit comments

Comments
 (0)