From ab693588c8140565644dc93e6499f509ade999b5 Mon Sep 17 00:00:00 2001 From: Esteban Beltran Date: Wed, 26 Mar 2025 08:19:53 -0600 Subject: [PATCH] Pin github action versions --- .github/workflows/check-labels.yml | 4 ++-- .github/workflows/ci.yml | 24 +++++++++---------- .../deploy-to-developer-portal-dev.yml | 8 +++---- .../deploy-to-developer-portal-prod.yml | 8 +++---- .github/workflows/playwright.yml | 10 ++++---- .github/workflows/stale-branches.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/test-build.yml | 6 ++--- 8 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/check-labels.yml b/.github/workflows/check-labels.yml index b43934174..be35561a2 100644 --- a/.github/workflows/check-labels.yml +++ b/.github/workflows/check-labels.yml @@ -19,9 +19,9 @@ jobs: if: ${{ github.actor != 'dependabot[bot]' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup node - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' cache: 'npm' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd18f43d9..ba74befa1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,13 +22,13 @@ jobs: NX_BRANCH: ${{ github.event.number || github.ref_name }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # We need to fetch all branches and commits so that Nx affected has a base to compare against. fetch-depth: 0 - - uses: nrwl/nx-set-shas@v4 + - uses: nrwl/nx-set-shas@dbe0650947e5f2c81f59190a38512cf49126fe6b # v4.3.0 - name: Setup .npmrc file for NPM registry - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' @@ -50,7 +50,7 @@ jobs: npm pack --workspace="@grafana/create-plugin" --workspace="@grafana/sign-plugin" --pack-destination="./packed-artifacts" cp ./.github/knip.json ./packed-artifacts - name: Upload artifacts for testing - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: packed-artifacts path: ./packed-artifacts @@ -87,13 +87,13 @@ jobs: hasBackend: false steps: - name: Setup .npmrc file for NPM registry - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' - name: Download packed artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 with: name: packed-artifacts path: ./packed-artifacts @@ -125,7 +125,7 @@ jobs: run: npm run test:ci working-directory: ./${{ matrix.workingDir }} - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version: '~1.22' check-latest: true @@ -133,7 +133,7 @@ jobs: if: ${{ matrix.hasBackend == true }} - name: Build plugin backend - uses: magefile/mage-action@v3 + uses: magefile/mage-action@6a5dcb5fe61f43d7c08a98bc3cf9bc63c308c08e # v3.0.0 with: version: latest args: -v build:linux @@ -152,7 +152,7 @@ jobs: DOCKERHUB_PASSWORD=dockerhub:password - name: Log in to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ env.DOCKERHUB_USERNAME }} password: ${{ env.DOCKERHUB_PASSWORD }} @@ -275,7 +275,7 @@ jobs: needs: [generate-plugins] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Publish report uses: grafana/plugin-actions/playwright-gh-pages/deploy-report-pages@main with: @@ -309,7 +309,7 @@ jobs: repo_secrets: | SLACK_WEBHOOK_URL=slack_webhook_url:slack_webhook_url - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: token: ${{ steps.generate_token.outputs.token }} @@ -317,7 +317,7 @@ jobs: run: git fetch --unshallow --tags - name: Setup environment - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' diff --git a/.github/workflows/deploy-to-developer-portal-dev.yml b/.github/workflows/deploy-to-developer-portal-dev.yml index 6e345c580..64183cffc 100644 --- a/.github/workflows/deploy-to-developer-portal-dev.yml +++ b/.github/workflows/deploy-to-developer-portal-dev.yml @@ -15,12 +15,12 @@ jobs: NX_BRANCH: ${{ github.event.number || github.ref_name }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.inputs.branch }} fetch-depth: 0 - name: Setup node - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' @@ -33,12 +33,12 @@ jobs: run: DEV_PORTAL_ENV=dev npm run docs:build - id: 'auth' - uses: 'google-github-actions/auth@v2' + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: credentials_json: ${{ secrets.GCP_SA_KEY_DEV }} - name: 'Set up Cloud SDK' - uses: 'google-github-actions/setup-gcloud@v2' + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: 'Deploy to Developer Portal Bucket' run: | diff --git a/.github/workflows/deploy-to-developer-portal-prod.yml b/.github/workflows/deploy-to-developer-portal-prod.yml index 48e7a1293..badd4a616 100644 --- a/.github/workflows/deploy-to-developer-portal-prod.yml +++ b/.github/workflows/deploy-to-developer-portal-prod.yml @@ -16,9 +16,9 @@ jobs: NX_BRANCH: ${{ github.event.number || github.ref_name }} steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup node - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' @@ -31,12 +31,12 @@ jobs: run: npm run docs:build - id: 'auth' - uses: 'google-github-actions/auth@v2' + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: credentials_json: ${{ secrets.GCP_SA_KEY }} - name: 'Set up Cloud SDK' - uses: 'google-github-actions/setup-gcloud@v2' + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: 'Deploy to Developer Portal Bucket' run: | diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml index 4745d5fb2..2aed073c6 100644 --- a/.github/workflows/playwright.yml +++ b/.github/workflows/playwright.yml @@ -19,7 +19,7 @@ jobs: matrix: ${{ steps.resolve-versions.outputs.matrix }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Resolve Grafana E2E versions id: resolve-versions uses: grafana/plugin-actions/e2e-version@main @@ -38,10 +38,10 @@ jobs: name: ${{ matrix.GRAFANA_IMAGE.name }}@${{ matrix.GRAFANA_IMAGE.VERSION }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Node.js environment - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org' @@ -63,7 +63,7 @@ jobs: DOCKERHUB_PASSWORD=dockerhub:password - name: Log in to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ env.DOCKERHUB_USERNAME }} password: ${{ env.DOCKERHUB_PASSWORD }} @@ -95,7 +95,7 @@ jobs: needs: [playwright-tests] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Publish report uses: grafana/plugin-actions/playwright-gh-pages/deploy-report-pages@main with: diff --git a/.github/workflows/stale-branches.yml b/.github/workflows/stale-branches.yml index 5ed2074f4..6a3ae828a 100644 --- a/.github/workflows/stale-branches.yml +++ b/.github/workflows/stale-branches.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Stale Branches - uses: crs-k/stale-branches@v7.0.0 + uses: crs-k/stale-branches@c6e09a3de1046d68b21eccdca23321d0ec277964 # v7.0.0 with: dry-run: true pr-check: true \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index a4ab346e8..f90b985ad 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -9,7 +9,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: # Number of days of inactivity before a stale Issue or Pull Request is closed. # Set to -1 to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index 0f3fe962c..eaeff2e54 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -13,7 +13,7 @@ jobs: outputs: docs: ${{ steps.filter.outputs.docs }} steps: - - uses: dorny/paths-filter@v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: filters: | @@ -30,9 +30,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup node - uses: actions/setup-node@v4 + uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: '22' registry-url: 'https://registry.npmjs.org'