Skip to content

Commit 877ea86

Browse files
vdicevdice
committed
chore(images): pin alpine:3.22.2 and busybox:1.37 to commit
chore(.github): pin the following actions to their commits: actions/checkout to v5.0.1 helm/kind-action to v1.13.0 docker/build-push-action to v6.18.0 docker/setup-buildx-action to v3.11.1 docker/setup-qemu-action to v3.7.0 docker/login-action to v3.6.0 Azure/setup-helm action to v4.3.1 AbsaOSS/k3d-action to v2.4.0 balchua/microk8s-actions to v0.4.3 Signed-off-by: Vaughn Dice <vaughn.dice@fermyon.com>
1 parent 0d32fbf commit 877ea86

File tree

12 files changed

+34
-34
lines changed

12 files changed

+34
-34
lines changed

.github/workflows/ci.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
name: Test
2828
runs-on: ubuntu-latest
2929
steps:
30-
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
30+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
3131
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
3232
with:
3333
go-version: "1.24"
@@ -37,7 +37,7 @@ jobs:
3737
name: Golangci-lint
3838
runs-on: ubuntu-latest
3939
steps:
40-
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
40+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
4141
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
4242
with:
4343
go-version: "1.24"

.github/workflows/container-image.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,13 +44,13 @@ jobs:
4444
digest: ${{ steps.setoutput.outputs.digest }}
4545
steps:
4646
- name: Checkout code
47-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
47+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
4848
- name: Set up QEMU
49-
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
49+
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
5050
- name: Set up Docker Buildx
51-
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
51+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
5252
- name: Login to GitHub Container Registry
53-
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
53+
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
5454
with:
5555
registry: ghcr.io
5656
username: ${{ github.repository_owner }}
@@ -70,7 +70,7 @@ jobs:
7070
- name: Build and push container image
7171
if: ${{ inputs.push-image }}
7272
id: build-image
73-
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
73+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
7474
with:
7575
context: ${{ inputs.docker-context }}
7676
file: ${{ inputs.dockerfile }}

.github/workflows/dependency-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ jobs:
2222
runs-on: ubuntu-latest
2323
steps:
2424
- name: "Checkout repository"
25-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
25+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
2626
- name: "Dependency Review"
2727
uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
2828
# Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.

.github/workflows/helm-chart-node-scaling-test.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -11,21 +11,21 @@ jobs:
1111
helm-node-scaling-test:
1212
runs-on: ubuntu-22.04
1313
steps:
14-
- uses: actions/checkout@v5
14+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
1515

1616
- name: Install helm
17-
uses: Azure/setup-helm@v4
17+
uses: Azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
1818
with:
1919
version: v3.15.4
2020

2121
- name: Set up QEMU
22-
uses: docker/setup-qemu-action@v3
22+
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
2323

2424
- name: Set up Docker Buildx
25-
uses: docker/setup-buildx-action@v3
25+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
2626

2727
- name: Build RCM
28-
uses: docker/build-push-action@v6
28+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
2929
with:
3030
context: .
3131
file: ./Dockerfile
@@ -37,7 +37,7 @@ jobs:
3737
runtime-class-manager:chart-test
3838
3939
- name: Build node installer
40-
uses: docker/build-push-action@v6
40+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
4141
with:
4242
context: .
4343
file: ./images/installer/Dockerfile
@@ -49,7 +49,7 @@ jobs:
4949
node-installer:chart-test
5050
5151
- name: Build shim downloader
52-
uses: docker/build-push-action@v6
52+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
5353
with:
5454
context: ./images/downloader
5555
file: ./images/downloader/Dockerfile
@@ -78,7 +78,7 @@ jobs:
7878
chmod +x kindscaler.sh
7979
8080
- name: create kind cluster
81-
uses: helm/kind-action@v1
81+
uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab # v1.13.0
8282
with:
8383
cluster_name: kind
8484
config: kind-config.yaml

.github/workflows/helm-chart-release.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,10 @@ jobs:
2424
runs-on: ubuntu-22.04
2525

2626
steps:
27-
- uses: actions/checkout@v5
27+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
2828

2929
- name: Install helm
30-
uses: Azure/setup-helm@v4
30+
uses: Azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
3131
with:
3232
version: v3.16.3
3333

@@ -46,7 +46,7 @@ jobs:
4646
fi
4747
4848
- name: Log into registry ${{ env.REGISTRY }}
49-
uses: docker/login-action@v3
49+
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
5050
with:
5151
registry: ${{ env.REGISTRY }}
5252
username: ${{ github.actor }}

.github/workflows/helm-chart-smoketest.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,16 +31,16 @@ jobs:
3131
file: "./images/installer/Dockerfile"
3232
}
3333
steps:
34-
- uses: actions/checkout@v5
34+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
3535

3636
- name: Set up QEMU
37-
uses: docker/setup-qemu-action@v3
37+
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
3838

3939
- name: Set up Docker Buildx
40-
uses: docker/setup-buildx-action@v3
40+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
4141

4242
- name: Build ${{ matrix.config.name }}
43-
uses: docker/build-push-action@v6
43+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
4444
with:
4545
context: ${{ matrix.config.context }}
4646
file: ${{ matrix.config.file }}
@@ -80,10 +80,10 @@ jobs:
8080
}
8181

8282
steps:
83-
- uses: actions/checkout@v5
83+
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
8484

8585
- name: Install helm
86-
uses: Azure/setup-helm@v4
86+
uses: Azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
8787
with:
8888
version: v3.17.2
8989

@@ -99,7 +99,7 @@ jobs:
9999
# Ref: https://github.com/orgs/community/discussions/25824
100100
- name: Create kind cluster
101101
if: matrix.config.type == 'kind'
102-
uses: helm/kind-action@v1
102+
uses: helm/kind-action@92086f6be054225fa813e0a4b13787fc9088faab # v1.13.0
103103
with:
104104
cluster_name: kind
105105
# Versions lower than v0.27.0 encounter https://github.com/kubernetes-sigs/kind/issues/3795
@@ -117,13 +117,13 @@ jobs:
117117
118118
- name: Create microk8s cluster
119119
if: matrix.config.type == 'microk8s'
120-
uses: balchua/microk8s-actions@v0.4.3
120+
uses: balchua/microk8s-actions@13f73436011eb4925c22526f64fb3ecdd81289a9 # v0.4.3
121121
with:
122122
channel: ${{ env.MICROK8S_CHANNEL }}
123123

124124
- name: Create k3d cluster
125125
if: matrix.config.type == 'k3d'
126-
uses: AbsaOSS/k3d-action@v2
126+
uses: AbsaOSS/k3d-action@4e8b3239042be1dc0aed6c5eb80c13b18200fc79 # v2.4.0
127127
with:
128128
cluster-name: k3s-default
129129
k3d-version: v5.8.3

.github/workflows/sbom.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
uses: IAreKyleW00t/crane-installer@f693de8b27d89e6e9b3352a6d762a2a6db5869da # v4.0.4
3636

3737
- name: Login to GitHub Container Registry
38-
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
38+
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
3939
with:
4040
registry: ghcr.io
4141
username: ${{ github.repository_owner }}

.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
steps:
3434
- name: "Checkout code"
35-
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
35+
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
3636
with:
3737
persist-credentials: false
3838

.github/workflows/sign-image.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ jobs:
2525
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
2626

2727
- name: Login to GitHub Container Registry
28-
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
28+
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
2929
with:
3030
registry: ghcr.io
3131
username: ${{ github.repository_owner }}

images/downloader/Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
FROM alpine:3.22.2
1+
FROM alpine:3.22.2@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412
22

33
RUN apk add --no-cache curl bash tar
44
COPY download_shim.sh /download_shim.sh

0 commit comments

Comments
 (0)