Skip to content

E
ethereum-package
Commit fd1e2629 authored by Rafael Matias's avatar Rafael Matias Committed by GitHub
Browse files
Options

chore(ci): update GitHub Actions to use pinned hashes (#921) 

This PR updates GitHub Actions to use pinned commit hashes for better
security.
parent a9058f54
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 18 deletions
.github/actions/docker-login/action.yaml
View file @ fd1e2629
...@@ -24,7 +24,7 @@ runs: ...@@ -24,7 +24,7 @@ runs:
- name: Login to Docker Hub - name: Login to Docker Hub
if: env.AUTH_EXISTS == 'true' if: env.AUTH_EXISTS == 'true'
uses: docker/login-action@v3 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with: with:
username: ${{ inputs.username }} username: ${{ inputs.username }}
password: ${{ inputs.password }} password: ${{ inputs.password }}
......
.github/workflows/check-typos.yml
View file @ fd1e2629
...@@ -10,7 +10,7 @@ jobs: ...@@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Check for typos - name: Check for typos
uses: crate-ci/typos@11ca4583f2f3f74c7e7785c0ecb20fe2c99a4308 # v1.29.5 uses: crate-ci/typos@11ca4583f2f3f74c7e7785c0ecb20fe2c99a4308 # v1.29.5
.github/workflows/conventional-pr-title-checker.yml
View file @ fd1e2629
...@@ -17,6 +17,6 @@ jobs: ...@@ -17,6 +17,6 @@ jobs:
title_check: title_check:
runs-on: self-hosted-ghr-size-s-x64 runs-on: self-hosted-ghr-size-s-x64
steps: steps:
- uses: amannn/action-semantic-pull-request@v5 - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
.github/workflows/nightly.yml
View file @ fd1e2629
...@@ -11,7 +11,7 @@ jobs: ...@@ -11,7 +11,7 @@ jobs:
outputs: outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }} matrix: ${{ steps.set-matrix.outputs.matrix }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- id: set-matrix - id: set-matrix
# List all yaml files in the .github/tests directory, except for the k8s.yaml file # List all yaml files in the .github/tests directory, except for the k8s.yaml file
run: echo "matrix=$(ls ./.github/tests/*.yaml | grep -vE 'k8s.yaml$' | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT run: echo "matrix=$(ls ./.github/tests/*.yaml | grep -vE 'k8s.yaml$' | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
...@@ -25,7 +25,7 @@ jobs: ...@@ -25,7 +25,7 @@ jobs:
continue-on-error: true continue-on-error: true
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/docker-login - uses: ./.github/actions/docker-login
with: with:
username: ethpandaops username: ethpandaops
...@@ -54,7 +54,7 @@ jobs: ...@@ -54,7 +54,7 @@ jobs:
- name: Notify - name: Notify
if: (cancelled() || failure()) && env.discord_webhook_set == 'true' if: (cancelled() || failure()) && env.discord_webhook_set == 'true'
uses: nobrayner/discord-webhook@v1 uses: nobrayner/discord-webhook@2f38abc8877c7e8d2b0ded0cfd9599632014279f # v1
with: with:
description: "The nightly test for ${{matrix.file_name}} on ethereum-package has failed find it here ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" description: "The nightly test for ${{matrix.file_name}} on ethereum-package has failed find it here ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
github-token: ${{ secrets.github_token }} github-token: ${{ secrets.github_token }}
...@@ -64,13 +64,13 @@ jobs: ...@@ -64,13 +64,13 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/docker-login - uses: ./.github/actions/docker-login
with: with:
username: ethpandaops username: ethpandaops
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Kurtosis Assertoor GitHub Action - name: Kurtosis Assertoor GitHub Action
uses: ethpandaops/kurtosis-assertoor-github-action@v1 uses: ethpandaops/kurtosis-assertoor-github-action@5932604b244dbd2ddb811516b516a9094f4d2c2f # v1
with: with:
kurtosis_extra_args: "--image-download always --non-blocking-tasks --verbosity DETAILED" kurtosis_extra_args: "--image-download always --non-blocking-tasks --verbosity DETAILED"
ethereum_package_branch: "" ethereum_package_branch: ""
......
.github/workflows/per-pr.yml
View file @ fd1e2629
...@@ -12,7 +12,7 @@ jobs: ...@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/docker-login - uses: ./.github/actions/docker-login
with: with:
username: ethpandaops username: ethpandaops
...@@ -39,7 +39,7 @@ jobs: ...@@ -39,7 +39,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/docker-login - uses: ./.github/actions/docker-login
with: with:
username: ethpandaops username: ethpandaops
...@@ -54,7 +54,7 @@ jobs: ...@@ -54,7 +54,7 @@ jobs:
runs-on: self-hosted-ghr-size-s-x64 runs-on: self-hosted-ghr-size-s-x64
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Kurtosis - name: Setup Kurtosis
uses: ./.github/actions/kurtosis-install uses: ./.github/actions/kurtosis-install
- name: Kurtosis Lint - name: Kurtosis Lint
...@@ -65,13 +65,13 @@ jobs: ...@@ -65,13 +65,13 @@ jobs:
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- uses: ./.github/actions/docker-login - uses: ./.github/actions/docker-login
with: with:
username: ethpandaops username: ethpandaops
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Kurtosis Assertoor GitHub Action - name: Kurtosis Assertoor GitHub Action
uses: ethpandaops/kurtosis-assertoor-github-action@v1 uses: ethpandaops/kurtosis-assertoor-github-action@5932604b244dbd2ddb811516b516a9094f4d2c2f # v1
with: with:
ethereum_package_url: "." ethereum_package_url: "."
ethereum_package_branch: "" ethereum_package_branch: ""
...@@ -80,7 +80,7 @@ jobs: ...@@ -80,7 +80,7 @@ jobs:
# runs-on: ubuntu-latest # runs-on: ubuntu-latest
# steps: # steps:
# - name: Checkout Repository # - name: Checkout Repository
# uses: actions/checkout@v4 # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
# - name: Setup Kurtosis # - name: Setup Kurtosis
# uses: ./.github/actions/kurtosis-install # uses: ./.github/actions/kurtosis-install
# - name: Run L1 # - name: Run L1
......
.github/workflows/run-k8s.yml
View file @ fd1e2629
...@@ -20,11 +20,11 @@ jobs: ...@@ -20,11 +20,11 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v4 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup minikube - name: Setup minikube
id: minikube id: minikube
uses: medyagh/setup-minikube@latest uses: medyagh/setup-minikube@cea33675329b799adccc9526aa5daccc26cd5052 # latest
- name: Get kubeconfig - name: Get kubeconfig
id: kubeconfig id: kubeconfig
...@@ -36,7 +36,7 @@ jobs: ...@@ -36,7 +36,7 @@ jobs:
# run kurtosis test and assertoor # run kurtosis test and assertoor
- name: Run kurtosis testnet - name: Run kurtosis testnet
id: testnet id: testnet
uses: ethpandaops/kurtosis-assertoor-github-action@v1 uses: ethpandaops/kurtosis-assertoor-github-action@5932604b244dbd2ddb811516b516a9094f4d2c2f # v1
with: with:
kurtosis_extra_args: "--image-download always --non-blocking-tasks --verbosity DETAILED" kurtosis_extra_args: "--image-download always --non-blocking-tasks --verbosity DETAILED"
kurtosis_backend: "kubernetes" kurtosis_backend: "kubernetes"
...@@ -62,7 +62,7 @@ jobs: ...@@ -62,7 +62,7 @@ jobs:
- name: Notify - name: Notify
if: (cancelled() || failure()) && env.discord_webhook_set == 'true' if: (cancelled() || failure()) && env.discord_webhook_set == 'true'
uses: Ilshidur/action-discord@master uses: Ilshidur/action-discord@08d9328877d6954120eef2b07abbc79249bb6210 # master
env: env:
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
with: with:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment