mc-in-work/PrismLauncher
1
0
Fork 0
mirror of https://github.com/PrismLauncher/PrismLauncher.git synced 2026-06-30 18:36:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

ci: pin actions versions with hashes

Browse source 
Signed-off-by: mdevolde <martin.devolder2@gmail.com>
This commit is contained in:
mdevolde 2026-06-03 22:24:58 +02:00
parent bf8d1ca1f8
commit bd2cf76f55
16 changed files with 49 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/backport.yml vendored
View file

@ -20,11 +20,11 @@ jobs:
if: github.repository_owner == 'PrismLauncher' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-slim
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Create backport PRs
uses: korthout/backport-action@v4.5
uses: korthout/backport-action@66065406958f46e82238fd59546f5a99e69e22aa #v4.5.2
with:
# Config README: https://github.com/korthout/backport-action#backport-action
pull_description: |-

2
.github/workflows/blocked-prs.yml vendored
View file

@ -24,7 +24,7 @@ jobs:
steps:
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v3
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
app-id: ${{ vars.PULL_REQUEST_APP_ID }}
private-key: ${{ secrets.PULL_REQUEST_APP_PRIVATE_KEY }}

2
.github/workflows/build.yml vendored
View file

@ -104,7 +104,7 @@ jobs:
##
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
submodules: true

4
.github/workflows/clang-tidy.yml vendored
View file

@ -23,13 +23,13 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
fetch-depth: 0 # Required for diffing later on
submodules: "true"
- name: Install Nix
uses: cachix/install-nix-action@v31
uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6
- name: Run source generators
# TODO(@getchoo): Figure out how to make this work with PCH

6
.github/workflows/codeql.yml vendored
View file

@ -22,12 +22,12 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
submodules: "true"
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
with:
config-file: ./.github/codeql/codeql-config.yml
queries: security-and-quality
@ -49,4 +49,4 @@ jobs:
ctest --preset linux --build-config Debug --extra-verbose --output-on-failure
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1

22
.github/workflows/container.yml vendored
View file

@ -44,18 +44,18 @@ jobs:
echo "image-name=${REGISTRY}/${GITHUB_REPOSITORY_OWNER,,}/devcontainer" >> "$GITHUB_OUTPUT"
- name: Install Podman
uses: redhat-actions/podman-install@main
uses: redhat-actions/podman-install@aea6ff44f2a4a82da13d22061ce73443a125925d # commit-aea6ff4
# TODO(@getchoo): Always use this when the action properly supports ARM
if: ${{ runner.arch == 'X64' || runner.arch == 'X86' }}
with:
github-token: ${{ github.token }}
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Determine metadata for image
id: image-metadata
uses: docker/metadata-action@v6
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
with:
images: |
${{ steps.image-name.outputs.image-name }}
@ -71,7 +71,7 @@ jobs:
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@v2
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
containerfiles: |
./Containerfile
@ -81,7 +81,7 @@ jobs:
- name: Push image
id: push-image
if: ${{ github.event_name != 'pull_request' }}
uses: redhat-actions/push-to-registry@v2
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
with:
tags: ${{ steps.build-image.outputs.tags }}
username: ${{ github.repository_owner }}
@ -98,7 +98,7 @@ jobs:
- name: Upload digest artifact
if: ${{ github.event_name != 'pull_request' }}
uses: actions/upload-artifact@v7
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: digests-${{ matrix.arch }}
path: ${{ runner.temp }}/digests/*
@ -119,7 +119,7 @@ jobs:
steps:
- name: Download digests
uses: actions/download-artifact@v8
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
@ -128,12 +128,12 @@ jobs:
- name: Install Podman
# TODO(@getchoo): Always use this when the action properly supports ARM
if: ${{ runner.arch == 'X64' || runner.arch == 'X86' }}
uses: redhat-actions/podman-install@main
uses: redhat-actions/podman-install@aea6ff44f2a4a82da13d22061ce73443a125925d # commit-aea6ff4
with:
github-token: ${{ github.token }}
- name: Login to registry
uses: redhat-actions/podman-login@v1
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
@ -141,7 +141,7 @@ jobs:
- name: Determine metadata for manifest
id: manifest-metadata
uses: docker/metadata-action@v6
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
with:
images: |
${{ needs.build.outputs.image-name }}
@ -166,7 +166,7 @@ jobs:
done <<< "$DOCKER_METADATA_OUTPUT_TAGS"
- name: Push manifest
uses: redhat-actions/push-to-registry@v2
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
with:
tags: ${{ steps.manifest-metadata.outputs.tags }}
username: ${{ github.repository_owner }}

2
.github/workflows/merge-blocking-pr.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
steps:
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v3
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
app-id: ${{ vars.PULL_REQUEST_APP_ID }}
private-key: ${{ secrets.PULL_REQUEST_APP_PRIVATE_KEY }}

8
.github/workflows/nix.yml vendored
View file

@ -95,15 +95,15 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Install Nix
uses: cachix/install-nix-action@v31
uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6
# For PRs
- name: Setup Nix Magic Cache
if: ${{ github.event_name == 'pull_request' }}
uses: DeterminateSystems/magic-nix-cache-action@v14
uses: DeterminateSystems/magic-nix-cache-action@908b263ff629f4cc17666315b7fd3ec127c6244d # v14
with:
diagnostic-endpoint: ""
use-flakehub: false
@ -111,7 +111,7 @@ jobs:
# For in-tree builds
- name: Setup Cachix
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
uses: cachix/cachix-action@v17
uses: cachix/cachix-action@5f2d7c5294214f71b873db4b969586b980625e71 # v17
with:
name: prismlauncher
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

2
.github/workflows/publish.yml vendored
View file

@ -17,7 +17,7 @@ jobs:
steps:
- name: Publish on Winget
uses: vedantmgoyal2009/winget-releaser@v2
uses: vedantmgoyal2009/winget-releaser@4ffc7888bffd451b357355dc214d43bb9f23917e # v2
with:
identifier: PrismLauncher.PrismLauncher
version: ${{ github.event.release.tag_name }}

6
.github/workflows/release.yml vendored
View file

@ -31,12 +31,12 @@ jobs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
submodules: "true"
path: "PrismLauncher-source"
- name: Download artifacts
uses: actions/download-artifact@v8
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
- name: Grab and store version
run: |
tag_name=$(echo ${{ github.ref }} | grep -oE "[^/]+$")
@ -94,7 +94,7 @@ jobs:
- name: Create release
id: create_release
uses: softprops/action-gh-release@v3
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: ${{ github.ref }}

6
.github/workflows/update-flake.yml vendored
View file

@ -19,10 +19,10 @@ jobs:
runs-on: ubuntu-slim
steps:
- uses: actions/checkout@v6
- uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31.10.6
- uses: DeterminateSystems/update-flake-lock@v28
- uses: DeterminateSystems/update-flake-lock@834c491b2ece4de0bbd00d85214bb5e83b4da5c6 # v28
with:
commit-msg: "chore(nix): update lockfile"
pr-title: "chore(nix): update lockfile"