ci: pin actions versions with hashes

Signed-off-by: mdevolde <martin.devolder2@gmail.com>
This commit is contained in:
mdevolde 2026-06-03 22:24:58 +02:00
parent bf8d1ca1f8
commit bd2cf76f55
16 changed files with 49 additions and 49 deletions

View file

@ -44,18 +44,18 @@ jobs:
echo "image-name=${REGISTRY}/${GITHUB_REPOSITORY_OWNER,,}/devcontainer" >> "$GITHUB_OUTPUT"
- name: Install Podman
uses: redhat-actions/podman-install@main
uses: redhat-actions/podman-install@aea6ff44f2a4a82da13d22061ce73443a125925d # commit-aea6ff4
# TODO(@getchoo): Always use this when the action properly supports ARM
if: ${{ runner.arch == 'X64' || runner.arch == 'X86' }}
with:
github-token: ${{ github.token }}
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: Determine metadata for image
id: image-metadata
uses: docker/metadata-action@v6
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
with:
images: |
${{ steps.image-name.outputs.image-name }}
@ -71,7 +71,7 @@ jobs:
- name: Build image
id: build-image
uses: redhat-actions/buildah-build@v2
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
containerfiles: |
./Containerfile
@ -81,7 +81,7 @@ jobs:
- name: Push image
id: push-image
if: ${{ github.event_name != 'pull_request' }}
uses: redhat-actions/push-to-registry@v2
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
with:
tags: ${{ steps.build-image.outputs.tags }}
username: ${{ github.repository_owner }}
@ -98,7 +98,7 @@ jobs:
- name: Upload digest artifact
if: ${{ github.event_name != 'pull_request' }}
uses: actions/upload-artifact@v7
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: digests-${{ matrix.arch }}
path: ${{ runner.temp }}/digests/*
@ -119,7 +119,7 @@ jobs:
steps:
- name: Download digests
uses: actions/download-artifact@v8
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
@ -128,12 +128,12 @@ jobs:
- name: Install Podman
# TODO(@getchoo): Always use this when the action properly supports ARM
if: ${{ runner.arch == 'X64' || runner.arch == 'X86' }}
uses: redhat-actions/podman-install@main
uses: redhat-actions/podman-install@aea6ff44f2a4a82da13d22061ce73443a125925d # commit-aea6ff4
with:
github-token: ${{ github.token }}
- name: Login to registry
uses: redhat-actions/podman-login@v1
uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
@ -141,7 +141,7 @@ jobs:
- name: Determine metadata for manifest
id: manifest-metadata
uses: docker/metadata-action@v6
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
with:
images: |
${{ needs.build.outputs.image-name }}
@ -166,7 +166,7 @@ jobs:
done <<< "$DOCKER_METADATA_OUTPUT_TAGS"
- name: Push manifest
uses: redhat-actions/push-to-registry@v2
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
with:
tags: ${{ steps.manifest-metadata.outputs.tags }}
username: ${{ github.repository_owner }}