From 696b9b77a4dbc680630a0ba588be0bafee3d66be Mon Sep 17 00:00:00 2001 From: Bruno Silva <73999905+cx-bruno-silva@users.noreply.github.com> Date: Thu, 26 Mar 2026 11:40:37 +0000 Subject: [PATCH] Update github action to use SHA --- .github/workflows/check-go-coverage.yaml | 2 +- .github/workflows/go-ci-coverage.yaml | 6 +++--- .github/workflows/go-ci-metrics.yaml | 4 ++-- .github/workflows/go-e2e-debian.yaml | 4 ++-- .github/workflows/go-e2e.yaml | 4 ++-- .github/workflows/release-commits.yaml | 4 ++-- .github/workflows/release-extract-info.yaml | 4 ++-- .github/workflows/run-projects.yaml | 4 ++-- .github/workflows/sec-checks.yaml | 2 +- .github/workflows/statistics.yaml | 4 ++-- .github/workflows/update-docs-queries.yaml | 2 +- .github/workflows/update-docs-release.yaml | 2 +- .github/workflows/update-install-script.yaml | 2 +- .github/workflows/validate-arm-samples.yaml | 2 +- .github/workflows/validate-issues.yaml | 2 +- .github/workflows/validate-openapi-samples.yaml | 4 ++-- .github/workflows/validate-prs.yaml | 2 +- 17 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml index 97c10395615..8b804995ff8 100644 --- a/.github/workflows/check-go-coverage.yaml +++ b/.github/workflows/check-go-coverage.yaml @@ -17,7 +17,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version-file: go.mod - name: Run test metrics script diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml index 50e7ff3f7fc..b01e2c532c1 100644 --- a/.github/workflows/go-ci-coverage.yaml +++ b/.github/workflows/go-ci-coverage.yaml @@ -18,7 +18,7 @@ jobs: with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version-file: go.mod - name: Run test metrics script @@ -55,12 +55,12 @@ jobs: git config --global user.name "KICSBot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Download Coverage Report - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 with: name: ${{ runner.os }}-coverage-latest path: latest-coverage - name: Download Badge svg - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 with: name: ${{ runner.os }}-badge-latest path: latest-coverage diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml index ea3c60be89d..4196a5d5e50 100644 --- a/.github/workflows/go-ci-metrics.yaml +++ b/.github/workflows/go-ci-metrics.yaml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout Source uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Run test metrics script @@ -44,7 +44,7 @@ jobs: git config --global user.name "KICSBot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Download Queries Badge SVG - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 with: name: ${{ runner.os }}-queries-badge-latest path: latest-metrics diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml index beb10b18c45..9c488724db0 100644 --- a/.github/workflows/go-e2e-debian.yaml +++ b/.github/workflows/go-e2e-debian.yaml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ matrix.go-version }} - name: Print go env @@ -31,7 +31,7 @@ jobs: - name: Get Modules run: go mod vendor - name: Set up Node v14 - uses: actions/setup-node@v4 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #v6.3.0 with: node-version: "20" - name: Install mock server diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml index 9f9813ae8e2..58ada8e1928 100644 --- a/.github/workflows/go-e2e.yaml +++ b/.github/workflows/go-e2e.yaml @@ -24,7 +24,7 @@ jobs: with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: ${{ matrix.go-version }} - name: Print go env @@ -32,7 +32,7 @@ jobs: - name: Get Modules run: go mod vendor - name: Set up Node v14 - uses: actions/setup-node@v4 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #v6.3.0 with: node-version: "20" - name: Install mock server diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml index e485fab5c45..6b237b25832 100644 --- a/.github/workflows/release-commits.yaml +++ b/.github/workflows/release-commits.yaml @@ -13,10 +13,10 @@ jobs: - name: Checkout Source uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version-file: go.mod - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Run get release commits script diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml index 88bbcc19fe1..423577953a4 100644 --- a/.github/workflows/release-extract-info.yaml +++ b/.github/workflows/release-extract-info.yaml @@ -10,7 +10,7 @@ jobs: steps: - name: Checkout Source uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Run test statistics script @@ -19,7 +19,7 @@ jobs: pip3 install -r .github/scripts/extract-kics-info/requirements.txt python3 .github/scripts/extract-kics-info/extract-info.py - name: Upload binaries to release - uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2 + uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2.11.5 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: .github/scripts/extract-kics-info/extracted-info.zip diff --git a/.github/workflows/run-projects.yaml b/.github/workflows/run-projects.yaml index 99416f9d503..d5f42422a6e 100644 --- a/.github/workflows/run-projects.yaml +++ b/.github/workflows/run-projects.yaml @@ -52,7 +52,7 @@ jobs: cache: false - name: Download kics - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 with: name: kics path: . @@ -62,7 +62,7 @@ jobs: unzip -q kics.zip - name: Download Json - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 with: name: Metadata path: . diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml index 134082417af..01e96978195 100644 --- a/.github/workflows/sec-checks.yaml +++ b/.github/workflows/sec-checks.yaml @@ -138,7 +138,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version: 'stable' - name: Install govulncheck diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml index 6cd139801f9..ed4d7f15256 100644 --- a/.github/workflows/statistics.yaml +++ b/.github/workflows/statistics.yaml @@ -12,7 +12,7 @@ jobs: - name: Checkout Source uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 #v6.3.0 with: go-version-file: go.mod - name: Run test metrics script @@ -28,7 +28,7 @@ jobs: sudo apt-get install cloc GO_LOC=$(cloc . | grep Go | grep -Eo '[0-9]+$') echo "::set-output name=goloc::${GO_LOC}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Run test statistics script diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml index 2f28ccb1f68..1fa55cd7785 100644 --- a/.github/workflows/update-docs-queries.yaml +++ b/.github/workflows/update-docs-queries.yaml @@ -21,7 +21,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Update docs diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml index afa075e4dfe..2955efc1a81 100644 --- a/.github/workflows/update-docs-release.yaml +++ b/.github/workflows/update-docs-release.yaml @@ -32,7 +32,7 @@ jobs: echo "curr tag ${{ steps.version.outputs.ctag }}" echo "prev ver ${{ steps.version.outputs.pversion }}" echo "curr ver ${{ steps.version.outputs.cversion }}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: 3.x - name: Install dependencies diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml index 30a8e40f1bb..0ca5c054c36 100644 --- a/.github/workflows/update-install-script.yaml +++ b/.github/workflows/update-install-script.yaml @@ -30,7 +30,7 @@ jobs: && chmod +x godownloader \ && rm -vf $(basename "${FULL_URL}") \ && cd "${PROJDIR}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml index b97cc29ad0e..6c79d613a6a 100644 --- a/.github/workflows/validate-arm-samples.yaml +++ b/.github/workflows/validate-arm-samples.yaml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #v6.3.0 with: node-version: "20" - name: Installing jsonlint diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml index 976f03c4f50..144a08ff0bb 100644 --- a/.github/workflows/validate-issues.yaml +++ b/.github/workflows/validate-issues.yaml @@ -18,7 +18,7 @@ jobs: .github/scripts/pr-issue-info/get_title_types.py .github/issue-title-types.yaml - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/validate-openapi-samples.yaml b/.github/workflows/validate-openapi-samples.yaml index e6c68a0d0d8..cc62742a142 100644 --- a/.github/workflows/validate-openapi-samples.yaml +++ b/.github/workflows/validate-openapi-samples.yaml @@ -14,7 +14,7 @@ jobs: with: persist-credentials: false - name: yaml-lint - uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1 + uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1 with: file_or_dir: assets/queries/openAPI/ config_file: .github/scripts/samples-linters/yamllint.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f #v6.3.0 with: node-version: '20' - name: Installing jsonlint diff --git a/.github/workflows/validate-prs.yaml b/.github/workflows/validate-prs.yaml index 6eb7c990000..130238291d1 100644 --- a/.github/workflows/validate-prs.yaml +++ b/.github/workflows/validate-prs.yaml @@ -22,7 +22,7 @@ jobs: - name: Print PR Title run: echo "$TITLE" - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 #v6.2.0 with: python-version: "3.x" - name: Install dependencies