From 92ca3d899cef36d08ecfe1718321c0f6cfcb5bd3 Mon Sep 17 00:00:00 2001 From: Georges-Antoine Assi Date: Thu, 18 Sep 2025 09:55:02 -0400 Subject: [PATCH] pin docker uses to immutable versions --- .github/workflows/build.yml | 18 +++++++++--------- .github/workflows/i18n.yml | 4 ++-- .github/workflows/pytest.yml | 6 +++--- .github/workflows/test-build.yml | 12 ++++++------ .github/workflows/trunk-check.yml | 4 ++-- .github/workflows/typecheck.yml | 4 ++-- .trunk/setup-ci/action.yaml | 2 +- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e88c39ce9..c3b497f74 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -42,22 +42,22 @@ jobs: run: echo "Triggered by ${{ github.event_name }}" - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3.11.1 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@v3.5.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -65,7 +65,7 @@ jobs: - name: Generate Docker metadata (slim) id: meta-slim - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v5.8.0 with: images: | name=rommapp/romm @@ -85,7 +85,7 @@ jobs: - name: Generate Docker metadata (full) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v5.8.0 with: images: | name=rommapp/romm @@ -106,7 +106,7 @@ jobs: - name: Build slim image id: build-slim - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v6.18.0 with: file: docker/Dockerfile context: . @@ -118,7 +118,7 @@ jobs: - name: Build full image id: build-full - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v6.18.0 with: file: docker/Dockerfile context: . diff --git a/.github/workflows/i18n.yml b/.github/workflows/i18n.yml index f513c62d0..de0a94b82 100644 --- a/.github/workflows/i18n.yml +++ b/.github/workflows/i18n.yml @@ -13,10 +13,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.0 - name: Set up Python 3.13 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6.0.0 with: python-version: "3.13" diff --git a/.github/workflows/pytest.yml b/.github/workflows/pytest.yml index 51c857d23..ba998fdde 100644 --- a/.github/workflows/pytest.yml +++ b/.github/workflows/pytest.yml @@ -31,7 +31,7 @@ jobs: options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3 steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.0 - name: Install mariadb connectors run: | @@ -39,7 +39,7 @@ jobs: sudo apt-get install -y libmariadb3 libmariadb-dev - name: Install uv - uses: astral-sh/setup-uv@v5 + uses: astral-sh/setup-uv@v6.7.0 - name: Install python run: | @@ -62,7 +62,7 @@ jobs: uv run pytest -vv --maxfail=10 --junitxml=pytest-report.xml --cov --cov-report xml:coverage.xml --cov-config=.coveragerc . - name: Publish test results - uses: EnricoMi/publish-unit-test-result-action/linux@v2 + uses: EnricoMi/publish-unit-test-result-action/linux@sha-3a74b29 if: (!cancelled()) with: files: | diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml index f1714fcdc..089585b82 100644 --- a/.github/workflows/test-build.yml +++ b/.github/workflows/test-build.yml @@ -26,26 +26,26 @@ jobs: run: echo "Triggered by ${{ github.event_name }}" - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.0 with: ref: ${{ github.event.inputs.branch }} fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3.11.1 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@v3.5.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Generate Docker metadata id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v5.8.0 with: images: | name=rommapp/romm-testing @@ -54,7 +54,7 @@ jobs: - name: Build full image id: build-full - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v6.18.0 with: file: docker/Dockerfile context: . diff --git a/.github/workflows/trunk-check.yml b/.github/workflows/trunk-check.yml index 033b4bea5..e5c4f8dab 100644 --- a/.github/workflows/trunk-check.yml +++ b/.github/workflows/trunk-check.yml @@ -17,6 +17,6 @@ jobs: contents: read # For repo checkout steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.0 - name: Trunk Check - uses: trunk-io/trunk-action@v1 + uses: trunk-io/trunk-action@v1.2.4 diff --git a/.github/workflows/typecheck.yml b/.github/workflows/typecheck.yml index 4d6bf4e5b..a9a826ce0 100644 --- a/.github/workflows/typecheck.yml +++ b/.github/workflows/typecheck.yml @@ -20,10 +20,10 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.3.0 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v5.0.0 with: node-version: "18" diff --git a/.trunk/setup-ci/action.yaml b/.trunk/setup-ci/action.yaml index b0b37da43..0021cf330 100644 --- a/.trunk/setup-ci/action.yaml +++ b/.trunk/setup-ci/action.yaml @@ -5,7 +5,7 @@ runs: using: composite steps: - name: Setup node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5.0.0 with: node-version: 18