Skip to content

Commit

Permalink
Pinned GitHub actions by SHA
Browse files Browse the repository at this point in the history 
- Pinned GitHub actions by SHA
https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies
  • Loading branch information
@naveensrinivasan
naveensrinivasan committed Mar 7, 2022
1 parent 3296225 commit 5c8e5d1
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 12 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/images.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ jobs:
release-tag: latest

steps:
- uses: actions/checkout@v3
- uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415 # v3

# Setup auth if not a PR.
- if: github.event_name != 'pull_request'
uses: google-github-actions/setup-gcloud@v0.5.0
uses: google-github-actions/setup-gcloud@37a9333538a8350a13fe9d8fa03e0d4742a1ad2e # v0.5.0
with:
service_account_key: ${{ secrets.GCR_DEVOPS_SERVICE_ACCOUNT_KEY }}
project_id: kaniko-project
Expand All @@ -73,11 +73,11 @@ jobs:
run: gcloud auth configure-docker

# Build and push with Docker.
- uses: docker/setup-qemu-action@v1
- uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1
with:
platforms: ${{ matrix.platforms }}
- uses: docker/setup-buildx-action@v1
- uses: docker/build-push-action@v2
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1
- uses: docker/build-push-action@7f9d37fa544684fb73bfe4835ed7214c255ce02b # v2
id: build-and-push
with:
context: .
Expand All @@ -91,7 +91,7 @@ jobs:

# Sign images if not a PR.
- if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@b4f55743d10d066fee1de1cf0fa26069700c0195 # main
with:
cosign-release: 'v1.4.1'
- if: github.event_name != 'pull_request'
Expand All @@ -105,7 +105,7 @@ jobs:
# If a tag push, use crane to add more tags.
- if: startsWith(github.ref, 'refs/tags/v')
uses: imjasonh/setup-crane@v0.1
uses: imjasonh/setup-crane@5146f708a817ea23476677995bf2133943b9be0b # v0.1
- if: startsWith(github.ref, 'refs/tags/v')
name: Apply release tags
run: |
Expand Down
9 changes: 6 additions & 3 deletions .github/workflows/integration-tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ on:
pull_request:
branches: ['main']

permissions:
contents: read

jobs:
tests:
runs-on: ubuntu-latest
Expand All @@ -22,11 +25,11 @@ jobs:
- k8s-executor-build-push integration-test-k8s

steps:
- uses: actions/setup-go@v2
- uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2
with:
go-version: 1.17
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v1
- uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415 # v3
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1

- run: make install-container-diff minikube-setup
- run: make ${{ matrix.make-target }}
7 changes: 5 additions & 2 deletions .github/workflows/unit-tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,16 @@ on:
pull_request:
branches: ['main']

permissions:
contents: read

jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v2
- uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2
with:
go-version: 1.17
- uses: actions/checkout@v3
- uses: actions/checkout@b0e28b5ac45a892f91e7d036f8200cf5ed489415 # v3

- run: make test

0 comments on commit 5c8e5d1

Please sign in to comment.