diff --git a/.github/workflows/build-utility-packages.yml b/.github/workflows/build-utility-packages.yml index 7645df7..7ffaa04 100644 --- a/.github/workflows/build-utility-packages.yml +++ b/.github/workflows/build-utility-packages.yml @@ -35,7 +35,7 @@ jobs: windows-cache-exists: ${{ steps.inspect.outputs.windows-cache-exists }} steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Gather information @@ -69,10 +69,10 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_macos_binary_signer; kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_windows_signer; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go if: needs.info.outputs.unsigned-cache-exists != 'true' - uses: actions/setup-go@v3 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: go.mod - name: Build utility binaries @@ -118,14 +118,14 @@ jobs: contents: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Fetch binaries run: ./.ci/restore-cache "${CACHE_ID}" ./bin env: CACHE_ID: ${{ needs.info.outputs.signed-cache-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload for Windows - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: windows-binary path: ./bin @@ -138,14 +138,14 @@ jobs: contents: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Fetch binaries run: ./.ci/restore-cache "${CACHE_ID}" ./bin env: CACHE_ID: ${{ needs.info.outputs.signed-cache-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0 with: ruby-version: 3.1 bundler-cache: true @@ -175,7 +175,7 @@ jobs: contents: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Upgrade bash run: brew install bash - name: Fetch binaries @@ -193,7 +193,7 @@ jobs: env: CORE_PKG: ${{ steps.build-core.outputs.core-path }} - name: Upload core package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: corepkg-unsigned path: ./corepkg @@ -222,9 +222,9 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_client_secret; kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_macos_installer_signer; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Download unsigned core package - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: corepkg-unsigned path: ./corepkg @@ -236,7 +236,7 @@ jobs: SIGNORE_CLIENT_ID: ${{ steps.secrets.outputs.signore_client_id }} SIGNORE_CLIENT_SECRET: ${{ steps.secrets.outputs.signore_client_secret }} - name: Upload signed core package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: corepkg-signed path: ./corepkg @@ -247,7 +247,7 @@ jobs: needs: [info, sign-macos-corepkg] steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Upgrade bash run: brew install bash - name: Fetch binaries @@ -256,7 +256,7 @@ jobs: CACHE_ID: ${{ needs.info.outputs.signed-cache-id }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Download signed core package - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: corepkg-signed path: ./corepkg @@ -270,7 +270,7 @@ jobs: env: FULL_PKG: ${{ steps.build-full.outputs.full-path }} - name: Upload full package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: fullpkg-unsigned path: ./fullpkg @@ -299,9 +299,9 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_client_secret; kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_macos_installer_signer; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Download unsigned full package - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: fullpkg-unsigned path: ./fullpkg @@ -313,7 +313,7 @@ jobs: SIGNORE_CLIENT_ID: ${{ steps.secrets.outputs.signore_client_id }} SIGNORE_CLIENT_SECRET: ${{ steps.secrets.outputs.signore_client_secret }} - name: Upload signed full package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: fullpkg-signed path: ./fullpkg @@ -324,11 +324,11 @@ jobs: needs: [info, sign-macos-fullpkg] steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Upgrade bash run: brew install bash - name: Download signed full package - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: fullpkg-signed path: ./fullpkg @@ -342,7 +342,7 @@ jobs: env: DMG: ${{ steps.build-dmg.outputs.dmg-path }} - name: Upload DMG - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: dmg-unsigned path: ./dmg @@ -372,9 +372,9 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_client_secret; kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_macos_binary_signer; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Download unsigned DMG - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: dmg-unsigned path: ./dmg @@ -403,9 +403,9 @@ jobs: contents: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Fetch utility binary - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: windows-binary path: ./bin @@ -414,7 +414,7 @@ jobs: env: UTILITY_VERSION: ${{ needs.info.outputs.utility-version }} - name: Upload unsigned artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: windows-unsigned-msi path: ./pkg @@ -443,9 +443,9 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_client_secret; kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_windows_signer; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Fetch MSI - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: windows-unsigned-msi path: ./pkg diff --git a/.github/workflows/code.yaml b/.github/workflows/code.yaml index cef9d5a..b969f18 100644 --- a/.github/workflows/code.yaml +++ b/.github/workflows/code.yaml @@ -28,7 +28,7 @@ jobs: secrets: kv/data/github/hashicorp/vagrant-vmware-desktop-builder vagrant_vmware_desktop_repo_token; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false fetch-depth: 0 @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/plugin-release-hashigems.yml b/.github/workflows/plugin-release-hashigems.yml index 8493e72..ce5d296 100644 --- a/.github/workflows/plugin-release-hashigems.yml +++ b/.github/workflows/plugin-release-hashigems.yml @@ -13,7 +13,7 @@ jobs: id-token: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: token: ${{ secrets.GITHUB_TOKEN }} # set this so we can delete the branch - name: Fetch Release RubyGem diff --git a/.github/workflows/plugin-release.yml b/.github/workflows/plugin-release.yml index 94a0389..3b98d51 100644 --- a/.github/workflows/plugin-release.yml +++ b/.github/workflows/plugin-release.yml @@ -27,7 +27,7 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder vagrant_vmware_desktop_builder_repo_token; kv/data/github/hashicorp/vagrant-vmware-desktop-builder vagrant_vmware_desktop_repo_token; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: # NOTE: This is set so we can push the publish branch # for the hashigems workflow. A custom token is diff --git a/.github/workflows/prune.yml b/.github/workflows/prune.yml index 8e38503..aacc8d9 100644 --- a/.github/workflows/prune.yml +++ b/.github/workflows/prune.yml @@ -11,7 +11,7 @@ jobs: contents: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Prune any drafts older than 20 days run: . ./.ci/load-ci.sh && github_draft_release_prune "20" env: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0af3bc9..6710ed3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,9 +22,9 @@ jobs: name: Vagrant VMware Plugin unit tests on Ruby ${{ matrix.ruby }} steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0 with: ruby-version: ${{matrix.ruby}} bundler-cache: true diff --git a/.github/workflows/utility-binaries-build.yml b/.github/workflows/utility-binaries-build.yml index 81fbfb7..b4621b6 100644 --- a/.github/workflows/utility-binaries-build.yml +++ b/.github/workflows/utility-binaries-build.yml @@ -15,9 +15,9 @@ jobs: contents: write steps: - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: go.mod - name: Get info diff --git a/.github/workflows/utility-prerelease.yml b/.github/workflows/utility-prerelease.yml index d4285a4..6d2ee20 100644 --- a/.github/workflows/utility-prerelease.yml +++ b/.github/workflows/utility-prerelease.yml @@ -32,7 +32,7 @@ jobs: secrets: kv/data/github/hashicorp/vagrant-vmware-desktop-builder vagrant_vmware_desktop_repo_token; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Gather information id: inspect run: ./.ci/utility-pkgs-information @@ -70,7 +70,7 @@ jobs: secrets: kv/data/github/hashicorp/vagrant-vmware-desktop-builder vagrant_vmware_desktop_repo_token; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Fetch linux packages run: ./.ci/restore-cache "${CACHE_ID}" ./pkg env: diff --git a/.github/workflows/utility-release.yml b/.github/workflows/utility-release.yml index 6ff65a2..6f4a6d6 100644 --- a/.github/workflows/utility-release.yml +++ b/.github/workflows/utility-release.yml @@ -45,7 +45,7 @@ jobs: kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_client_secret; kv/data/github/hashicorp/vagrant-vmware-desktop-builder signore_gpg_signer; - name: Code Checkout - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Fetch linux packages run: ./.ci/restore-cache "${CACHE_ID}" ./pkg env: