-
Notifications
You must be signed in to change notification settings - Fork 485
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pin scorecard workflow depepdencies by hash (#456)
- Loading branch information
1 parent
6437c93
commit 6367cc4
Showing
8 changed files
with
24 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,11 +49,11 @@ jobs: | |
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/[email protected] | ||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v1 | ||
uses: github/codeql-action/init@cb5810848de15b695cd9ef3b559dd178c43c7df3 # v1 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
|
@@ -64,7 +64,7 @@ jobs: | |
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v1 | ||
uses: github/codeql-action/autobuild@cb5810848de15b695cd9ef3b559dd178c43c7df3 # v1 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 https://git.io/JvXDl | ||
|
@@ -78,4 +78,4 @@ jobs: | |
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v1 | ||
uses: github/codeql-action/analyze@cb5810848de15b695cd9ef3b559dd178c43c7df3 # v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,7 +33,7 @@ jobs: | |
if: github.event_name == 'push' | ||
|
||
steps: | ||
- uses: actions/[email protected] | ||
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
|
||
- name: Build image | ||
run: DOCKER_BUILDKIT=1 docker build . --file ./gitcache/Dockerfile --tag $IMAGE_NAME | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,24 +25,24 @@ jobs: | |
steps: | ||
- | ||
name: Checkout | ||
uses: actions/[email protected] | ||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
with: | ||
fetch-depth: 0 | ||
- | ||
name: Set up Go | ||
uses: actions/setup-go@v2 | ||
uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3 | ||
with: | ||
go-version: 1.16 | ||
- | ||
name: Import GPG key | ||
id: import_gpg | ||
uses: crazy-max/ghaction-import-gpg@v3 | ||
uses: crazy-max/ghaction-import-gpg@b0793c0060c97f4ef0efbac949d476c6499b7775 # v3.1.0 | ||
with: | ||
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} | ||
passphrase: ${{ secrets.PASSPHRASE }} | ||
- | ||
name: Run GoReleaser | ||
uses: goreleaser/[email protected] | ||
uses: goreleaser/goreleaser-action@5e15885530fb01d81d1f24e8a6f54ebbd0fed7eb # v2.5.0 | ||
with: | ||
version: latest | ||
args: release --rm-dist | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -50,22 +50,21 @@ jobs: | |
- name: pull_request actions/checkout | ||
if: github.event_name == 'pull_request' | ||
uses: actions/[email protected] | ||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
|
||
- name: pull_request actions/checkout | ||
if: github.event_name == 'repository_dispatch' | ||
uses: actions/[email protected] | ||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
with: | ||
ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' | ||
|
||
- name: setup-go | ||
uses: actions/setup-go@v2 | ||
uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3 | ||
with: | ||
go-version: '1.16' | ||
|
||
- name: Set up Cloud SDK | ||
# https://github.com/google-github-actions/setup-gcloud/releases/tag/v0.2.1 | ||
uses: google-github-actions/setup-gcloud@daadedc81d5f9d3c06d2c92f49202a3cc2b919ba | ||
uses: google-github-actions/setup-gcloud@daadedc81d5f9d3c06d2c92f49202a3cc2b919ba # v0.2.1 | ||
with: | ||
project_id: ${{ secrets.GCP_PROJECT_ID }} | ||
service_account_key: ${{ secrets.GCRTOKEN }} | ||
|
@@ -110,7 +109,7 @@ jobs: | |
- name: find comment | ||
if: ${{ always() }} | ||
uses: peter-evans/[email protected] | ||
uses: peter-evans/find-comment@309ce798ba1c3627e3809dd68c694a29ef048fe2 # v1.2.0 | ||
id: fc | ||
with: | ||
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }} | ||
|
@@ -119,15 +118,15 @@ jobs: | |
|
||
- name: create or update comment | ||
if: (${{ always() }}) | ||
uses: peter-evans/[email protected] | ||
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5 | ||
with: | ||
issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }} | ||
comment-id: ${{ steps.fc.outputs.comment-id }} | ||
body: | | ||
Integration tests ${{ job.status }} for [${{ github.event.client_payload.slash_command.args.named.sha || github.event.pull_request.head.sha }}](https://github.com/ossf/scorecard/actions/runs/${{ github.run_id }}) | ||
- name: set fork job status | ||
uses: actions/[email protected] | ||
uses: actions/github-script@a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 # v4.0.2 | ||
if: ${{ always() }} | ||
id: update-check-run | ||
env: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,24 +22,24 @@ jobs: | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | ||
steps: | ||
- name: Clone the code | ||
uses: actions/[email protected] | ||
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Setup Go | ||
uses: actions/setup-go@v2 | ||
uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3 | ||
with: | ||
go-version: '^1.16' | ||
- name: Run presubmit tests | ||
run: make all | ||
- uses: codecov/[email protected] | ||
- uses: codecov/codecov-action@a1ed4b322b4b38cb846afb5a0ebfa17086917d27 # v1.5.0 | ||
with: | ||
files: e2e/e2e.coverprofile,pkg/pkg.coverprofile,checks/checks.coverprofile | ||
license-check: | ||
name: license boilerplate check | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/[email protected] | ||
- uses: actions/setup-go@v2 | ||
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 | ||
- uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 # v2.1.3 | ||
with: | ||
go-version: '1.16' | ||
- name: Install addlicense | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,7 +26,7 @@ jobs: | |
if: ${{ github.event.issue.pull_request }} | ||
steps: | ||
- name: Slash Command Dispatch | ||
uses: peter-evans/[email protected] | ||
uses: peter-evans/slash-command-dispatch@72ab5a2e417e454aa8e89c43b28e36fe331e00a5 # v2.1.3 | ||
env: | ||
TOKEN: ${{ steps.generate_token.outputs.token }} | ||
with: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,7 +21,7 @@ jobs: | |
stale: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/[email protected] | ||
- uses: actions/stale@3b3c3f03cd4d8e2b61e179ef744a0d20efbe90b4 # v3.0.18 | ||
with: | ||
repo-token: ${{ secrets.GITHUB_TOKEN }} | ||
stale-issue-message: 'Stale issue message' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,6 +23,6 @@ jobs: | |
steps: | ||
- name: Verifier action | ||
id: verifier | ||
uses: kubernetes-sigs/[email protected] | ||
uses: kubernetes-sigs/kubebuilder-release-tools@4777888c377a26956f1831d5b9207eea1fa3bf29 # v0.1.1 | ||
with: | ||
github_token: ${{ secrets.GITHUB_TOKEN }} |