diff --git a/.github/actions/install-cache/action.yml b/.github/actions/install-cache/action.yml index 713064247..5aaa05ac9 100644 --- a/.github/actions/install-cache/action.yml +++ b/.github/actions/install-cache/action.yml @@ -6,9 +6,9 @@ runs: using: 'composite' steps: - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae id: cache # Using the native `setup-python` `cache` interface only caches dependencies # as opposed to the build itself. diff --git a/.github/actions/publish-image/action.yml b/.github/actions/publish-image/action.yml index 1077f23f0..ca17ebe71 100644 --- a/.github/actions/publish-image/action.yml +++ b/.github/actions/publish-image/action.yml @@ -20,23 +20,23 @@ runs: using: 'composite' steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@99214aa6889fcddfa57764031d71add364327e59 with: role-to-assume: ${{ inputs.role-to-assume }} aws-region: ${{ env.AWS_REGION }} - name: Login to Amazon ECR id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 + uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 - name: Build, tag, and push image to AWS ECR env: diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index cb4ea6324..3ed4cb4d5 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd with: fetch-depth: 0 @@ -45,7 +45,7 @@ jobs: needs: [secret-scan] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache ############################################################################### @@ -57,11 +57,11 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Install uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b - name: Scan dependencies run: | @@ -73,7 +73,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Scan for vulnerabilities @@ -90,7 +90,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run linters @@ -107,7 +107,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Check architectural constraints @@ -124,7 +124,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run unit tests @@ -141,7 +141,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run integration tests @@ -158,7 +158,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run system tests @@ -175,7 +175,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Run migration tests @@ -192,7 +192,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - uses: ./.github/actions/install-cache - name: Evaluate test coverage @@ -209,7 +209,7 @@ jobs: needs: [build] runs-on: ubuntu-22.04-arm steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build main API Docker image run: docker build -t be-main-test -f Dockerfile . @@ -278,7 +278,7 @@ jobs: if: ${{ github.ref == 'refs/heads/main' }} steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build and publish docker image uses: ./.github/actions/publish-image with: @@ -306,7 +306,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Build and publish docker image uses: ./.github/actions/publish-image with: @@ -328,11 +328,11 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Generate ephemeral deployment token id: generate-deployment-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 with: app-id: ${{ secrets.DEPLOYMENT_TOKEN_FACTORY_APP_ID }} private-key: ${{ secrets.DEPLOYMENT_TOKEN_FACTORY_PRIVATE_KEY }}