From 356382cf8cab01c47ac4c48c7bbad5ed270252b7 Mon Sep 17 00:00:00 2001 From: Oleksander Piskun Date: Tue, 27 Jan 2026 11:44:49 +0200 Subject: [PATCH] fix(CI): pin actions Signed-off-by: Oleksander Piskun --- .github/workflows/publish.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3e6cb2a..92b102c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,14 +19,14 @@ jobs: contents: read steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /tmp/.buildx-cache key: nextcloud-appapi-harp-buildx-${{ github.sha }} @@ -34,7 +34,7 @@ jobs: nextcloud-appapi-harp-buildx- - name: Log in to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -44,7 +44,7 @@ jobs: run: echo ${{ steps.buildx.outputs.platforms }} - name: Build container image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: push: false context: . @@ -56,7 +56,7 @@ jobs: cache-to: type=local,dest=/tmp/.buildx-cache-new - name: Publish container image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 if: github.ref == 'refs/heads/main' || github.event_name == 'release' with: push: true