diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bdbb9a8..98ff78e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,10 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0ccea17..c94d770 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,11 +35,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@49abf0ba24d0b7953cb586944e918a0b92074c80 # v2 diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index dce8061..1d6a12b 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -14,13 +14,13 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: # ensures we fetch tag history for the repository fetch-depth: 0 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' @@ -40,7 +40,7 @@ jobs: make build-static-ci - name: publish - uses: elgohr/Publish-Docker-Github-Action@v5 + uses: elgohr/Publish-Docker-Github-Action@eb53b3ec07136a6ebaed78d8135806da64f7c7e2 # v5 with: name: target/vela-kaniko cache: true diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 48f4299..1dabbe5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,13 +13,13 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: # ensures we fetch tag history for the repository fetch-depth: 0 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' @@ -34,7 +34,7 @@ jobs: make build-static-ci - name: publish - uses: elgohr/Publish-Docker-Github-Action@v5 + uses: elgohr/Publish-Docker-Github-Action@eb53b3ec07136a6ebaed78d8135806da64f7c7e2 # v5 with: name: target/vela-kaniko cache: true diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml index 0a0027c..a7f4d56 100644 --- a/.github/workflows/reviewdog.yml +++ b/.github/workflows/reviewdog.yml @@ -12,10 +12,10 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' @@ -23,7 +23,7 @@ jobs: check-latest: true - name: golangci-lint - uses: reviewdog/action-golangci-lint@v2 + uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2 with: github_token: ${{ secrets.github_token }} golangci_lint_flags: "--config=.golangci.yml" @@ -36,10 +36,10 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' @@ -47,7 +47,7 @@ jobs: check-latest: true - name: golangci-lint - uses: reviewdog/action-golangci-lint@v2 + uses: reviewdog/action-golangci-lint@94d61e3205b61acf4ddabfeb13c5f8a13eb4167b # v2 with: github_token: ${{ secrets.github_token }} golangci_lint_flags: "--config=.golangci.yml" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f3cf034..6559486 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,10 +13,10 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' @@ -28,7 +28,7 @@ jobs: go test -race -covermode=atomic -coverprofile=coverage.out ./... - name: coverage - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3 with: token: ${{ secrets.CODECOV_TOKEN }} file: coverage.out diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index aaa32bf..203fc7b 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -13,10 +13,10 @@ jobs: steps: - name: clone - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: # use version from go.mod file go-version-file: 'go.mod' diff --git a/Dockerfile b/Dockerfile index bf12fa7..01a8766 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ ## docker build --no-cache --target certs -t vela-kaniko:certs . ## ######################################################################### -FROM alpine as certs +FROM alpine@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 as certs RUN apk add --update --no-cache ca-certificates @@ -12,7 +12,7 @@ RUN apk add --update --no-cache ca-certificates ## docker build --no-cache -t vela-kaniko:local . ## ########################################################## -FROM gcr.io/kaniko-project/executor:v1.11.0-debug +FROM gcr.io/kaniko-project/executor:v1.17.0-debug@sha256:97c78eedb0560b8fcf64900abdb810f84f9882d033421f4aee1e6559f42b7e87 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/Dockerfile.example b/Dockerfile.example index a18a345..0d70a58 100644 --- a/Dockerfile.example +++ b/Dockerfile.example @@ -1,8 +1,8 @@ -FROM alpine as certs +FROM alpine@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 as certs RUN apk add --update --no-cache ca-certificates -FROM alpine +FROM alpine@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/go.mod b/go.mod index 957688b..a57d2c3 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,8 @@ require ( github.com/go-vela/types v0.19.2 github.com/joho/godotenv v1.5.1 github.com/sirupsen/logrus v1.9.3 - github.com/spf13/afero v1.9.5 - github.com/urfave/cli/v2 v2.25.5 + github.com/spf13/afero v1.10.0 + github.com/urfave/cli/v2 v2.25.7 ) require (