From 60efab1e81285bb7800aece469a3bb1d231b7a27 Mon Sep 17 00:00:00 2001 From: cleverchuk Date: Fri, 24 Apr 2026 12:47:08 -0400 Subject: [PATCH] use hashes for github action versions --- .github/workflows/benchmark.yml | 6 +- .github/workflows/codeql.yml | 10 ++-- .github/workflows/lambda-stage.yml | 8 +-- .github/workflows/lambda-test.yml | 4 +- .github/workflows/push.yml | 88 +++++++++++++++--------------- .github/workflows/release.yml | 84 ++++++++++++++-------------- 6 files changed, 100 insertions(+), 100 deletions(-) diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index d85de864..2ec4bc2b 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -17,9 +17,9 @@ jobs: run-overhead-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # check out the branch `benchmark-results` for staging the benchmark data and summary. - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: benchmark-results path: benchmark-results @@ -33,7 +33,7 @@ jobs: # (Check out this document about how to create a PAT: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) run: echo "${{ secrets.GP_TOKEN }}" | docker login ghcr.io -u ${{ secrets.GP_USERNAME }} --password-stdin - name: run tests - uses: gradle/gradle-build-action@v3.5.0 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0 with: arguments: test build-root-directory: benchmark diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 73a1c080..2fad3228 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -49,11 +49,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@65216971a11ded447a6b76263d5a144519e5eee1 # v2.25.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,18 +65,18 @@ jobs: # Autobuild fails so use custom build steps - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@v6 + uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 - name: Build with Gradle run: ./gradlew build -x test - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@65216971a11ded447a6b76263d5a144519e5eee1 # v2.25.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lambda-stage.yml b/.github/workflows/lambda-stage.yml index 57171698..519b43a5 100644 --- a/.github/workflows/lambda-stage.yml +++ b/.github/workflows/lambda-stage.yml @@ -16,16 +16,16 @@ jobs: lambda-publish-stage: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - name: Aws setup - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_LAMBDA_ROLE_STAGE }} aws-region: "us-east-1" @@ -147,7 +147,7 @@ jobs: env: AGENT_VERSION: ${{ steps.set_version.outputs.version }} - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: arns.txt name: arns \ No newline at end of file diff --git a/.github/workflows/lambda-test.yml b/.github/workflows/lambda-test.yml index c5628629..95a5c4e6 100644 --- a/.github/workflows/lambda-test.yml +++ b/.github/workflows/lambda-test.yml @@ -35,7 +35,7 @@ jobs: LAMBDA: "true" OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.OTEL_EXPORTER_OTLP_ENDPOINT }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Free Disk Space before Build run: | @@ -52,7 +52,7 @@ jobs: df -h - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 781d465c..be5a3c55 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -36,15 +36,15 @@ jobs: - maven_snapshot_release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - - uses: aws-actions/configure-aws-credentials@v6 + - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_STAGE }} aws-region: "us-east-1" @@ -102,23 +102,23 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Docker login - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build xk6 image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: long-running-test-arch/xk6 platforms: linux/amd64 @@ -126,7 +126,7 @@ jobs: tags: "ghcr.io/${{github.repository_owner}}/xk6:latest" - name: Build rc image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: long-running-test-arch file: long-running-test-arch/Dockerfile-rc @@ -135,7 +135,7 @@ jobs: tags: "ghcr.io/${{github.repository_owner}}/petclinic:agent-rc" - name: Build stable image - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: long-running-test-arch platforms: linux/amd64 @@ -145,10 +145,10 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -170,10 +170,10 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -199,10 +199,10 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -226,10 +226,10 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -258,7 +258,7 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Free Disk Space before Build run: | @@ -274,7 +274,7 @@ jobs: df -h - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -311,7 +311,7 @@ jobs: cd smoke-tests ./gradlew test --tests "com.solarwinds.SmokeTest" - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: path: smoke-tests/build/reports/tests/test @@ -343,7 +343,7 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Free Disk Space before Build run: | @@ -359,7 +359,7 @@ jobs: df -h - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -396,7 +396,7 @@ jobs: cd smoke-tests ./gradlew test --tests "com.solarwinds.SmokeTestV2" - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: path: smoke-tests/build/reports/tests/test @@ -427,10 +427,10 @@ jobs: needs: - s3-stage-upload steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -442,12 +442,12 @@ jobs: working-directory: benchmark run: ./gradlew test - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: benchmark/results/release/summary.txt name: benchmark-summary - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: path: benchmark/build/reports/tests/test/ @@ -465,16 +465,16 @@ jobs: env: SNAPSHOT_BUILD: true steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@v6 + uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 - name: Set agent version id: set_version @@ -494,10 +494,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -507,20 +507,20 @@ jobs: uses: ./.github/actions/version - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to Docker Hub - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: ${{ vars.DOCKER_SOLARWINDS_ORG_LOGIN }} password: ${{ secrets.ENOPS5919_APM_DOCKER_HUB_CI_OAT }} - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ github.repository_owner }}/autoinstrumentation-java tags: | @@ -533,7 +533,7 @@ jobs: org.opencontainers.image.vendor=SolarWinds Worldwide, LLC - name: Build - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: agent platforms: linux/amd64 @@ -542,13 +542,13 @@ jobs: load: true - name: Login to Docker Hub - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: ${{ vars.ENOPS5919_DOCKER_SCOUT_CI_USER }} password: ${{ secrets.ENOPS5919_DOCKER_SCOUT_CI_PAT }} - name: Analyze for critical and high CVEs -> linux/amd64 - uses: docker/scout-action@v1 + uses: docker/scout-action@bacf462e8d090c09660de30a6ccc718035f961e3 # v1.20.4 with: command: cves image: ${{ steps.meta.outputs.tags[0] }} @@ -556,17 +556,17 @@ jobs: sarif-file: sarif.output.json - name: Upload SARIF result - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@65216971a11ded447a6b76263d5a144519e5eee1 # v2.25.2 with: sarif_file: sarif.output.json duplicate-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -582,6 +582,6 @@ jobs: permissions: actions: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: clean gh cache run: gh cache delete --all || true \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15a08e37..4c0ab0b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,16 +41,16 @@ jobs: if: inputs.run_maven_release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - name: Setup Gradle - uses: gradle/actions/setup-gradle@v6 + uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0 - name: Publish run: ./gradlew publishToSonatype closeAndReleaseSonatypeStagingRepository @@ -67,13 +67,13 @@ jobs: if: inputs.run_github_release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 fetch-tags: true - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -104,10 +104,10 @@ jobs: if: inputs.run_s3_upload runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -116,7 +116,7 @@ jobs: run: ./gradlew clean build -x test - name: Aws setup - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_PROD }} aws-region: "us-east-1" @@ -172,16 +172,16 @@ jobs: if: inputs.run_lambda_publish runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - name: Aws setup - uses: aws-actions/configure-aws-credentials@v6 + uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 with: role-to-assume: ${{ secrets.AWS_LAMBDA_ROLE_PROD }} aws-region: "us-east-1" @@ -269,7 +269,7 @@ jobs: env: AGENT_VERSION: ${{ steps.set_version.outputs.version }} - - uses: actions/upload-artifact@v7 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: arns.txt name: arns @@ -280,16 +280,16 @@ jobs: runs-on: ubuntu-latest environment: production steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' - name: Checkout solarwinds-actions/gha-signing - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: solarwinds-actions/gha-signing token: ${{ secrets.FGPAT_ENOPS_7950_SOLARWINDS_ACTIONS }} @@ -297,7 +297,7 @@ jobs: path: ./.github/actions/gha-signing - name: Azure Login (Federated Identity) - uses: azure/login@v3 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ vars.AZURE_CLIENT_ID }} tenant-id: ${{ vars.AZURE_TENANT_ID }} @@ -354,10 +354,10 @@ jobs: - github_release steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -367,20 +367,20 @@ jobs: uses: ./.github/actions/version - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to Docker Hub - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: ${{ vars.DOCKER_SOLARWINDS_ORG_LOGIN }} password: ${{ secrets.ENOPS5919_APM_DOCKER_HUB_CI_OAT }} - name: Extract Docker metadata id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ github.repository_owner }}/autoinstrumentation-java tags: | @@ -393,7 +393,7 @@ jobs: org.opencontainers.image.vendor=SolarWinds Worldwide, LLC - name: Build and load -> linux/amd64 - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: agent platforms: linux/amd64 @@ -402,7 +402,7 @@ jobs: load: true - name: Build and push - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: push: true context: agent @@ -411,13 +411,13 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Login to Docker Hub - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: username: ${{ vars.ENOPS5919_DOCKER_SCOUT_CI_USER }} password: ${{ secrets.ENOPS5919_DOCKER_SCOUT_CI_PAT }} - name: Analyze for critical and high CVEs -> linux/amd64 - uses: docker/scout-action@v1 + uses: docker/scout-action@bacf462e8d090c09660de30a6ccc718035f961e3 # v1.20.4 with: command: cves image: ${{ steps.meta.outputs.tags[0] }} @@ -425,7 +425,7 @@ jobs: sarif-file: sarif.output.json - name: Upload SARIF result - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@65216971a11ded447a6b76263d5a144519e5eee1 # v2.25.2 with: sarif_file: sarif.output.json @@ -435,10 +435,10 @@ jobs: - github_release steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -448,20 +448,20 @@ jobs: uses: ./.github/actions/version - name: Set up QEMU - uses: docker/setup-qemu-action@v4 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to GitHub Package Registry - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: push: true context: agent @@ -473,10 +473,10 @@ jobs: needs: - github_release steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -486,7 +486,7 @@ jobs: uses: ./.github/actions/version - name: Scan Jar - uses: reversinglabs/gh-action-rl-scanner-cloud-only@v1 + uses: reversinglabs/gh-action-rl-scanner-cloud-only@b61135055814f4da482de188fafe6c5d614f87a8 # v1 with: artifact-to-scan: agent/build/libs/solarwinds-apm-agent.jar rl-verbose: true @@ -501,10 +501,10 @@ jobs: needs: - github_release steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -514,7 +514,7 @@ jobs: uses: ./.github/actions/version - name: Scan SDK Jar - uses: reversinglabs/gh-action-rl-scanner-cloud-only@v1 + uses: reversinglabs/gh-action-rl-scanner-cloud-only@b61135055814f4da482de188fafe6c5d614f87a8 # v1 with: artifact-to-scan: solarwinds-otel-sdk/build/libs/solarwinds-otel-sdk.jar rl-verbose: true @@ -529,10 +529,10 @@ jobs: needs: - github_release steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up JDK 17 - uses: actions/setup-java@v5 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 with: java-version: '17' distribution: 'temurin' @@ -542,7 +542,7 @@ jobs: uses: ./.github/actions/version - name: Scan Jar - uses: reversinglabs/gh-action-rl-scanner-cloud-only@v1 + uses: reversinglabs/gh-action-rl-scanner-cloud-only@b61135055814f4da482de188fafe6c5d614f87a8 # v1 with: artifact-to-scan: agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar rl-verbose: true