From cdd94e2029ebe701ae753075186e1887a016053f Mon Sep 17 00:00:00 2001 From: Lucas Rodriguez Date: Wed, 10 Apr 2024 13:14:36 -0500 Subject: [PATCH] Pin third-party gh actions by hash --- .github/workflows/publish-application-packages.yml | 2 +- .github/workflows/scan-lint.yml | 2 +- .github/workflows/test-upgrade.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-application-packages.yml b/.github/workflows/publish-application-packages.yml index 6721bd8c46..c30c7105fa 100644 --- a/.github/workflows/publish-application-packages.yml +++ b/.github/workflows/publish-application-packages.yml @@ -23,7 +23,7 @@ jobs: ref: ${{ github.event.inputs.branchName }} - name: Install The Latest Release Version of Zarf - uses: defenseunicorns/setup-zarf@main + uses: defenseunicorns/setup-zarf@f95763914e20e493bb5d45d63e30e17138f981d6 # v1.0.0 - name: "Login to GHCR" uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 diff --git a/.github/workflows/scan-lint.yml b/.github/workflows/scan-lint.yml index 5bda787160..b27ad00d77 100644 --- a/.github/workflows/scan-lint.yml +++ b/.github/workflows/scan-lint.yml @@ -12,7 +12,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run Revive Action by pulling pre-built image - uses: docker://morphy/revive-action:v2 + uses: docker://morphy/revive-action@sha256:087d4e61077087755711ab7e9fae3cc899b7bb07ff8f6a30c3dfb240b1620ae8 # v2.5.7 with: config: revive.toml # Exclude patterns, separated by semicolons (optional) diff --git a/.github/workflows/test-upgrade.yml b/.github/workflows/test-upgrade.yml index 38dd0ca4a1..bafbcf3760 100644 --- a/.github/workflows/test-upgrade.yml +++ b/.github/workflows/test-upgrade.yml @@ -63,7 +63,7 @@ jobs: chmod +x build/zarf - name: Install release version of Zarf - uses: defenseunicorns/setup-zarf@main + uses: defenseunicorns/setup-zarf@f95763914e20e493bb5d45d63e30e17138f981d6 # v1.0.0 with: download-init-package: true