From afd4fdcea2d89a14df67a79879463a21ccb15c1e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:21:08 +0000 Subject: [PATCH 1/2] Pin dependencies --- .github/workflows/docker.yaml | 4 ++-- .github/workflows/e2e.yml | 2 +- .github/workflows/element-call.yaml | 6 +++--- .github/workflows/lint.yaml | 4 ++-- .github/workflows/netlify.yaml | 8 ++++---- .github/workflows/pr-deploy.yaml | 2 +- .github/workflows/publish.yaml | 2 +- .github/workflows/test.yaml | 6 +++--- .github/workflows/translations-download.yaml | 8 ++++---- .github/workflows/translations-upload.yaml | 4 ++-- 10 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 954e9abf..51e5a8db 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -23,10 +23,10 @@ jobs: packages: write steps: - name: Check it out - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: 📥 Download artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4 with: github-token: ${{ secrets.GITHUB_TOKEN }} run-id: ${{ inputs.artifact_run_id }} diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e7cb7e67..dfb8fc2b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out test private repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: repository: element-hq/static-call-participant ref: refs/heads/main diff --git a/.github/workflows/element-call.yaml b/.github/workflows/element-call.yaml index b8c1647f..ad44570f 100644 --- a/.github/workflows/element-call.yaml +++ b/.github/workflows/element-call.yaml @@ -21,9 +21,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Yarn cache - uses: actions/setup-node@v4 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 with: cache: "yarn" - name: Install dependencies @@ -38,7 +38,7 @@ jobs: VITE_APP_VERSION: ${{ inputs.vite_app_version }} NODE_OPTIONS: "--max-old-space-size=4096" - name: Upload Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 with: name: build-output path: dist diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 05569524..fdd0857b 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -7,9 +7,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Yarn cache - uses: actions/setup-node@v4 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 with: cache: "yarn" - name: Install dependencies diff --git a/.github/workflows/netlify.yaml b/.github/workflows/netlify.yaml index 602190ce..f90d9c1f 100644 --- a/.github/workflows/netlify.yaml +++ b/.github/workflows/netlify.yaml @@ -34,7 +34,7 @@ jobs: environment: Netlify steps: - name: 📝 Create Deployment - uses: bobheadxi/deployments@v1 + uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1 id: deployment with: step: start @@ -46,7 +46,7 @@ jobs: Exercise caution. Use test accounts. - name: 📥 Download artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4 with: github-token: ${{ secrets.ELEMENT_BOT_TOKEN }} run-id: ${{ inputs.artifact_run_id }} @@ -62,7 +62,7 @@ jobs: - name: ☁️ Deploy to Netlify id: netlify - uses: nwtgck/actions-netlify@v3.0 + uses: nwtgck/actions-netlify@4cbaf4c08f1a7bfa537d6113472ef4424e4eb654 # v3.0 with: publish-dir: webapp deploy-message: "Deploy from GitHub Actions" @@ -73,7 +73,7 @@ jobs: timeout-minutes: 1 - name: 🚦 Update deployment status - uses: bobheadxi/deployments@v1 + uses: bobheadxi/deployments@648679e8e4915b27893bd7dbc35cb504dc915bc8 # v1 if: always() with: step: finish diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml index 73ec70c8..262ce09b 100644 --- a/.github/workflows/pr-deploy.yaml +++ b/.github/workflows/pr-deploy.yaml @@ -14,7 +14,7 @@ jobs: pr_data_json: ${{ steps.prdetails.outputs.data }} steps: - id: prdetails - uses: matrix-org/pr-details-action@v1.3 + uses: matrix-org/pr-details-action@15bde5285d7850ba276cc3bd8a03733e3f24622a # v1.3 continue-on-error: true with: owner: ${{ github.event.workflow_run.head_repository.owner.login }} diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e901b159..6bbe79c0 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -39,7 +39,7 @@ jobs: id: current-time run: echo "unix_time=$(date +'%s')" >> $GITHUB_OUTPUT - name: 📥 Download artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4 with: github-token: ${{ secrets.GITHUB_TOKEN }} run-id: ${{ github.event.workflow_run.id || github.run_id }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 85385cb5..78205066 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -9,9 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Yarn cache - uses: actions/setup-node@v4 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 with: cache: "yarn" - name: Install dependencies @@ -19,6 +19,6 @@ jobs: - name: Vitest run: "yarn run test" - name: Upload to codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4 with: flags: unittests diff --git a/.github/workflows/translations-download.yaml b/.github/workflows/translations-download.yaml index 4e787f93..eb8839c9 100644 --- a/.github/workflows/translations-download.yaml +++ b/.github/workflows/translations-download.yaml @@ -13,9 +13,9 @@ jobs: steps: - name: Checkout the code - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 with: cache: "yarn" @@ -26,7 +26,7 @@ jobs: run: "rm -R public/locales" - name: Download translation files - uses: localazy/download@v1.1.0 + uses: localazy/download@0a79880fb66150601e3b43606fab69c88123c087 # v1.1.0 with: groups: "-p includeSourceLang:true" @@ -38,7 +38,7 @@ jobs: - name: Create Pull Request id: cpr - uses: peter-evans/create-pull-request@v6.0.5 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: token: ${{ secrets.ELEMENT_BOT_TOKEN }} branch: actions/localazy-download diff --git a/.github/workflows/translations-upload.yaml b/.github/workflows/translations-upload.yaml index d5097ca2..0f759ddb 100644 --- a/.github/workflows/translations-upload.yaml +++ b/.github/workflows/translations-upload.yaml @@ -14,9 +14,9 @@ jobs: steps: - name: Checkout the code - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Upload - uses: localazy/upload@v1 + uses: localazy/upload@27e6b5c0fddf4551596b42226b1c24124335d24a # v1 with: write_key: ${{ secrets.LOCALAZY_WRITE_KEY }} From 13ef3183e2dc8fcc8e6f19fce4992e2a1ce2d616 Mon Sep 17 00:00:00 2001 From: Robin Date: Fri, 21 Jun 2024 09:51:42 -0400 Subject: [PATCH 2/2] Tell Renovate that we're trying to pin actions to specific tags It thought that we were just trying to follow the latest commit on these actions, when in reality we want to follow the latest tag and pin its commit hash. --- .github/workflows/docker.yaml | 8 ++++---- .github/workflows/publish.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 51e5a8db..1bfad99a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -34,7 +34,7 @@ jobs: path: dist - name: Log in to container registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -42,16 +42,16 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@f7b4ed12385588c3f9bc252f0a2b520d83b52d48 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: ${{ inputs.docker_tags}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@abe89fb761023d1d963c81f6b5e0df54236dc097 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Build and push Docker image - uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 + uses: docker/build-push-action@31159d49c0d4756269a0940a750801a1ea5d7003 # v6.1.0 with: context: . platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 6bbe79c0..ddf42d22 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -51,7 +51,7 @@ jobs: run: | tar --numeric-owner --transform "s/dist/element-call-${TARBALL_VERSION}/" -cvzf element-call-${TARBALL_VERSION}.tar.gz dist - name: Upload - uses: actions/upload-artifact@552bf3722c16e81001aea7db72d8cedf64eb5f68 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 env: GITHUB_TOKEN: ${{ github.token }} with: