Skip to content

Commit

Permalink
build: pin github actions to commit digest
Browse files Browse the repository at this point in the history
Signed-off-by: nscuro <[email protected]>
  • Loading branch information
nscuro committed Nov 2, 2022
1 parent f9ef1d2 commit 3f98a11
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 13 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/[email protected]
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Check license headers
uses: apache/[email protected]
uses: apache/skywalking-eyes@438e4ea5682269933ea2c8b5608662e52af26959 # tag=v0.4.0
with:
config: .licenserc.yml

Expand All @@ -29,14 +29,14 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/[email protected]
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Setup Go
uses: actions/[email protected]
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0
with:
go-version: "1.19"
check-latest: true
- name: Run golangci-lint
uses: golangci/[email protected]
uses: golangci/golangci-lint-action@07db5389c99593f11ad7b44463c2d4233066a9b1 # tag=v3.3.0
with:
version: latest

Expand All @@ -52,7 +52,7 @@ jobs:
- "1.19"
steps:
- name: Setup Go
uses: actions/[email protected]
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0
with:
go-version: ${{ matrix.go }}
check-latest: true
Expand All @@ -64,6 +64,6 @@ jobs:
echo "ad736b1443aa6527fc8bffdca1f632414908d21a631f33c60f439f6942a47d3c $HOME/.local/bin/cyclonedx" | sha256sum -c
chmod +x "$HOME/.local/bin/cyclonedx"
- name: Checkout Repository
uses: actions/[email protected]
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Test
run: make test
13 changes: 7 additions & 6 deletions .github/workflows/goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,30 +5,31 @@ on:
tags:
- 'v*'

permissions:
contents: write
permissions: { }

jobs:
goreleaser:
name: Release
timeout-minutes: 5
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout Repository
uses: actions/[email protected]
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
with:
fetch-depth: 0
- name: Setup Go
uses: actions/[email protected]
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0
with:
go-version: "1.19"
check-latest: true
- name: Install cyclonedx-gomod
uses: CycloneDX/gh-gomod-generate-sbom@v1
uses: CycloneDX/gh-gomod-generate-sbom@d4aee0cf5133055dbd98899978246c10c18c440f # tag=v1.1.0
with:
version: v1
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v3
uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 # tag=v3.2.0
with:
version: latest
args: release --rm-dist
Expand Down

0 comments on commit 3f98a11

Please sign in to comment.