diff --git a/.github/workflows/build-terraform-oss.yml b/.github/workflows/build-terraform-oss.yml index f7eed12b2a..f869b3e881 100644 --- a/.github/workflows/build-terraform-oss.yml +++ b/.github/workflows/build-terraform-oss.yml @@ -38,8 +38,8 @@ jobs: runs-on: ${{ inputs.runson }} name: Terraform ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.product-version }} steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ inputs.go-version }} - name: Determine artifact basename @@ -64,7 +64,7 @@ jobs: set -x go build -ldflags "${{ inputs.ld-flags }}" -o dist/ . zip -r -j out/${{ env.ARTIFACT_BASENAME }} dist/ - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.ARTIFACT_BASENAME }} path: out/${{ env.ARTIFACT_BASENAME }} @@ -88,13 +88,13 @@ jobs: echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV - if: ${{ inputs.goos == 'linux' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }} if-no-files-found: error - if: ${{ inputs.goos == 'linux' }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: ${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f8a3be1798..bc69558b6e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,7 +35,7 @@ jobs: pkg-name: ${{ steps.get-pkg-name.outputs.pkg-name }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Get Package Name id: get-pkg-name run: | @@ -62,7 +62,7 @@ jobs: go-version: ${{ steps.get-go-version.outputs.version }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Determine Go version id: get-go-version uses: ./.github/actions/go-version @@ -75,7 +75,7 @@ jobs: filepath: ${{ steps.generate-metadata-file.outputs.filepath }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Generate package metadata id: generate-metadata-file uses: hashicorp/actions-generate-metadata@v1 @@ -83,7 +83,7 @@ jobs: version: ${{ needs.get-product-version.outputs.product-version }} product: ${{ env.PKG_NAME }} - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} @@ -137,7 +137,7 @@ jobs: repo: "terraform" version: ${{needs.get-product-version.outputs.product-version}} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Build Docker images uses: hashicorp/actions-docker-build@v1 with: @@ -185,10 +185,10 @@ jobs: cache_path=internal/command/e2etest/build echo "e2e-cache-key=${cache_key}" | tee -a "${GITHUB_OUTPUT}" echo "e2e-cache-path=${cache_path}" | tee -a "${GITHUB_OUTPUT}" - - uses: actions/checkout@v3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Install Go toolchain - uses: actions/setup-go@v3 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} @@ -205,7 +205,7 @@ jobs: bash ./internal/command/e2etest/make-archive.sh - name: Save test harness to cache - uses: actions/cache/save@v3 + uses: actions/cache/save@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: ${{ steps.set-cache-values.outputs.e2e-cache-path }} key: ${{ steps.set-cache-values.outputs.e2e-cache-key }}_${{ matrix.goos }}_${{ matrix.goarch }} @@ -243,9 +243,9 @@ jobs: # fresh build from source.) - name: Checkout repo if: ${{ (matrix.goos == 'linux') || (matrix.goos == 'darwin') }} - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: "Restore cache" - uses: actions/cache/restore@v3 + uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 id: e2etestpkg with: path: ${{ needs.e2etest-build.outputs.e2e-cache-path }} @@ -253,7 +253,7 @@ jobs: fail-on-cache-miss: true enableCrossOsArchive: true - name: "Download Terraform CLI package" - uses: actions/download-artifact@v2 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 id: clipkg with: name: terraform_${{env.version}}_${{ env.os }}_${{ env.arch }}.zip @@ -264,7 +264,7 @@ jobs: unzip "${{ needs.e2etest-build.outputs.e2e-cache-path }}/terraform-e2etest_${{ env.os }}_${{ env.arch }}.zip" unzip "./terraform_${{env.version}}_${{ env.os }}_${{ env.arch }}.zip" - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 if: ${{ contains(matrix.goarch, 'arm') }} with: platforms: all @@ -298,17 +298,17 @@ jobs: steps: - name: Install Go toolchain - uses: actions/setup-go@v3 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - name: Download Terraform CLI package - uses: actions/download-artifact@v2 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 id: clipkg with: name: terraform_${{ env.version }}_linux_amd64.zip path: . - name: Checkout terraform-exec repo - uses: actions/checkout@v3 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: repository: hashicorp/terraform-exec path: terraform-exec diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index c275445c9f..b5e7b7632c 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -38,14 +38,14 @@ jobs: steps: - name: "Fetch source code" - uses: actions/checkout@v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Determine Go version id: go uses: ./.github/actions/go-version - name: Install Go toolchain - uses: actions/setup-go@v2 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ steps.go.outputs.version }} @@ -53,7 +53,7 @@ jobs: # identical across the unit-tests, e2e-tests, and consistency-checks # jobs, or else weird things could happen. - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: "~/go/pkg" key: go-mod-${{ hashFiles('go.sum') }} @@ -70,14 +70,14 @@ jobs: steps: - name: "Fetch source code" - uses: actions/checkout@v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Determine Go version id: go uses: ./.github/actions/go-version - name: Install Go toolchain - uses: actions/setup-go@v2 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ steps.go.outputs.version }} @@ -85,7 +85,7 @@ jobs: # identical across the unit-tests, e2e-tests, and consistency-checks # jobs, or else weird things could happen. - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: "~/go/pkg" key: go-mod-${{ hashFiles('go.sum') }} @@ -108,14 +108,14 @@ jobs: steps: - name: "Fetch source code" - uses: actions/checkout@v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Determine Go version id: go uses: ./.github/actions/go-version - name: Install Go toolchain - uses: actions/setup-go@v2 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ steps.go.outputs.version }} @@ -123,7 +123,7 @@ jobs: # identical across the unit-tests, e2e-tests, and consistency-checks # jobs, or else weird things could happen. - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: "~/go/pkg" key: go-mod-${{ hashFiles('go.sum') }} @@ -140,7 +140,7 @@ jobs: steps: - name: "Fetch source code" - uses: actions/checkout@v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 # We need to do comparisons against the main branch. @@ -149,7 +149,7 @@ jobs: uses: ./.github/actions/go-version - name: Install Go toolchain - uses: actions/setup-go@v2 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: ${{ steps.go.outputs.version }} @@ -157,7 +157,7 @@ jobs: # identical across the unit-tests, e2e-tests, and consistency-checks # jobs, or else weird things could happen. - name: Cache Go modules - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: "~/go/pkg" key: go-mod-${{ hashFiles('go.sum') }} @@ -173,7 +173,7 @@ jobs: fi - name: Cache protobuf tools - uses: actions/cache@v3 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: path: "tools/protobuf-compile/.workdir" key: protobuf-tools-${{ hashFiles('tools/protobuf-compile/protobuf-compile.go') }} diff --git a/.github/workflows/crt-hook-equivalence-tests.yml b/.github/workflows/crt-hook-equivalence-tests.yml index a4607cc937..3bffd2cd13 100644 --- a/.github/workflows/crt-hook-equivalence-tests.yml +++ b/.github/workflows/crt-hook-equivalence-tests.yml @@ -33,7 +33,7 @@ jobs: needs: - parse-metadata steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: ref: ${{ needs.parse-metadata.outputs.target-branch }} - uses: ./.github/actions/equivalence-test diff --git a/.github/workflows/issue-comment-created.yml b/.github/workflows/issue-comment-created.yml index b8c4d6bfac..c560aea6b7 100644 --- a/.github/workflows/issue-comment-created.yml +++ b/.github/workflows/issue-comment-created.yml @@ -8,7 +8,7 @@ jobs: issue_comment_triage: runs-on: ubuntu-latest steps: - - uses: actions-ecosystem/action-remove-labels@v1 + - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0 with: labels: | stale diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml index ed67648c78..7cae18297c 100644 --- a/.github/workflows/lock.yml +++ b/.github/workflows/lock.yml @@ -8,7 +8,7 @@ jobs: lock: runs-on: ubuntu-latest steps: - - uses: dessant/lock-threads@v2 + - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4.0.1 with: github-token: ${{ github.token }} issue-lock-comment: > diff --git a/.github/workflows/manual-equivalence-tests.yml b/.github/workflows/manual-equivalence-tests.yml index fb6b0d5b3b..648aac8044 100644 --- a/.github/workflows/manual-equivalence-tests.yml +++ b/.github/workflows/manual-equivalence-tests.yml @@ -25,7 +25,7 @@ jobs: name: "Run equivalence tests" runs-on: ubuntu-latest steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: ref: ${{ inputs.target-branch }} - uses: ./.github/actions/equivalence-test diff --git a/.github/workflows/merged-pr.yml b/.github/workflows/merged-pr.yml index df1249a811..a372835840 100644 --- a/.github/workflows/merged-pr.yml +++ b/.github/workflows/merged-pr.yml @@ -13,7 +13,7 @@ jobs: if: github.event.pull_request.merged == true runs-on: ubuntu-latest steps: - - uses: actions/github-script@v5 + - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1 with: script: | github.rest.issues.createComment({