Skip to content

Commit 1d21f19

Browse files
yamoyamotoyamoyamoto
authored
fix(ci): pin docker/* actions in build.yml to ASF-approved SHAs (#8852)
Signed-off-by: yamoyamoto <yamo7yamoto@gmail.com>
1 parent f72868c commit 1d21f19

1 file changed

Lines changed: 20 additions & 20 deletions

File tree

.github/workflows/build.yml

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -43,16 +43,16 @@ jobs:
4343
docker volume prune -f
4444
- uses: actions/checkout@v3
4545
- name: Set up QEMU
46-
uses: docker/setup-qemu-action@v2
46+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
4747
- name: Set up Docker Buildx
48-
uses: docker/setup-buildx-action@v2
48+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
4949
- name: Login to DockerHub
50-
uses: docker/login-action@v2
50+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
5151
with:
5252
username: ${{ env.DOCKERHUB_USERNAME }}
5353
password: ${{ env.DOCKERHUB_TOKEN }}
5454
- name: Build and push lake image
55-
uses: docker/build-push-action@v3
55+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
5656
with:
5757
context: ./backend
5858
push: true
@@ -75,16 +75,16 @@ jobs:
7575
docker volume prune -f
7676
- uses: actions/checkout@v3
7777
- name: Set up QEMU
78-
uses: docker/setup-qemu-action@v2
78+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
7979
- name: Set up Docker Buildx
80-
uses: docker/setup-buildx-action@v2
80+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
8181
- name: Login to DockerHub
82-
uses: docker/login-action@v2
82+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
8383
with:
8484
username: ${{ env.DOCKERHUB_USERNAME }}
8585
password: ${{ env.DOCKERHUB_TOKEN }}
8686
- name: Build and push lake image
87-
uses: docker/build-push-action@v3
87+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
8888
with:
8989
context: ./backend
9090
push: true
@@ -114,11 +114,11 @@ jobs:
114114
id: get_short_sha
115115
run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
116116
- name: Set up QEMU
117-
uses: docker/setup-qemu-action@v2
117+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
118118
- name: Set up Docker Buildx
119-
uses: docker/setup-buildx-action@v2
119+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
120120
- name: Login to DockerHub
121-
uses: docker/login-action@v2
121+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
122122
with:
123123
username: ${{ env.DOCKERHUB_USERNAME }}
124124
password: ${{ env.DOCKERHUB_TOKEN }}
@@ -127,7 +127,7 @@ jobs:
127127
path: /tmp/devlake-build-cache-${{ matrix.platform }}
128128
key: buildx-devlake-build-cache-${{ github.run_id }}-${{ matrix.platform }}
129129
- name: Build and cache lake build
130-
uses: docker/build-push-action@v3
130+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
131131
with:
132132
context: ./backend
133133
push: false
@@ -166,11 +166,11 @@ jobs:
166166
id: get_short_sha
167167
run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
168168
- name: Set up QEMU
169-
uses: docker/setup-qemu-action@v2
169+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
170170
- name: Set up Docker Buildx
171-
uses: docker/setup-buildx-action@v2
171+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
172172
- name: Login to DockerHub
173-
uses: docker/login-action@v2
173+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
174174
with:
175175
username: ${{ env.DOCKERHUB_USERNAME }}
176176
password: ${{ env.DOCKERHUB_TOKEN }}
@@ -194,7 +194,7 @@ jobs:
194194
echo "TAGS=${image_name}:${{ github.ref_name }}_${{ needs.get-timestamp.outputs.timestamp }}_${{ steps.get_short_sha.outputs.SHORT_SHA }}" >> $GITHUB_OUTPUT
195195
fi
196196
- name: Build and push lake image
197-
uses: docker/build-push-action@v3
197+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
198198
with:
199199
context: ./backend
200200
push: true
@@ -253,11 +253,11 @@ jobs:
253253
id: get_short_sha
254254
run: echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
255255
- name: Set up QEMU
256-
uses: docker/setup-qemu-action@v2
256+
uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
257257
- name: Set up Docker Buildx
258-
uses: docker/setup-buildx-action@v2
258+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
259259
- name: Login to DockerHub
260-
uses: docker/login-action@v2
260+
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
261261
with:
262262
username: ${{ env.DOCKERHUB_USERNAME }}
263263
password: ${{ env.DOCKERHUB_TOKEN }}
@@ -273,7 +273,7 @@ jobs:
273273
echo "TAGS=${image_name}:${{ github.ref_name }}_${{ needs.get-timestamp.outputs.timestamp }}_${{ steps.get_short_sha.outputs.SHORT_SHA }}" >> $GITHUB_OUTPUT
274274
fi
275275
- name: Build and push ${{ matrix.build.name }} image
276-
uses: docker/build-push-action@v3
276+
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
277277
with:
278278
context: ${{ matrix.build.context }}
279279
push: true

0 commit comments

Comments
 (0)