Merge pull request #13240 from chrisroberts/pinning

Pin actions in workflows
2023-07-28 17:12:10 -07:00 · 2023-07-28 17:12:10 -07:00 · 9969b58ffe
commit 9969b58ffe
parent 8004b9e001 a8ce678330
15 changed files with 21 additions and 157 deletions
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@ -10,7 +10,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          persist-credentials: false
          fetch-depth: 0
--- a/.github/workflows/dev-appimage-build.yml
+++ b/.github/workflows/dev-appimage-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-appimage
        env:
--- a/.github/workflows/dev-arch-build.yml
+++ b/.github/workflows/dev-arch-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-arch
        env:
--- a/.github/workflows/dev-build.yml
+++ b/.github/workflows/dev-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build
        env:
--- a/.github/workflows/dev-debs-build.yml
+++ b/.github/workflows/dev-debs-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-debs
        env:
--- a/.github/workflows/dev-macos-build.yml
+++ b/.github/workflows/dev-macos-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-macos
        env:
--- a/.github/workflows/dev-rpms-build.yml
+++ b/.github/workflows/dev-rpms-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-rpms
        env:
--- a/.github/workflows/dev-windows-build.yml
+++ b/.github/workflows/dev-windows-build.yml
@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Development Build
        run: ./.ci/dev-build "${BRANCH}" "${COMMIT_ID}" build-windows
        env:
--- a/.github/workflows/go-spectest.yml
+++ b/.github/workflows/go-spectest.yml
@ -23,18 +23,18 @@ jobs:
    name: Vagrant acceptance tests (Ruby ${{ matrix.ruby }})
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          submodules: 'recursive'
          # Also fetch all tags, since we need our version number in the build
          # to be based off a tag
          fetch-depth: 0
      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        with:
          go-version-file: go.mod
      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
        with:
          ruby-version: ${{matrix.ruby}}
          bundler-cache: true
--- a/.github/workflows/go-testing.yml
+++ b/.github/workflows/go-testing.yml
@ -30,13 +30,13 @@ jobs:
    name: Vagrant unit tests on Go (Ruby ${{ matrix.ruby }})
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        with:
          go-version-file: go.mod
      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
        with:
          ruby-version: ${{matrix.ruby}}
          bundler-cache: true
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@ -11,8 +11,8 @@ jobs:
      issues: write
      pull-requests: write
    steps:
-      - uses: dessant/lock-threads@v2
+      - uses: dessant/lock-threads@be8aa5be94131386884a6da4189effda9b14aa21 # v4.0.1
        with:
          github-token: ${{ github.token }}
-          issue-lock-inactive-days: '30'
-          pr-lock-inactive-days: '30'
+          issue-inactive-days: '30'
+          pr-inactive-days: '30'
--- a/.github/workflows/nightlies.yml
+++ b/.github/workflows/nightlies.yml
@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Nightly Build
        run: ./.ci/nightly-build "${COMMIT_ID}"
        env:
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Trigger Build
        run: ./.ci/release "${TAG}" "${COMMIT_ID}"
        env:
--- a/.github/workflows/spectesting.yml
+++ b/.github/workflows/spectesting.yml
@ -1,136 +0,0 @@
-on:
-  # Allows manual trigger on arbitrary branches via GitHub UI/API
-  workflow_dispatch:
-  repository_dispatch:
-    types: [prerelease]
-  schedule:
-    # Run nightly on weekdays at 05:00 UTC or midnight-ish in US time zones
-    - cron: '0 5 * * 1-5'
-
-jobs:
-  setup-packet:
-    if: github.repository == 'hashicorp/vagrant-acceptance'
-    runs-on: ['self-hosted', 'ondemand', 'linux', 'type=t3.nano']
-    name: Build Packet Instance
-    steps:
-      - name: Authentication
-        id: vault-auth
-        run: vault-auth
-      - name: Secrets
-        id: secrets
-        uses: hashicorp/vault-action@v2
-        with:
-          url: ${{ steps.vault-auth.outputs.addr }}
-          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
-          token: ${{ steps.vault-auth.outputs.token }}
-          secrets:
-            kv/data/teams/vagrant/slack webhook | slack_webhook;
-            kv/data/teams/vagrant/packet token | packet_token;
-            kv/data/teams/vagrant/packet project_id | packet_project_id;
-            kv/data/teams/vagrant/packet ssh_key_content | packet_ssh_key_content;
-      - name: Code Checkout
-        uses: actions/checkout@v3
-      - name: Create packet instance
-        run: ./.ci/spec/create-packet.sh
-        working-directory: ${{github.workspace}}
-        env:
-          PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }}
-          PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }}
-          PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }}
-          SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }}
-  setup-hosts:
-    if: github.repository == 'hashicorp/vagrant-acceptance'
-    runs-on: ['self-hosted', 'ondemand', 'linux', 'type=t3.nano']
-    name: Vagrant-Spec Start Hosts
-    needs: setup-packet
-    strategy:
-      matrix:
-        host_os: ['hashicorp/bionic64']
-        guest_os: ['hashicorp-vagrant/ubuntu-16.04']
-        providers: ['virtualbox', 'docker']
-    steps:
-      - name: Code Checkout
-        uses: actions/checkout@v3
-        with:
-          submodules: 'recursive'
-      - name: Create hosts for tests (provider ${{ matrix.providers }})
-        run: ./.ci/spec/create-hosts.sh
-        working-directory: ${{github.workspace}}
-        env:
-          PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }}
-          PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }}
-          PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }}
-          SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }}
-          VAGRANT_HOST_BOXES: ${{matrix.host_os}}
-          VAGRANT_GUEST_BOXES: ${{matrix.guest_os}}
-          VAGRANT_PRERELEASE_VERSION: ${{ github.event.client_payload.prerelease_version }}
-          VAGRANT_SPEC_PROVIDERS: ${{matrix.providers}}
-
-  spec-tests:
-    if: github.repository == 'hashicorp/vagrant-acceptance'
-    runs-on: ['self-hosted', 'ondemand', 'linux', 'type=t3.nano']
-    name: Vagrant-Spec Tests
-    needs: setup-hosts
-    strategy:
-      matrix:
-        host_os: ['hashicorp/bionic64']
-        guest_os: ['hashicorp-vagrant/ubuntu-16.04']
-        docker_images: ['nginx']
-        providers: ['virtualbox', 'docker']
-    steps:
-      - name: Run Tests with host ${{ matrix.host_os }} using provider ${{ matrix.providers }}
-        run: ./.ci/spec/run-test.sh
-        working-directory: ${{github.workspace}}
-        env:
-          PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }}
-          PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }}
-          PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }}
-          SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }}
-          VAGRANT_HOST_BOXES: ${{matrix.host_os}}
-          VAGRANT_GUEST_BOXES: ${{matrix.guest_os}}
-          VAGRANT_SPEC_PROVIDERS: ${{matrix.providers}}
-          VAGRANT_DOCKER_IMAGES: ${{matrix.docker_images}}
-      - name: Pull log from guest
-        if: always()
-        run: ./.ci/spec/pull-log.sh
-        env:
-          PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }}
-          PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }}
-          PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }}
-          SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }}
-          VAGRANT_HOST_BOXES: ${{matrix.host_os}}
-          VAGRANT_GUEST_BOXES: ${{matrix.guest_os}}
-          VAGRANT_SPEC_PROVIDERS: ${{matrix.providers}}
-          VAGRANT_DOCKER_IMAGES: ${{matrix.docker_images}}
-      - name: Upload log
-        if: always()
-        uses: actions/upload-artifact@v3
-        with:
-          name: vagrant-spec-${{matrix.providers}}.log
-          path: ${{ github.workspace }}/vagrant-spec.log
-  notify-on-success:
-    if: github.repository == 'hashicorp/vagrant-acceptance' && success()
-    runs-on: self-hosted
-    name: Notify on Success
-    needs: spec-tests
-    steps:
-      - name: Notify on Success
-        run: ./.ci/spec/notify-success.sh
-        env:
-          SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }}
-
-  cleanup:
-    if: github.repository == 'hashicorp/vagrant-acceptance'
-    runs-on: self-hosted
-    name: Cleanup Post Vagrant-Spec Tests
-    needs: [spec-tests, notify-on-success]
-    steps:
-      - name: Clean Packet
-        run: ./.ci/spec/clean-packet.sh
-        env:
-          PACKET_EXEC_TOKEN: ${{ steps.secrets.outputs.packet_token }}
-          PACKET_EXEC_PROJECT_ID: ${{ steps.secrets.outputs.packet_project_id }}
-          PACKET_SSH_KEY_CONTENT: ${{ steps.secrets.outputs.packet_ssh_key_content }}
-          SLACK_WEBHOOK: ${{ steps.secrets.outputs.slack_webhook }}
-      - name: Clean Workspace
-        run: rm -rf ${{ github.workspace }}
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@ -36,9 +36,9 @@ jobs:
    name: Vagrant unit tests on Ruby ${{ matrix.ruby }}
    steps:
      - name: Code Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - name: Setup Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@250fcd6a742febb1123a77a841497ccaa8b9e939 # v1.152.0
        with:
          ruby-version: ${{matrix.ruby}}
          bundler-cache: true