From 9157dc47204eea795fb43132e2707981047d04fb Mon Sep 17 00:00:00 2001 From: Maxime David Date: Thu, 22 May 2025 02:04:00 +0100 Subject: [PATCH] feat: use sha for actions --- .github/workflows/ci-collector.yml | 12 ++++++------ .github/workflows/ci-java.yml | 6 +++--- .github/workflows/ci-nodejs.yml | 6 +++--- .github/workflows/ci-python.yml | 6 +++--- .github/workflows/ci-shellcheck.yml | 2 +- .github/workflows/ci-terraform.yml | 4 ++-- .github/workflows/close-stale.yaml | 2 +- .github/workflows/codeql.yml | 14 +++++++------- .github/workflows/layer-publish.yml | 4 ++-- .github/workflows/publish-layer-collector.yml | 6 +++--- .github/workflows/release-layer-collector.yml | 8 ++++---- .github/workflows/release-layer-java.yml | 10 +++++----- .github/workflows/release-layer-nodejs.yml | 8 ++++---- .github/workflows/release-layer-python.yml | 8 ++++---- .github/workflows/release-layer-ruby.yml | 6 +++--- 15 files changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/workflows/ci-collector.yml b/.github/workflows/ci-collector.yml index 045144827d..76c623c4c4 100644 --- a/.github/workflows/ci-collector.yml +++ b/.github/workflows/ci-collector.yml @@ -18,11 +18,11 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: '~1.21.9' - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -41,11 +41,11 @@ jobs: matrix: architecture: [ amd64, arm64 ] steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: '~1.21.9' - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/ci-java.yml b/.github/workflows/ci-java.yml index 1038232084..b2ad27f9d2 100644 --- a/.github/workflows/ci-java.yml +++ b/.github/workflows/ci-java.yml @@ -21,15 +21,15 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: corretto java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 with: add-job-summary-as-pr-comment: on-failure # Valid values are 'never' (default), 'always', and 'on-failure' diff --git a/.github/workflows/ci-nodejs.yml b/.github/workflows/ci-nodejs.yml index 73707f48b7..caa9a6b61f 100644 --- a/.github/workflows/ci-nodejs.yml +++ b/.github/workflows/ci-nodejs.yml @@ -18,11 +18,11 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18 - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml index 50e5a929a9..07857daa32 100644 --- a/.github/workflows/ci-python.yml +++ b/.github/workflows/ci-python.yml @@ -32,9 +32,9 @@ jobs: steps: - name: Checkout this repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Python for OTel Python SDK - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: ${{ matrix.python }} - name: Install tox testing package @@ -43,7 +43,7 @@ jobs: pip install tox tox - name: Set up Go for ADOT Collector - uses: actions/setup-go@v5 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: '^1.20.8' - name: Build Python Layer which includes ADOT Collector diff --git a/.github/workflows/ci-shellcheck.yml b/.github/workflows/ci-shellcheck.yml index 834d93b864..2f37b91fbb 100644 --- a/.github/workflows/ci-shellcheck.yml +++ b/.github/workflows/ci-shellcheck.yml @@ -6,7 +6,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install shell check run: sudo apt update && sudo apt install --assume-yes shellcheck diff --git a/.github/workflows/ci-terraform.yml b/.github/workflows/ci-terraform.yml index ae158b40fd..06fcf29e57 100644 --- a/.github/workflows/ci-terraform.yml +++ b/.github/workflows/ci-terraform.yml @@ -18,6 +18,6 @@ jobs: check-terraform-syntax: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - run: terraform fmt -check -recursive diff --git a/.github/workflows/close-stale.yaml b/.github/workflows/close-stale.yaml index 911e40882d..55faf33f71 100644 --- a/.github/workflows/close-stale.yaml +++ b/.github/workflows/close-stale.yaml @@ -11,7 +11,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue was marked stale. It will be closed in 30 days without additional activity.' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e1dd5de486..af498c9ce1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -61,11 +61,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 with: languages: ${{ matrix.target.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -79,7 +79,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 with: working-directory: ${{ matrix.target.directory }} # There are no array literals in GHA that is why we need to use fromJson. @@ -96,14 +96,14 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Set up Java - uses: actions/setup-java@v4 + uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: corretto java-version: '11' if: ${{ matrix.target.language == 'java' }} - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@8379f6a1328ee0e06e2bb424dadb7b159856a326 # v4.4.0 - name: build Java run: ./gradlew build --no-build-cache @@ -111,7 +111,7 @@ jobs: if: ${{ matrix.target.language == 'java' }} - name: setup dotnet - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 with: dotnet-version: 6.x if: ${{ matrix.target.language == 'csharp' }} @@ -123,6 +123,6 @@ jobs: if: ${{ matrix.target.language == 'csharp' }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 with: category: "/language:${{matrix.target.language}}" diff --git a/.github/workflows/layer-publish.yml b/.github/workflows/layer-publish.yml index a015173280..a07740d966 100644 --- a/.github/workflows/layer-publish.yml +++ b/.github/workflows/layer-publish.yml @@ -89,11 +89,11 @@ jobs: cat $GITHUB_ENV - name: Download built layer - uses: actions/download-artifact@v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: ${{ inputs.artifact-name }} - - uses: aws-actions/configure-aws-credentials@v4 + - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 with: role-to-assume: ${{ inputs.role-arn || secrets.OTEL_LAMBDA_LAYER_PUBLISH_ROLE_ARN || secrets.PROD_LAMBDA_ROLE_ARN }} role-duration-seconds: 1200 diff --git a/.github/workflows/publish-layer-collector.yml b/.github/workflows/publish-layer-collector.yml index 2b18d310a4..fa104f30bd 100644 --- a/.github/workflows/publish-layer-collector.yml +++ b/.github/workflows/publish-layer-collector.yml @@ -71,9 +71,9 @@ jobs: matrix: ${{ fromJSON(needs.prepare-build-jobs.outputs.build_jobs) }} steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: '~1.21.9' - name: Build Collector @@ -87,7 +87,7 @@ jobs: echo "Build tags: $BUILDTAGS" make -C collector package GOARCH=${{ matrix.architecture }} BUILDTAGS=$BUILDTAGS - name: Upload Collector Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: opentelemetry-collector-layer-${{ matrix.architecture }}.zip path: ${{ github.workspace }}/collector/build/opentelemetry-collector-layer-${{ matrix.architecture }}.zip diff --git a/.github/workflows/release-layer-collector.yml b/.github/workflows/release-layer-collector.yml index 32e64b6761..9b23dc1bc7 100644 --- a/.github/workflows/release-layer-collector.yml +++ b/.github/workflows/release-layer-collector.yml @@ -14,7 +14,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -30,13 +30,13 @@ jobs: outputs: COLLECTOR_VERSION: ${{ steps.save-collector-version.outputs.COLLECTOR_VERSION }} steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version: '^1.23.1' - name: build run: make -C collector package GOARCH=${{ matrix.architecture }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: opentelemetry-collector-layer-${{ matrix.architecture }}.zip path: ${{ github.workspace }}/collector/build/opentelemetry-collector-layer-${{ matrix.architecture }}.zip diff --git a/.github/workflows/release-layer-java.yml b/.github/workflows/release-layer-java.yml index f6665642b1..c99cbbd28a 100644 --- a/.github/workflows/release-layer-java.yml +++ b/.github/workflows/release-layer-java.yml @@ -14,7 +14,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -26,9 +26,9 @@ jobs: JAVAAGENT_VERSION: ${{ steps.save-javaagent-version.outputs.JAVAAGENT_VERSION }} JAVAWRAPPER_VERSION: ${{ steps.save-javawrapper-version.outputs.JAVAWRAPPER_VERSION }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 with: distribution: corretto java-version: 17 @@ -41,13 +41,13 @@ jobs: cd java ./gradlew :layer-javaagent:assemble :layer-wrapper:assemble --scan --stacktrace - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 name: Save javaagent layer to build with: name: opentelemetry-javaagent-layer.zip path: java/layer-javaagent/build/distributions/opentelemetry-javaagent-layer.zip - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 name: Save javawrapper layer to build with: name: opentelemetry-javawrapper-layer.zip diff --git a/.github/workflows/release-layer-nodejs.yml b/.github/workflows/release-layer-nodejs.yml index 3df13dfa72..53cb8cdca1 100644 --- a/.github/workflows/release-layer-nodejs.yml +++ b/.github/workflows/release-layer-nodejs.yml @@ -14,7 +14,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -25,9 +25,9 @@ jobs: outputs: NODEJS_VERSION: ${{ steps.save-node-sdk-version.outputs.SDK_VERSION}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: 18 @@ -48,7 +48,7 @@ jobs: run: mv layer.zip opentelemetry-nodejs-layer.zip working-directory: nodejs/packages/layer/build - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 name: Save assembled layer to build with: name: opentelemetry-nodejs-layer.zip diff --git a/.github/workflows/release-layer-python.yml b/.github/workflows/release-layer-python.yml index 00d939adc3..abbcb08e26 100644 --- a/.github/workflows/release-layer-python.yml +++ b/.github/workflows/release-layer-python.yml @@ -14,7 +14,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -25,9 +25,9 @@ jobs: outputs: PYTHON_OPENTELEMETRY_SDK_VERSION: ${{ steps.save-python-opentelemetry-sdk-version.outputs.PYTHON_OPENTELEMETRY_SDK_VERSION}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: python-version: '3.9' @@ -55,7 +55,7 @@ jobs: ls -al working-directory: python/src/build - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 name: Save assembled layer to build with: name: opentelemetry-python-layer.zip diff --git a/.github/workflows/release-layer-ruby.yml b/.github/workflows/release-layer-ruby.yml index 378bd22236..1d52f8ebaf 100644 --- a/.github/workflows/release-layer-ruby.yml +++ b/.github/workflows/release-layer-ruby.yml @@ -14,7 +14,7 @@ jobs: create-release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create Release run: gh release create ${{ github.ref_name }} --draft --title ${{ github.ref_name }} env: @@ -25,7 +25,7 @@ jobs: outputs: RUBY_SDK_VERSION: ${{ steps.save-ruby-sdk-version.outputs.RUBY_SDK_VERSION}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build run: | @@ -47,7 +47,7 @@ jobs: ls -al working-directory: ruby/src/build - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 name: Save assembled layer to build with: name: opentelemetry-ruby-layer.zip