From 6f6a98f3d01027fa7eb54264a1e8d2c94a35c194 Mon Sep 17 00:00:00 2001
From: leiicamundi <153937047+leiicamundi@users.noreply.github.com>
Date: Fri, 17 May 2024 12:52:54 +0200
Subject: [PATCH] pin actions

---
 .../actions/rosa-create-cluster/action.yml    |  6 +-
 .../actions/rosa-delete-cluster/action.yml    |  4 +-
 .github/workflows/links.yml                   |  8 +--
 .github/workflows/lint.yml                    |  1 +
 .github/workflows/tests.yml                   | 60 +++++++++----------
 5 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml
index fbd8a2f..6c62ae2 100644
--- a/.github/actions/rosa-create-cluster/action.yml
+++ b/.github/actions/rosa-create-cluster/action.yml
@@ -80,10 +80,10 @@ runs:
         rosa version
 
     - name: Install Terraform
-      uses: hashicorp/setup-terraform@v3
+      uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3
 
     - name: Install CLI tools from OpenShift Mirror
-      uses: redhat-actions/openshift-tools-installer@v1
+      uses: redhat-actions/openshift-tools-installer@2de9a80cf012ad0601021515481d433b91ef8fd5 # v1
       with:
         oc: "${{ inputs.openshift-version }}"
 
@@ -133,7 +133,7 @@ runs:
         echo "terraform-state-url=${terraform_state_url}" >> "$GITHUB_OUTPUT"
 
     - name: Checkout Repository rosa modules
-      uses: actions/checkout@v4
+      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       with:
         repository: "camunda/camunda-tf-rosa"
         ref: ${{ inputs.tf-modules-revision }}
diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml
index 7908909..fe1536b 100644
--- a/.github/actions/rosa-delete-cluster/action.yml
+++ b/.github/actions/rosa-delete-cluster/action.yml
@@ -35,7 +35,7 @@ runs:
   using: 'composite'
   steps:
     - name: Install Terraform
-      uses: hashicorp/setup-terraform@v3
+      uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3
 
     - name: Install aws-cli
       shell: bash
@@ -54,7 +54,7 @@ runs:
         echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"
 
     - name: Checkout Repository rosa modules
-      uses: actions/checkout@v4
+      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       with:
         repository: "camunda/camunda-tf-rosa"
         ref: ${{ inputs.tf-modules-revision }}
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
index fe6e57e..79d7d9b 100644
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@@ -11,21 +11,21 @@ jobs:
     name: links-check
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Get Current Timestamp
         id: timestamp
         run: echo "TIMESTAMP=$(date +%s)" >> "$GITHUB_ENV"
 
       - name: Restore lychee cache
-        uses: actions/cache@v3
+        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3
         with:
           path: .lycheecache
           key: "cache-lychee-${{ env.TIMESTAMP }}"
           restore-keys: cache-lychee-
 
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v1.10.0
+        uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
         with:
           fail: true
           args: -c ./lychee-links.toml --base . --cache --max-cache-age 1d . --verbose --no-progress '*.md' './**/*.md'
@@ -33,7 +33,7 @@ jobs:
 
       - name: Create Issue From File
         if: ${{ github.event_name == 'schedule' && env.lychee_exit_code != 0 }}
-        uses: peter-evans/create-issue-from-file@v4
+        uses: peter-evans/create-issue-from-file@433e51abf769039ee20ba1293a088ca19d573b7f # v4
         with:
           title: Link Checker Report
           content-filepath: ./lychee/out.md
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 255305b..19655f6 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -6,6 +6,7 @@ on:
   push:
   workflow_dispatch:
 
+
 jobs:
   lint:
     name: pre-commit
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 6bf56e0..593adeb 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,16 +2,16 @@
 name: Cluster creation and destruction test
 
 on:
-    workflow_dispatch:
-    pull_request:
-        # the paths should be synced with ../labeler.yml
-        paths:
-        - modules/fixtures/**
-        - modules/**.tf
-        - .tool-versions
-        - .github/workflows/tests.yml
-        - .github/actions/**
-        - justfile
+  workflow_dispatch:
+  pull_request:
+    # the paths should be synced with ../labeler.yml
+    paths:
+      - modules/fixtures/**
+      - modules/**.tf
+      - .tool-versions
+      - .github/workflows/tests.yml
+      - .github/actions/**
+      - justfile
 
 # limit to a single execution per actor of this workflow
 concurrency:
@@ -38,21 +38,21 @@ jobs:
       - name: Get OCP Cluster Name and Delete Flag
         id: commit_info
         run: |
-            commit_message=$(git log -1 --pretty=format:"%B")
-            if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then
-                cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+')
-            else
-                cluster_name=$(git rev-parse --short HEAD)
-            fi
+          commit_message=$(git log -1 --pretty=format:"%B")
+          if echo "$commit_message" | grep -qE 'ocp_cluster_name=([^\s]+)'; then
+              cluster_name=$(echo "$commit_message" | grep -oP 'ocp_cluster_name=\K[^\s]+')
+          else
+              cluster_name=$(git rev-parse --short HEAD)
+          fi
 
-            if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then
-                delete_cluster="false"
-            else
-                delete_cluster="true"
-            fi
+          if echo "$commit_message" | grep -q 'delete_ocp_cluster=false'; then
+              delete_cluster="false"
+          else
+              delete_cluster="true"
+          fi
 
-            echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
-            echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT"
+          echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
+          echo "delete_cluster=$delete_cluster" >> "$GITHUB_OUTPUT"
 
       - name: Import Secrets
         id: secrets
@@ -86,11 +86,11 @@ jobs:
           admin-username: ${{ env.OCP_ADMIN_USERNAME }}
           admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
           aws-region: ${{ env.AWS_REGION }}
-          namespace:  ${{ env.OCP_NAMESPACE }}
+          namespace: ${{ env.OCP_NAMESPACE }}
           s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
 
       - name: Generate kubeconfig
-        uses: nick-fields/retry@v3
+        uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3
         id: kube_config
         with:
           timeout_minutes: 10
@@ -107,11 +107,11 @@ jobs:
       - name: Create namespace if not exists
         shell: bash
         run: |
-            if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
-                oc new-project "${{ env.OCP_NAMESPACE }}"
-            else
-                echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
-            fi
+          if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
+              oc new-project "${{ env.OCP_NAMESPACE }}"
+          else
+              echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
+          fi
 
       - name: Delete Cluster
         timeout-minutes: 125