diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 11fe881..19dde82 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -16,27 +16,27 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: build perfspect run: | builder/build.sh - name: upload perfspect - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: perfspect path: dist/perfspect*.tgz - name: upload md5 - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: md5 path: dist/perfspect*.md5.txt - name: upload manifest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: manifest path: dist/manifest.json - name: upload oss package - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: oss_source path: dist/oss_source.tgz @@ -46,9 +46,9 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: download perspect - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: perfspect - name: run test @@ -61,7 +61,7 @@ jobs: cp -f perfspect.log output/ - name: upload report if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ matrix.runner }} report path: perfspect/output/ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6dbd23d..990e5f4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,9 +27,9 @@ jobs: language: [ 'go' ] steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} - name: Build @@ -40,6 +40,6 @@ jobs: touch internal/common/resources/dummy make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index d91e47f..d5b28c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 +FROM ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97 # Set environment variables for proxy, locale, and non-interactive installation ENV http_proxy=${http_proxy} \ diff --git a/build.Dockerfile b/build.Dockerfile index 898edf3..a2993be 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -7,7 +7,7 @@ # build the svr-info Go components using this image # $ docker run --rm -v "$PWD":/workdir -w /workdir perfspect-builder:v1 make dist -FROM golang:1.23 +FROM golang:1.23@sha256:ad5c126b5cf501a8caef751a243bb717ec204ab1aa56dc41dc11be089fafcb4f WORKDIR /workdir # pre-copy/cache go.mod for pre-downloading dependencies and only redownloading them in subsequent builds if they change COPY go.mod go.sum ./