diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index 62f1331b0fe5..339fb9399cff 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -35,12 +35,12 @@ runs: using: 'composite' steps: - name: Checkout Code - uses: actions/checkout@v2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 # Python installs - name: Set up Python ${{ env.python_version }} if: ${{ inputs.python == 'true' }} - uses: actions/setup-python@v2 + uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # pin@v4.3.0 with: python-version: ${{ env.python_version }} cache: pip @@ -58,7 +58,7 @@ runs: # NPM installs - name: Install node.js ${{ env.node_version }} if: ${{ inputs.npm == 'true' }} - uses: actions/setup-node@v2 + uses: actions/setup-node@969bd2663942d722d85b6a8626225850c2f7be4b # pin to v3.5.0 with: node-version: ${{ env.node_version }} cache: 'npm' diff --git a/.github/workflows/check_translations.yaml b/.github/workflows/check_translations.yaml index 139b992ca30a..910ecdda9be5 100644 --- a/.github/workflows/check_translations.yaml +++ b/.github/workflows/check_translations.yaml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Install Dependencies run: | sudo apt-get update diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a8442b2c2627..9d30cb9a79ff 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -33,7 +33,7 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Version Check run: | pip install requests @@ -66,30 +66,30 @@ jobs: test -f data/secret_key.txt - name: Set up QEMU if: github.event_name != 'pull_request' - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # pin@v1 + uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0 - name: Set up Docker Buildx if: github.event_name != 'pull_request' - uses: docker/setup-buildx-action@f211e3e9ded2d9377c8cadc4489a4e38014bc4c9 # pin@v1 + uses: docker/setup-buildx-action@95cb08cb2672c73d4ffd2f422e6d11953d2a9c70 # pin@v2.1.0 - name: Set up cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@09a077b27eb1310dcfb21981bee195b30ce09de0 # pin@v2.5.0 + uses: sigstore/cosign-installer@7cc35d7fdbe70d4278a0c96779081e6fac665f88 # pin@v2.8.0 - name: Login to Dockerhub if: github.event_name != 'pull_request' - uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # pin@v1 + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # pin@v2.1.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Extract Docker metadata if: github.event_name != 'pull_request' id: meta - uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a # pin@v4.0.1 + uses: docker/metadata-action@12cce9efe0d49980455aaaca9b071c0befcdd702 # pin@v4.1.0 with: images: | inventree/inventree - name: Build and Push id: build-and-push if: github.event_name != 'pull_request' - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a # pin@v2 + uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # pin@v3.2.0 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7 diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index 06e38208d0cb..8c3c4bb1f043 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -45,7 +45,7 @@ jobs: needs: pep_style steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -67,7 +67,7 @@ jobs: needs: pep_style steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -83,14 +83,14 @@ jobs: needs: pep_style steps: - - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Set up Python ${{ env.python_version }} - uses: actions/setup-python@7f80679172b057fc5e90d70d197929d454754a5a # pin@v2 + uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # pin@v4.3.0 with: python-version: ${{ env.python_version }} cache: 'pip' - name: Run pre-commit Checks - uses: pre-commit/action@9b88afc9cd57fd75b655d5c71bd38146d07135fe # pin@v2.0.3 + uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # pin@v3.0.0 - name: Check Version run: | pip install requests @@ -114,7 +114,7 @@ jobs: INVENTREE_PYTHON_TEST_PASSWORD: testpassword steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -144,7 +144,7 @@ jobs: continue-on-error: true steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -165,7 +165,7 @@ jobs: INVENTREE_PLUGINS_ENABLED: true steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -213,7 +213,7 @@ jobs: - 6379:6379 steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: @@ -258,7 +258,7 @@ jobs: - 3306:3306 steps: - - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # pin@v1 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Enviroment Setup uses: ./.github/actions/setup with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index adbb437889bc..630564b32db0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Version Check run: | pip install requests python3 ci/version_check.py - name: Push to Stable Branch - uses: ad-m/github-push-action@9a46ba8d86d3171233e861a4351b1278a2805c83 # pin@master + uses: ad-m/github-push-action@4dcce6dea3e3c8187237fc86b7dfdc93e5aaae58 # pin@master if: env.stable_release == 'true' with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -27,7 +27,7 @@ jobs: tweet: runs-on: ubuntu-latest steps: - - uses: Eomm/why-don-t-you-tweet@f61f2a86c30c46528c1398a1abb1f64aa0988f69 # pin@v1 + - uses: Eomm/why-don-t-you-tweet@5936bb1fd0096b1c2bbbb7518746638261bb4dae # pin@v1.0.1 with: tweet-message: "InvenTree release ${{ github.event.release.tag_name }} is out now! Release notes: ${{ github.event.release.html_url }} #opensource @@ -41,7 +41,7 @@ jobs: reddit: runs-on: ubuntu-latest steps: - - uses: bluwy/release-for-reddit-action@4d948192aff856da22f19f9806b00b46ca384547 # pin@v1 + - uses: bluwy/release-for-reddit-action@4b2d034b5c86a24db24363f1064149a8c2db69b4 # pin@v1.2.0 with: username: ${{ secrets.REDDIT_USERNAME }} password: ${{ secrets.REDDIT_PASSWORD }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 1e5137b7e74a..eefed27ed7d5 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@98ed4cb500039dbcccf4bd9bedada4d0187f2757 # pin@v3 + - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # pin@v6.0.1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue seems stale. Please react to show this is still diff --git a/.github/workflows/translations.yml b/.github/workflows/translations.yml index 9f2a0ba84508..52d0398102f7 100644 --- a/.github/workflows/translations.yml +++ b/.github/workflows/translations.yml @@ -21,9 +21,9 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Set up Python 3.9 - uses: actions/setup-python@152ba7c4dd6521b8e9c93f72d362ce03bf6c4f20 # pin@v1 + uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # pin@v4.3.0 with: python-version: 3.9 - name: Install Dependencies @@ -43,7 +43,7 @@ jobs: git add "*.po" git commit -m "updated translation base" - name: Push changes - uses: ad-m/github-push-action@9a46ba8d86d3171233e861a4351b1278a2805c83 # pin@master + uses: ad-m/github-push-action@4dcce6dea3e3c8187237fc86b7dfdc93e5aaae58 # pin@master with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: l10 diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index e6320ab732d3..50cfe6519693 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # pin@v2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # pin@v3.1.0 - name: Setup run: pip install -r requirements-dev.txt - name: Update requirements.txt @@ -17,7 +17,7 @@ jobs: - name: Update requirements-dev.txt run: pip-compile --generate-hashes --output-file=requirements-dev.txt requirements-dev.in -U - - uses: stefanzweifel/git-auto-commit-action@49620cd3ed21ee620a48530e81dba0d139c9cb80 # pin@v4 + - uses: stefanzweifel/git-auto-commit-action@fd157da78fa13d9383e5580d1fd1184d89554b51 # pin@v4.15.1 with: commit_message: "[Bot] Updated dependency" branch: dep-update