pin github action versions

.github/workflows/deploy.yml

@@ -6,19 +6,19 @@ on:
     inputs:
       reason:
         required: true
-        description: 'Reason for running this workflow'
+        description: "Reason for running this workflow"
   push:
     branches:
       - main
     # Don't trigger if it's just a documentation update
     paths-ignore:
-      - '**.md'
-      - '**.MD'
-      - '**.yml'
-      - 'LICENSE'
-      - '.gitattributes'
-      - '.gitignore'
-      - '.dockerignore'
+      - "**.md"
+      - "**.MD"
+      - "**.yml"
+      - "LICENSE"
+      - ".gitattributes"
+      - ".gitignore"
+      - ".dockerignore"
 
 # Set workflow-wide environment variables
 #  - REPO: repo name on dockerhub
@@ -28,7 +28,6 @@ env:
   GHCR_REGISTRY: ghcr.io
 
 jobs:
-
   workflow-dispatch:
     name: Triggered via Workflow Dispatch?
     # only run this step if workflow dispatch triggered
@@ -59,7 +58,6 @@ jobs:
     needs: [hadolint]
     runs-on: ubuntu-latest
     steps:
-
       # Check out our code
       - name: Checkout
         uses: actions/[email protected]
@@ -68,7 +66,7 @@ jobs:
 
       # Log into ghcr (so we can push images)
       - name: Login to ghcr.io
-        uses: docker/login-action@v3
+        uses: docker/login-action@v3.1.0
         with:
           registry: ${{ env.GHCR_REGISTRY }}
           username: ${{ github.repository_owner }}
@@ -77,22 +75,22 @@ jobs:
       # Get metadata from repo
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v5.5.1
         with:
           images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
 
       # Set up QEMU for multi-arch builds
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v3.0.0
 
       # Set up buildx for multi platform builds
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3.3.0
 
       # Build "latest"
       - name: Build & Push - latest
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v5.3.0
         with:
           context: .
           file: ./Dockerfile
@@ -115,7 +113,7 @@ jobs:
 
       # Build version specific
       - name: Build & Push - version specific
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v5.3.0
         with:
           context: .
           file: ./Dockerfile
@@ -131,7 +129,7 @@ jobs:
 
       # # Build "latest_nohealthcheck"
       # - name: Build & Push - latest nohealthcheck
-      #   uses: docker/build-push-action@v5
+      #   uses: docker/build-push-action@v5.3.0
       #   with:
       #     context: .
       #     file: ./Dockerfile.nohealthcheck
@@ -143,7 +141,7 @@ jobs:
 
       # # Build version specific _nohealthcheck
       # - name: Build & Push - version specific nohealthcheck
-      #   uses: docker/build-push-action@v5
+      #   uses: docker/build-push-action@v5.3.0
       #   with:
       #     context: .
       #     file: ./Dockerfile.nohealthcheck
@@ -165,7 +163,6 @@ jobs:
           - linux/arm/v7
 
     steps:
-
       # Check out our code
       - name: Checkout
         uses: actions/[email protected]
@@ -174,7 +171,7 @@ jobs:
 
       # Log into ghcr (so we can push images)
       - name: Login to ghcr.io
-        uses: docker/login-action@v3
+        uses: docker/login-action@v3.1.0
         with:
           registry: ${{ env.GHCR_REGISTRY }}
           username: ${{ github.repository_owner }}
@@ -183,18 +180,18 @@ jobs:
       # Get metadata from repo
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@v5.5.1
         with:
           images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
 
       # Set up QEMU for multi-arch builds
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v3.0.0
 
       # Set up buildx for multi platform builds
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3.3.0
 
       # Get archictecture suffix
       - name: Get image architecture suffix
@@ -208,7 +205,7 @@ jobs:
 
       # Build "latest"
       - name: Build & Push - latest
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v5.3.0
         with:
           context: .
           file: ./Dockerfile
@@ -231,7 +228,7 @@ jobs:
 
       # Build version specific
       - name: Build & Push - version specific
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v5.3.0
         with:
           context: .
           file: ./Dockerfile
@@ -247,7 +244,7 @@ jobs:
 
       # # Build "latest_nohealthcheck"
       # - name: Build & Push - latest nohealthcheck
-      #   uses: docker/build-push-action@v5
+      #   uses: docker/build-push-action@v5.3.0
       #   with:
       #     context: .
       #     file: ./Dockerfile.nohealthcheck
@@ -259,7 +256,7 @@ jobs:
 
       # # Build version specific _nohealthcheck
       # - name: Build & Push - version specific nohealthcheck
-      #   uses: docker/build-push-action@v5
+      #   uses: docker/build-push-action@v5.3.0
       #   with:
       #     context: .
       #     file: ./Dockerfile.nohealthcheck

.github/workflows/on_pr.yaml

@@ -28,7 +28,7 @@ jobs:
         with:
           python-version: "3.9"
       - name: flake8 Lint
-        uses: py-actions/flake8@v2
+        uses: py-actions/flake8@v2.3.0
         with:
           ignore: "E501,E111,E114"
 
@@ -64,7 +64,6 @@ jobs:
           - linux/arm64
           - linux/arm/v7
     steps:
-
       # Check out our code
       - name: Checkout
         uses: actions/[email protected]
@@ -85,18 +84,18 @@ jobs:
       # Set up QEMU for multi-arch builds
       - name: Set up QEMU
         if: steps.changed-files-specific.outputs.any_changed == 'true'
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v3.0.0
 
       # Set up buildx for multi platform builds
       - name: Set up Docker Buildx
         if: steps.changed-files-specific.outputs.any_changed == 'true'
         id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v3.3.0
 
       # Build
       - name: Test Build
         if: steps.changed-files-specific.outputs.any_changed == 'true'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v5.3.0
         with:
           context: .
           file: ./Dockerfile
@@ -112,7 +111,7 @@ jobs:
       # # Build nohealthcheck
       # - name: Test Build nohealthcheck
       #   if: steps.changed-files-specific.outputs.any_changed == 'true'
-      #   uses: docker/build-push-action@v5
+      #   uses: docker/build-push-action@v5.3.0
       #   with:
       #     context: .
       #     file: ./Dockerfile.nohealthcheck

.github/workflows/yamllint.yml

@@ -7,7 +7,7 @@ on:
       - main
       # only run when yaml files are updated
     paths:
-      - '**.yml'
+      - "**.yml"
 
 jobs:
   yamllint:
@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/[email protected]
       - name: yaml-lint
-        uses: ibiqlik/action-yamllint@v3
+        uses: ibiqlik/action-yamllint@v3.1.1
         with:
           config_data: |
             extends: default