From 9d71cf817809ad3fde7c59ca27a84c888a2d7047 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:03:00 -0400 Subject: [PATCH 1/8] ci: pin actions/checkout 4.2.2 SHA --- .github/workflows/automatic-updates.yml | 2 +- .github/workflows/build-test.yml | 4 ++-- .github/workflows/doctoc.yml | 2 +- .github/workflows/eclint.yml | 2 +- .github/workflows/markdown-link-check.yml | 2 +- .github/workflows/missing-checksum.yml | 2 +- .github/workflows/official-pr.yml | 4 ++-- .github/workflows/shfmt.yml | 4 ++-- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml index 63fea81093..703245c940 100644 --- a/.github/workflows/automatic-updates.yml +++ b/.github/workflows/automatic-updates.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run automation script uses: actions/github-script@v7 diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 3bee8120a7..7caa618fb4 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Calculate file differences id: diff @@ -66,7 +66,7 @@ jobs: script: return "${{ matrix.version }}".split('.')[0] - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build image uses: docker/build-push-action@v6 diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml index 07789f625a..f6be9b763b 100644 --- a/.github/workflows/doctoc.yml +++ b/.github/workflows/doctoc.yml @@ -14,7 +14,7 @@ jobs: name: Doc TOC Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/setup-node@v4 with: node-version: 'lts/*' diff --git a/.github/workflows/eclint.yml b/.github/workflows/eclint.yml index a7690eb12f..e8699a130c 100644 --- a/.github/workflows/eclint.yml +++ b/.github/workflows/eclint.yml @@ -9,7 +9,7 @@ jobs: eclint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/setup-node@v4 with: node-version: 'lts/*' diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml index 3793d6358d..a755cadc4b 100644 --- a/.github/workflows/markdown-link-check.yml +++ b/.github/workflows/markdown-link-check.yml @@ -13,7 +13,7 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/setup-node@v4 with: node-version: 'lts/*' diff --git a/.github/workflows/missing-checksum.yml b/.github/workflows/missing-checksum.yml index 70637004f1..6c4a293c55 100644 --- a/.github/workflows/missing-checksum.yml +++ b/.github/workflows/missing-checksum.yml @@ -13,7 +13,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Count number of Alpine Dockersfiles without CHECKSUM run: | diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml index 30d467b3b1..540fbed1ce 100644 --- a/.github/workflows/official-pr.yml +++ b/.github/workflows/official-pr.yml @@ -21,14 +21,14 @@ jobs: steps: - name: Checkout the docker-node repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: docker-node ref: ${{ github.base_ref }} fetch-depth: 50 - name: Checkout the official-images repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: official-images repository: docker-library/official-images diff --git a/.github/workflows/shfmt.yml b/.github/workflows/shfmt.yml index 6fc68a571c..380d165260 100644 --- a/.github/workflows/shfmt.yml +++ b/.github/workflows/shfmt.yml @@ -12,12 +12,12 @@ jobs: shfmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: docker run -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . - run: git diff --color --exit-code shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: shellcheck *.sh From 133475e1a789e012e1977b1e259f8f9a26e991ad Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:04:49 -0400 Subject: [PATCH 2/8] ci: pin actions/github-script v7.0.1 SHA --- .github/workflows/automatic-updates.yml | 2 +- .github/workflows/build-test.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml index 703245c940..6423cbb9fb 100644 --- a/.github/workflows/automatic-updates.yml +++ b/.github/workflows/automatic-updates.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run automation script - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: updt with: result-encoding: string diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 7caa618fb4..794bdd7efc 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -32,7 +32,7 @@ jobs: escape_json: false - name: Generate testing matrix - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: generator with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -59,7 +59,7 @@ jobs: steps: - name: Get short node version - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: short-version with: result-encoding: string From 202c1306978f98eb76a3a2d90f3279fd4bf8db39 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:06:12 -0400 Subject: [PATCH 3/8] ci: pin peter-evans/create-pull-request v7.0.8 SHA --- .github/workflows/automatic-updates.yml | 2 +- .github/workflows/official-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml index 6423cbb9fb..ab5408659a 100644 --- a/.github/workflows/automatic-updates.yml +++ b/.github/workflows/automatic-updates.yml @@ -25,7 +25,7 @@ jobs: - name: Create update PR id: cpr - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ secrets.GH_API_TOKEN }} author: "Node.js GitHub Bot " diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml index 540fbed1ce..95ed21e550 100644 --- a/.github/workflows/official-pr.yml +++ b/.github/workflows/official-pr.yml @@ -40,7 +40,7 @@ jobs: - name: Create PR in official-images id: create-pr - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ secrets.GH_API_TOKEN }} push-to-fork: nodejs/official-images From 73ce7900678b65fa6a7f3cd2fd293772466ee6b5 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:08:26 -0400 Subject: [PATCH 4/8] ci: pin tj-actions/changed-files v46.0.1 SHA --- .github/workflows/build-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 794bdd7efc..af5ebbae02 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -26,7 +26,7 @@ jobs: - name: Calculate file differences id: diff - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1 with: json: true escape_json: false From 9ac75cf0b97933d61cdfea97954fe84afe15d119 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:10:52 -0400 Subject: [PATCH 5/8] ci: pin actions/setup-node v4.3.0 SHA --- .github/workflows/doctoc.yml | 2 +- .github/workflows/eclint.yml | 2 +- .github/workflows/markdown-link-check.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml index f6be9b763b..a8b691342d 100644 --- a/.github/workflows/doctoc.yml +++ b/.github/workflows/doctoc.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: 'lts/*' - name: Install doctoc diff --git a/.github/workflows/eclint.yml b/.github/workflows/eclint.yml index e8699a130c..058ceeb000 100644 --- a/.github/workflows/eclint.yml +++ b/.github/workflows/eclint.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: 'lts/*' - run: npm i -g eclint diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml index a755cadc4b..6f066eb33a 100644 --- a/.github/workflows/markdown-link-check.yml +++ b/.github/workflows/markdown-link-check.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0 with: node-version: 'lts/*' - name: Install markdown-link-check From 8790701396f460825f0337c7905b56bc4ce23e33 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:11:55 -0400 Subject: [PATCH 6/8] ci: pin docker/build-push-action v6.15.0 SHA --- .github/workflows/build-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index af5ebbae02..450e4e2736 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: push: false load: true From c3460916f977bd13d9a1f1e991c6d5b5f5b8cadb Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:14:05 -0400 Subject: [PATCH 7/8] ci: pin peter-evans/create-or-update-comment v4.0.0 SHA --- .github/workflows/official-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml index 95ed21e550..fb0c4f5ddf 100644 --- a/.github/workflows/official-pr.yml +++ b/.github/workflows/official-pr.yml @@ -58,7 +58,7 @@ jobs: echo "Pull Request URL - ${{ steps.create-pr.outputs.pull-request-url }}" - name: Create PR comment - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 if: ${{ steps.create-pr.outputs.pull-request-url != '' }} with: issue-number: ${{ github.event.pull_request.number }} From e500e20cbb5fa12fe4211fb634c3c1b6b8947b4a Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 17 Mar 2025 01:14:47 -0400 Subject: [PATCH 8/8] ci: remove crazy-max/ghaction-dump-context --- .github/workflows/official-pr.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml index fb0c4f5ddf..f1dd7855d4 100644 --- a/.github/workflows/official-pr.yml +++ b/.github/workflows/official-pr.yml @@ -64,7 +64,3 @@ jobs: issue-number: ${{ github.event.pull_request.number }} body: | Created PR on the official-images repo (${{ steps.create-pr.outputs.pull-request-url }}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub. - - - name: Dump context - if: always() - uses: crazy-max/ghaction-dump-context@v2