Replace unpinned actions with pinned action

stacklok-cloud-staging[bot] · jhrozek · commit 5abcc04f41c4 · 2024-12-18T10:25:55.000+01:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,28 +15,28 @@ jobs:
 
     steps:
     - name: Checkout github repo
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       with:
         lfs: true
 
     - name: Checkout LFS objects
       run: git lfs pull
 
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
       with:
         python-version: ${{ matrix.python-version }}
 
     - name: Install Poetry
-      uses: snok/install-poetry@v1
+      uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1
       with:
         version: 1.7.1
         virtualenvs-create: true
         virtualenvs-in-project: true
 
     - name: Load cached venv
       id: cached-poetry-dependencies
-      uses: actions/cache@v4
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
       with:
         path: .venv
         key: venv-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}
diff --git a/.github/workflows/image-publish.yml b/.github/workflows/image-publish.yml
@@ -20,25 +20,25 @@ jobs:
       IMAGE_NAME: ${{ github.repository }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: Set up QEMU for cross-platform builds
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3
       - name: Compute version number
         id: version-string
         run: |
           DATE="$(date +%Y%m%d)"
           COMMIT="$(git rev-parse --short HEAD)"
           echo "tag=0.$DATE.$GITHUB_RUN_NUMBER-ref.$COMMIT" >> "$GITHUB_OUTPUT"
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Set container metadata
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5
         id: docker-metadata
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@@ -54,7 +54,7 @@ jobs:
             type=raw,value=${{ steps.version-string.outputs.tag }}
       - name: Download artifact
         id: download-artifact
-        uses: dawidd6/action-download-artifact@v7
+        uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
         with:
           github_token: ${{ github.token }}
           workflow: ".github/workflows/import_packages.yml"
@@ -75,7 +75,7 @@ jobs:
           git lfs pull
       - name: Build and Push Image
         id: image-build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64
diff --git a/.github/workflows/import_packages.yml b/.github/workflows/import_packages.yml
@@ -16,8 +16,8 @@ jobs:
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-    - uses: actions/checkout@v4    
-    - uses: actions/setup-python@v5
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4    
+    - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
       with:
         python-version: '3.12'    
     - name: Install dependencies
@@ -32,7 +32,7 @@ jobs:
 
     - name: Download json data
       id: download-json-data
-      uses: dawidd6/action-download-artifact@v7
+      uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
       with:
         repo: stacklok/codegate-data
         workflow: ".github/workflows/generate-artifact.yml"
@@ -46,7 +46,7 @@ jobs:
     - name: Download artifact
       if: ${{ github.event.inputs.enable_artifact_download == 'true' }}    
       id: download-artifact
-      uses: dawidd6/action-download-artifact@v7
+      uses: dawidd6/action-download-artifact@80620a5d27ce0ae443b965134db88467fc607b43 # v7
       with:
         github_token: ${{ github.token }}
         workflow: ".github/workflows/import_packages.yml"
@@ -76,7 +76,7 @@ jobs:
         fi
 
     - name: 'Upload Backup Files'
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4
       with:
         name: backup_weaviate
         path: /tmp/backup_weaviate/backup*
