diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 7b1a727718..2344dce7a9 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -168,13 +168,13 @@ jobs: echo "git_commit_date=$(git show -s --format=%ci)" >> $GITHUB_ENV - name: Set up QEMU if: github.event_name != 'pull_request' - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # pin@v3.7.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # pin@v4.0.0 - name: Set up Docker Buildx if: github.event_name != 'pull_request' - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # pin@v3.12.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # pin@v4.0.0 - name: Set up cosign if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # pin@v4.0.0 + uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # pin@v4.1.0 - name: Check if Dockerhub login is required id: docker_login run: | @@ -185,14 +185,14 @@ jobs: fi - name: Login to Dockerhub if: github.event_name != 'pull_request' && steps.docker_login.outputs.skip_dockerhub_login != 'true' - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # pin@v3.7.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # pin@v4.0.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Log into registry ghcr.io if: github.event_name != 'pull_request' - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # pin@v3.7.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # pin@v4.0.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -201,7 +201,7 @@ jobs: - name: Extract Docker metadata if: github.event_name != 'pull_request' id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # pin@v5.10.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # pin@v6.0.0 with: images: | inventree/inventree diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index 4e1ac5cd29..bc8b3272c9 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -362,7 +362,7 @@ jobs: pip install . if: needs.paths-filter.outputs.submit-performance == 'true' - name: Performance Reporting - uses: CodSpeedHQ/action@dbda7111f8ac363564b0c51b992d4ce76bb89f2f # pin@v4 + uses: CodSpeedHQ/action@281164b0f014a4e7badd2c02cecad9b595b70537 # pin@v4 # check if we are in inventree/inventree - reporting only works in that OIDC context if: github.repository == 'inventree/InvenTree' && needs.paths-filter.outputs.submit-performance == 'true' with: @@ -452,7 +452,7 @@ jobs: env: node_version: '>=20.19.0' - name: Performance Reporting - uses: CodSpeedHQ/action@dbda7111f8ac363564b0c51b992d4ce76bb89f2f # pin@v4 + uses: CodSpeedHQ/action@281164b0f014a4e7badd2c02cecad9b595b70537 # pin@v4 with: mode: walltime run: inv dev.test --pytest diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e48d8987af..9e5563ae36 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -55,7 +55,7 @@ jobs: - name: Build frontend run: cd src/frontend && npm run compile && npm run build - name: Create SBOM for frontend - uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # pin@v0 + uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d # pin@v0 with: artifact-name: frontend-build.spdx path: src/frontend