diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 9e98277507c59..34cc863f8a281 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -27,9 +27,9 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Download all Go modules
@@ -45,13 +45,13 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Restore go build cache
- uses: actions/cache@v3
+ uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -69,13 +69,13 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Run golangci-lint
- uses: golangci/golangci-lint-action@v3
+ uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1
with:
version: v1.46.2
args: --timeout 10m --exclude SA5011 --verbose
@@ -92,11 +92,11 @@ jobs:
- name: Create checkout directory
run: mkdir -p ~/go/src/github.com/argoproj
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Create symlink in GOPATH
run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install required packages
@@ -116,7 +116,7 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
- uses: actions/cache@v3
+ uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -133,12 +133,12 @@ jobs:
- name: Run all unit tests
run: make test-local
- name: Generate code coverage artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: code-coverage
path: coverage.out
- name: Generate test results artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: test-results
path: test-results/
@@ -155,11 +155,11 @@ jobs:
- name: Create checkout directory
run: mkdir -p ~/go/src/github.com/argoproj
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Create symlink in GOPATH
run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Install required packages
@@ -179,7 +179,7 @@ jobs:
run: |
echo "/usr/local/bin" >> $GITHUB_PATH
- name: Restore go build cache
- uses: actions/cache@v3
+ uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -196,7 +196,7 @@ jobs:
- name: Run all unit tests
run: make test-race-local
- name: Generate test results artifacts
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: race-results
path: test-results/
@@ -206,9 +206,9 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: Create symlink in GOPATH
@@ -250,14 +250,14 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Setup NodeJS
- uses: actions/setup-node@v3
+ uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
with:
node-version: '12.18.4'
- name: Restore node dependency cache
id: cache-dependencies
- uses: actions/cache@v3
+ uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -287,12 +287,12 @@ jobs:
sonar_secret: ${{ secrets.SONAR_TOKEN }}
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
fetch-depth: 0
- name: Restore node dependency cache
id: cache-dependencies
- uses: actions/cache@v3
+ uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
with:
path: ui/node_modules
key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -303,16 +303,16 @@ jobs:
run: |
mkdir -p test-results
- name: Get code coverage artifiact
- uses: actions/download-artifact@v3
+ uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with:
name: code-coverage
- name: Get test result artifact
- uses: actions/download-artifact@v3
+ uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
with:
name: test-results
path: test-results
- name: Upload code coverage information to codecov.io
- uses: codecov/codecov-action@v3
+ uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1
with:
file: coverage.out
- name: Perform static code analysis using SonarCloud
@@ -366,9 +366,9 @@ jobs:
GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- name: GH actions workaround - Kill XSP4 process
@@ -386,7 +386,7 @@ jobs:
sudo chown runner $HOME/.kube/config
kubectl version
- name: Restore go build cache
- uses: actions/cache@v3
+ uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -442,7 +442,7 @@ jobs:
set -x
make test-e2e-local
- name: Upload e2e-server logs
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
with:
name: e2e-server-k8s${{ matrix.k3s-version }}.log
path: /tmp/e2e-server.log
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8eb39f668d782..1b057e92a7f1e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -29,11 +29,11 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
@@ -41,7 +41,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
- uses: github/codeql-action/autobuild@v2
+ uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
# âšī¸ Command-line programs to run using the OS shell.
# đ https://git.io/JvXDl
@@ -55,4 +55,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index b23af4246c41a..3cba7359e153d 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -29,10 +29,10 @@ jobs:
env:
GOPATH: /home/runner/work/argo-cd/argo-cd
steps:
- - uses: actions/setup-go@v3
+ - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
- - uses: actions/checkout@master
+ - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
path: src/github.com/argoproj/argo-cd
@@ -53,8 +53,8 @@ jobs:
DOCKER_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
# build
- - uses: docker/setup-qemu-action@v2
- - uses: docker/setup-buildx-action@v2
+ - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+ - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
- run: |
IMAGE_PLATFORMS=linux/amd64
if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
@@ -69,7 +69,7 @@ jobs:
# sign container images
- name: Install cosign
- uses: sigstore/cosign-installer@main
+ uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
with:
cosign-release: 'v1.13.0'
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e61ce7fecd5f3..98d29079f6dea 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -43,7 +43,7 @@ jobs:
GIT_EMAIL: argoproj@gmail.com
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
@@ -147,7 +147,7 @@ jobs:
echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV
- name: Setup Golang
- uses: actions/setup-go@v3
+ uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
with:
go-version: ${{ env.GOLANG_VERSION }}
@@ -200,8 +200,8 @@ jobs:
docker login --username "${DOCKER_USERNAME}" --password-stdin <<< "${DOCKER_TOKEN}"
if: ${{ env.DRY_RUN != 'true' }}
- - uses: docker/setup-qemu-action@v2
- - uses: docker/setup-buildx-action@v2
+ - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+ - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
- name: Build and push Docker image for release
run: |
set -ue
@@ -215,7 +215,7 @@ jobs:
if: ${{ env.DRY_RUN != 'true' }}
- name: Install cosign
- uses: sigstore/cosign-installer@main
+ uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
with:
cosign-release: 'v1.13.0'
@@ -232,7 +232,7 @@ jobs:
- name: Read release notes file
id: release-notes
- uses: juliangruber/read-file-action@v1
+ uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b # v1.1.6
with:
path: ${{ env.RELEASE_NOTES }}
@@ -243,7 +243,7 @@ jobs:
git push origin ${RELEASE_TAG}
- name: Dry run GitHub release
- uses: actions/create-release@v1
+ uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
id: create_release
@@ -295,7 +295,7 @@ jobs:
if: ${{ env.DRY_RUN != 'true' }}
- name: Create GitHub release
- uses: softprops/action-gh-release@v1
+ uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
@@ -313,7 +313,7 @@ jobs:
- name: Update homebrew formula
env:
HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
- uses: dawidd6/action-homebrew-bump-formula@v3
+ uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
with:
token: ${{env.HOMEBREW_TOKEN}}
formula: argocd
diff --git a/.github/workflows/update-snyk.yaml b/.github/workflows/update-snyk.yaml
index 8ac19c4958501..3bed04f42a02c 100644
--- a/.github/workflows/update-snyk.yaml
+++ b/.github/workflows/update-snyk.yaml
@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Build reports