From fd56f3bd438cb805a10f35512d6518daa69bf64b Mon Sep 17 00:00:00 2001 From: Simon Templer Date: Fri, 12 Apr 2024 22:56:27 +0200 Subject: [PATCH] fix: use concrete versions for all used actions ...instead of referrring to branches. --- .github/workflows/dockerfile.yml | 2 +- .github/workflows/gradle-library.yml | 4 ++-- .github/workflows/gradle-service.yml | 6 +++--- .github/workflows/play-service.yml | 2 +- .github/workflows/scan-images.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dockerfile.yml b/.github/workflows/dockerfile.yml index 5b5bf86..38332a4 100644 --- a/.github/workflows/dockerfile.yml +++ b/.github/workflows/dockerfile.yml @@ -56,7 +56,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Vulnerability check - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 with: image-ref: "${{ inputs.image }}:${{ inputs.tag }}" create-test-report: true diff --git a/.github/workflows/gradle-library.yml b/.github/workflows/gradle-library.yml index 782c185..4184cbc 100644 --- a/.github/workflows/gradle-library.yml +++ b/.github/workflows/gradle-library.yml @@ -158,7 +158,7 @@ jobs: run: mkdir -p ${{ inputs.multi-module && 'trivy-gha-scan/build/test-results' || 'build/test-results' }} - name: Vulnerability scan - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 with: junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy.xml' || 'build/test-results/trivy.xml' }}" # added to unit test report report-retention-days: 30 @@ -179,7 +179,7 @@ jobs: - name: Publish/release with Gradle if: ${{ !inputs.skip-build && inputs.publish-tasks != '' }} - uses: wetransform/gha-gradle-semantic-release@master + uses: wetransform/gha-gradle-semantic-release@v1.1.0 with: publish-tasks: ${{ inputs.publish-tasks }} release: ${{ inputs.semantic-release }} diff --git a/.github/workflows/gradle-service.yml b/.github/workflows/gradle-service.yml index ab690ed..fe8ef65 100644 --- a/.github/workflows/gradle-service.yml +++ b/.github/workflows/gradle-service.yml @@ -110,7 +110,7 @@ jobs: run: mkdir -p ${{ inputs.multi-module && 'trivy-gha-scan/build/test-results' || 'build/test-results' }} - name: Vulnerability scan - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 with: image-ref: 'docker.io/${{ inputs.image-tag }}' junit-test-output: "${{ inputs.multi-module && 'trivy-gha-scan/build/test-results/trivy.xml' || 'build/test-results/trivy.xml' }}" # added to unit test report @@ -118,7 +118,7 @@ jobs: report-tag: ${{ inputs.image-tag }} - name: Vulnerability scan (Image 2) - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 if: ${{ inputs.image-tag-2 != '' }} with: image-ref: 'docker.io/${{ inputs.image-tag-2 }}' @@ -127,7 +127,7 @@ jobs: report-tag: ${{ inputs.image-tag-2 }} - name: Vulnerability scan (Image 3) - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 if: ${{ inputs.image-tag-3 != '' }} with: image-ref: 'docker.io/${{ inputs.image-tag-3 }}' diff --git a/.github/workflows/play-service.yml b/.github/workflows/play-service.yml index 403228e..b01013b 100644 --- a/.github/workflows/play-service.yml +++ b/.github/workflows/play-service.yml @@ -98,7 +98,7 @@ jobs: run: mkdir -p ${{ inputs.junit-test-folder }} - name: Vulnerability scan - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 with: image-ref: 'docker.io/${{ inputs.image-tag }}' junit-test-output: "${{ inputs.junit-test-folder }}/trivy.xml" # added to unit test report diff --git a/.github/workflows/scan-images.yml b/.github/workflows/scan-images.yml index e3cb062..1ab1776 100644 --- a/.github/workflows/scan-images.yml +++ b/.github/workflows/scan-images.yml @@ -51,7 +51,7 @@ jobs: docker pull ${{ matrix.image }} - name: Vulnerability scan - uses: wetransform/gha-trivy@master + uses: wetransform/gha-trivy@v1.1.1 with: image-ref: ${{ matrix.image }} create-test-report: ${{ inputs.create-test-report }}