diff --git a/.github/workflows/chart-release-steps.yaml b/.github/workflows/chart-release-steps.yaml index b183967b..18006d3f 100644 --- a/.github/workflows/chart-release-steps.yaml +++ b/.github/workflows/chart-release-steps.yaml @@ -57,18 +57,18 @@ jobs: # Setup # ---------------------------- - name: Checkout source branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: src - name: Install Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 with: version: ${{ inputs.helmVersion }} - name: Login to OCI Registry if: ${{ inputs.publishToOciRegistry }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -79,7 +79,7 @@ jobs: # ---------------------------- - name: Get chart details id: chart-details - uses: bjw-s/helm-charts-actions/get-chart-details@main + uses: bjw-s-labs/helm-charts-actions/get-chart-details@main with: path: src/charts/${{ inputs.chart }} validateChartYaml: true @@ -96,7 +96,7 @@ jobs: - name: Format changelog id: format-changelog - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | let input = '${{ steps.chart-details.outputs.changes }}'; @@ -128,7 +128,7 @@ jobs: # Package Helm chart # ---------------------------- - name: Dereference JSON schema before packaging - uses: bjw-s/helm-charts-actions/dereference-json-schema@main + uses: bjw-s-labs/helm-charts-actions/dereference-json-schema@main with: schemaFile: "src/charts/${{ inputs.chart }}/values.schema.json" outputFile: "src/charts/${{ inputs.chart }}/values.schema.json" @@ -149,7 +149,7 @@ jobs: # Add chart to GitHub Pages # ---------------------------- - name: Checkout gh-pages branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: ${{ inputs.publishToGhPages }} with: path: gh-pages @@ -183,7 +183,7 @@ jobs: - name: Commit Changes if: ${{ inputs.publishToGhPages }} - uses: stefanzweifel/git-auto-commit-action@v5 + uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0 with: commit_message: "feat: Add Chart package ${{ steps.chart-folder.outputs.chart_folder }}/${{ steps.chart-details.outputs.name }}-${{ steps.chart-details.outputs.version }}" repository: gh-pages @@ -205,13 +205,13 @@ jobs: # ---------------------------- - name: Create tag if: ${{ inputs.createGithubRelease }} - uses: EndBug/latest-tag@latest + uses: EndBug/latest-tag@c24a76ea69bf06f7f0e43a48b61c2b51b99d6c42 # latest with: ref: ${{ steps.chart-details.outputs.name }}-${{ steps.chart-details.outputs.version }} git-directory: src - name: Create release for tag - uses: ncipollo/release-action@v1 + uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0 if: ${{ inputs.createGithubRelease }} with: allowUpdates: true @@ -223,7 +223,7 @@ jobs: # ---------------------------- - name: Install Cosign if: ${{ inputs.publishToOciRegistry }} - uses: sigstore/cosign-installer@v3.8.0 + uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - name: Push Helm charts to OCI registry if: ${{ inputs.publishToOciRegistry }} diff --git a/.github/workflows/charts-lint.yaml b/.github/workflows/charts-lint.yaml index 63b35112..38175a2e 100644 --- a/.github/workflows/charts-lint.yaml +++ b/.github/workflows/charts-lint.yaml @@ -32,19 +32,19 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout pull request branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: pull - name: Checkout default branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: "${{ github.event.repository.default_branch }}" path: default - name: Get chart details for PR id: chart-details-pr - uses: bjw-s/helm-charts-actions/get-chart-details@main + uses: bjw-s-labs/helm-charts-actions/get-chart-details@main with: path: pull/charts/${{ matrix.chart }} validateChartYaml: true @@ -52,7 +52,7 @@ jobs: - name: Get chart details for default branch id: chart-details-default - uses: bjw-s/helm-charts-actions/get-chart-details@main + uses: bjw-s-labs/helm-charts-actions/get-chart-details@main with: path: default/charts/${{ matrix.chart }} allowChartToNotExist: true @@ -61,14 +61,14 @@ jobs: # - name: Check version update # if: ${{ steps.chart-details-pr.outputs.version == steps.chart-details-default.outputs.version }} - # uses: actions/github-script@v7 + # uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 # with: # script: | # core.setFailed("Chart version has not been updated for ${{ matrix.chart }}"); # - name: Check changelog update # if: ${{ steps.chart-details-pr.outputs.changes == steps.chart-details-default.outputs.changes }} - # uses: actions/github-script@v7 + # uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 # with: # script: | # core.setFailed("Changelog has not been updated for ${{ matrix.chart }}"); @@ -100,17 +100,17 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Kubernetes tools - uses: yokawasa/action-setup-kube-tools@v0.11.2 + uses: yokawasa/action-setup-kube-tools@9e25a4277af127b60011c95b6ed2da7e3b3613b1 # v0.11.2 with: setup-tools: | helmv3 helm: "${{ inputs.helmVersion }}" - name: Set up chart-testing - uses: helm/chart-testing-action@v2.7.0 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 - name: Dereference JSON schema uses: bjw-s/helm-charts-actions/dereference-json-schema@main diff --git a/.github/workflows/charts-release.yaml b/.github/workflows/charts-release.yaml index f2bdb67f..0f996235 100644 --- a/.github/workflows/charts-release.yaml +++ b/.github/workflows/charts-release.yaml @@ -29,7 +29,7 @@ jobs: # Setup # ---------------------------- - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -42,7 +42,7 @@ jobs: - name: Get changed library charts id: changed-library-charts if: ${{ github.event_name != 'workflow_dispatch' }} - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 with: matrix: true path: charts @@ -54,7 +54,7 @@ jobs: - name: Get changed charts id: changed-charts if: ${{ github.event_name != 'workflow_dispatch' }} - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 with: matrix: true path: charts @@ -66,7 +66,7 @@ jobs: - name: Get specified charts id: specified-charts if: ${{ github.event_name == 'workflow_dispatch' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const fs = require('fs'); @@ -105,7 +105,7 @@ jobs: - name: Filter out excluded charts id: filtered-charts - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | let libraryChartsInput = ${{ github.event_name == 'workflow_dispatch' && steps.specified-charts.outputs.libraryChartsToRelease || steps.changed-library-charts.outputs.all_changed_files }}; diff --git a/.github/workflows/charts-test.yaml b/.github/workflows/charts-test.yaml index 237c5ead..65c3d127 100644 --- a/.github/workflows/charts-test.yaml +++ b/.github/workflows/charts-test.yaml @@ -35,7 +35,7 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate prerequisite folders working-directory: "charts/${{ matrix.chart }}" @@ -47,7 +47,7 @@ jobs: fi - name: Install Kubernetes tools - uses: yokawasa/action-setup-kube-tools@v0.11.2 + uses: yokawasa/action-setup-kube-tools@9e25a4277af127b60011c95b6ed2da7e3b3613b1 # v0.11.2 with: setup-tools: | helmv3 @@ -55,7 +55,7 @@ jobs: helm: "${{ inputs.helmVersion }}" kubectl: "${{ matrix.k8s_version }}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version: "3.11" @@ -63,7 +63,7 @@ jobs: uses: helm/chart-testing-action@v2.6.1 - name: Create k3d cluster - uses: nolar/setup-k3d-k3s@v1 + uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # v1.0.9 with: version: ${{ matrix.k8s_version }} @@ -123,7 +123,7 @@ jobs: fail-fast: false steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate prerequisite folders working-directory: "charts/${{ matrix.chart }}" @@ -135,14 +135,14 @@ jobs: fi - name: Install Kubernetes tools - uses: yokawasa/action-setup-kube-tools@v0.11.2 + uses: yokawasa/action-setup-kube-tools@9e25a4277af127b60011c95b6ed2da7e3b3613b1 # v0.11.2 with: setup-tools: | helmv3 helm: "${{ inputs.helmVersion }}" - name: Dereference JSON schema - uses: bjw-s/helm-charts-actions/dereference-json-schema@main + uses: bjw-s-labs/helm-charts-actions/dereference-json-schema@main with: schemaFile: "charts/${{ matrix.chart }}/values.schema.json" outputFile: "charts/${{ matrix.chart }}/values.schema.json" diff --git a/.github/workflows/docs-release.yaml b/.github/workflows/docs-release.yaml index a81e1655..d321b070 100644 --- a/.github/workflows/docs-release.yaml +++ b/.github/workflows/docs-release.yaml @@ -20,20 +20,20 @@ jobs: concurrency: group: ${{ github.workflow }}-${{ github.ref }} steps: - - name: "Generate Short Lived OAuth App Token (ghs_*)" - uses: actions/create-github-app-token@v1.10.4 + - name: Generate Token + uses: actions/create-github-app-token@3ff1caaa28b64c9cc276ce0a02e2ff584f3900c5 # v2.0.2 id: app-token with: app-id: "${{ secrets.BJWS_APP_ID }}" private-key: "${{ secrets.BJWS_APP_PRIVATE_KEY }}" - name: Checkout main branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: token: ${{ steps.app-token.outputs.token }} fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 with: python-version: 3.x @@ -44,7 +44,7 @@ jobs: run: mkdocs build -f .ci/mkdocs/mkdocs.yml - name: Deploy - uses: peaceiris/actions-gh-pages@v4.0.0 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 if: ${{ github.ref == 'refs/heads/main' }} with: github_token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/pr-validate.yaml b/.github/workflows/pr-validate.yaml index 8e42e5ef..e83d3c7e 100644 --- a/.github/workflows/pr-validate.yaml +++ b/.github/workflows/pr-validate.yaml @@ -23,7 +23,7 @@ jobs: chartsToInstall: ${{ steps.charts-to-install.outputs.filteredCharts }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -35,11 +35,11 @@ jobs: - name: Get all added or modified files id: added-modified-files - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 - name: Get changed charts id: changed-charts - uses: tj-actions/changed-files@v45 + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 with: matrix: true path: charts @@ -48,7 +48,7 @@ jobs: - name: Determine charts to lint id: charts-to-lint - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | var changedCharts = ${{ steps.changed-charts.outputs.all_changed_files }}; @@ -58,7 +58,7 @@ jobs: - name: Determine charts to install id: charts-to-install - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | var changedCharts = ${{ steps.changed-charts.outputs.all_changed_files }}; @@ -73,10 +73,10 @@ jobs: - prepare steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run against changes - uses: pre-commit/action@v3.0.1 + uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 with: extra_args: --files ${{ needs.prepare.outputs.addedOrModifiedFiles }} --config .ci/pre-commit/config.yaml