From 43d3e565e77b07366c3e6a1e5e7ccbbe13affbeb Mon Sep 17 00:00:00 2001 From: Fred Bricon Date: Fri, 17 Feb 2023 10:25:38 +0100 Subject: [PATCH 1/2] Pin 3rd-party actions to SHA1 in .github/workflows/build.yml --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 08ee610..aa0495d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - name: golangci-lint - uses: golangci/golangci-lint-action@v2 + uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018 #v2 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: latest From 73bfb7f26be2a9348b32aec92d1de8be04e96f19 Mon Sep 17 00:00:00 2001 From: Fred Bricon Date: Fri, 17 Feb 2023 10:25:39 +0100 Subject: [PATCH 2/2] Pin 3rd-party actions to SHA1 in .github/workflows/release.yml --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e1612d..43f69c2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,14 +34,14 @@ jobs: cache: true - name: Import GPG key - uses: crazy-max/ghaction-import-gpg@v5 + uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 #v5 id: import_gpg with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v3.1.0 + uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a #v3.1.0 with: version: latest args: release --rm-dist