Devops 1323 pin actions versions (#5346)

* update all actions for version pin * Fix typo * Actions version pin final push * upadte set-up DCT job to use latest gh action
2026-01-08 11:33:28 +00:00 · 2023-05-05 21:17:19 +01:00
parent 53c81a2ee3
commit a9ab32b476
26 changed files with 307 additions and 307 deletions
--- a/.github/workflows/release-web.yml
+++ b/.github/workflows/release-web.yml
@@ -24,7 +24,7 @@ jobs:
      tag_version: ${{ steps.version.outputs.tag }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0

      - name: Branch check
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
@@ -38,7 +38,7 @@ jobs:

      - name: Check Release Version
        id: version
-        uses: bitwarden/gh-actions/release-version-check@8f055ef543c7433c967a1b9b04a0f230923233bb
+        uses: bitwarden/gh-actions/release-version-check@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          release-type: ${{ github.event.inputs.release_type }}
          project-type: ts
@@ -65,12 +65,12 @@ jobs:
          echo "Github Release Option: $_RELEASE_OPTION"

      - name: Checkout repo
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0

      ########## DockerHub ##########
      - name: Setup DCT
        id: setup-dct
-        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
+        uses: bitwarden/gh-actions/setup-docker-trust@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
          azure-keyvault-name: "bitwarden-ci"
@@ -105,7 +105,7 @@ jobs:

      ########## ACR ##########
      - name: Login to Azure - PROD Subscription
-        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.6
        with:
          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}

@@ -150,11 +150,11 @@ jobs:
      _TAG_VERSION: ${{ needs.setup.outputs.release_version }}
    steps:
      - name: Checkout Repo
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0

      - name: Download latest cloud asset
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a
+        uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          workflow: build-web.yml
          path: apps/web
@@ -164,7 +164,7 @@ jobs:

      - name: Dry Run - Download latest cloud asset
        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a
+        uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          workflow: build-web.yml
          path: apps/web
@@ -177,7 +177,7 @@ jobs:
        run: unzip web-*-cloud-COMMERCIAL.zip

      - name: Checkout Repo
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
        with:
          ref: cf-pages
          path: deployment
@@ -228,7 +228,7 @@ jobs:
    steps:
      - name: Create GitHub deployment
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48
+        uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5
        id: deployment
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
@@ -240,7 +240,7 @@ jobs:

      - name: Download latest build artifacts
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a
+        uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          workflow: build-web.yml
          path: apps/web/artifacts
@@ -251,7 +251,7 @@ jobs:

      - name: Dry Run - Download latest build artifacts
        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a
+        uses: bitwarden/gh-actions/download-artifacts@34ecb67b2a357795dc893549df0795e7383ff50f
        with:
          workflow: build-web.yml
          path: apps/web/artifacts
@@ -268,7 +268,7 @@ jobs:

      - name: Create release
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37  # v1.10.0
+        uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
        with:
          name: "Web v${{ needs.setup.outputs.release_version }}"
          commit: ${{ github.sha }}
@@ -281,7 +281,7 @@ jobs:

      - name: Update deployment status to Success
        if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
-        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: http://vault.bitwarden.com
@@ -290,7 +290,7 @@ jobs:

      - name: Update deployment status to Failure
        if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
-        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
+        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: http://vault.bitwarden.com