[StepSecurity] ci: Harden GitHub Actions (#1426)

Co-authored-by: nils måsén <nils@piksel.se>
pull/1430/head
Step Security Bot 2 years ago committed by GitHub
parent 0a0998f83c
commit 9a2f9c48c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -19,7 +19,7 @@ jobs:
uses: actions/setup-go@v3
with:
go-version: 1.18.x
- uses: dominikh/staticcheck-action@v1.2.0
- uses: dominikh/staticcheck-action@a3513ade2e5cb8075ba1c1ed1890a989cf0f2aa0 #v1.2.0
with:
version: "2022.1.1"
test:
@ -63,7 +63,7 @@ jobs:
with:
go-version: 1.18.x
- name: Build
uses: goreleaser/goreleaser-action@v3
uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a #v3
with:
version: v0.155.0
args: --snapshot --skip-publish --debug

@ -39,7 +39,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Publish to Docker Hub
uses: jerray/publish-docker-action@master
uses: jerray/publish-docker-action@87d84711629b0dc9f6bb127b568413cc92a2088e #master@2022-10-14
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
@ -47,7 +47,7 @@ jobs:
repository: containrrr/watchtower
tags: latest-dev
- name: Publish to GHCR
uses: jerray/publish-docker-action@master
uses: jerray/publish-docker-action@87d84711629b0dc9f6bb127b568413cc92a2088e #master@2022-10-14
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_GHCR_PAT }}

@ -72,18 +72,18 @@ jobs:
with:
go-version: 1.18.x
- name: Login to Docker Hub
uses: docker/login-action@v2
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
uses: docker/login-action@v2
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #v2
with:
username: ${{ secrets.BOT_USERNAME }}
password: ${{ secrets.BOT_GHCR_PAT }}
registry: ghcr.io
- name: Build
uses: goreleaser/goreleaser-action@v3
uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a #v3
with:
version: v0.155.0
args: --debug
@ -193,7 +193,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Pull new module version
uses: andrewslotin/go-proxy-pull-action@master
uses: andrewslotin/go-proxy-pull-action@bfc19ec6536e1638181b2ad6a03e16c7ccfb122f #master@2022-10-14

Loading…
Cancel
Save