nodejs
/
docker-node
mirror of https://github.com/nodejs/docker-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2209 from nschonni/harden-ci 

ci: pin various actions to SHAs
This commit is contained in:
Nick Schonning 2025-03-17 10:05:32 -04:00 committed by GitHub
parent 8e848ca2ec e500e20cbb
commit ebe23e5c54
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 22 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/automatic-updates.yml vendored
View File

@ -12,10 +12,10 @@ jobs:
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run automation script
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: updt
with:
result-encoding: string
@ -25,7 +25,7 @@ jobs:
- name: Create update PR
id: cpr
uses: peter-evans/create-pull-request@v7
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
token: ${{ secrets.GH_API_TOKEN }}
author: "Node.js GitHub Bot <nodejs-github-bot@users.noreply.github.com>"

12
.github/workflows/build-test.yml vendored
View File

@ -22,17 +22,17 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Calculate file differences
id: diff
uses: tj-actions/changed-files@v45
uses: tj-actions/changed-files@2f7c5bfce28377bc069a65ba478de0a74aa0ca32 # v46.0.1
with:
json: true
escape_json: false
- name: Generate testing matrix
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: generator
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
@ -59,17 +59,17 @@ jobs:
steps:
- name: Get short node version
uses: actions/github-script@v7
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: short-version
with:
result-encoding: string
script: return "${{ matrix.version }}".split('.')[0]
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build image
uses: docker/build-push-action@v6
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
push: false
load: true

4
.github/workflows/doctoc.yml vendored
View File

@ -14,8 +14,8 @@ jobs:
name: Doc TOC Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: 'lts/*'
- name: Install doctoc

4
.github/workflows/eclint.yml vendored
View File

@ -9,8 +9,8 @@ jobs:
eclint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: 'lts/*'
- run: npm i -g eclint

4
.github/workflows/markdown-link-check.yml vendored
View File

@ -13,8 +13,8 @@ jobs:
markdown-link-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
with:
node-version: 'lts/*'
- name: Install markdown-link-check

2
.github/workflows/missing-checksum.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Count number of Alpine Dockersfiles without CHECKSUM
run: |

12
.github/workflows/official-pr.yml vendored
View File

@ -21,14 +21,14 @@ jobs:
steps:
- name: Checkout the docker-node repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: docker-node
ref: ${{ github.base_ref }}
fetch-depth: 50
- name: Checkout the official-images repo
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: official-images
repository: docker-library/official-images
@ -40,7 +40,7 @@ jobs:
- name: Create PR in official-images
id: create-pr
uses: peter-evans/create-pull-request@v7
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
token: ${{ secrets.GH_API_TOKEN }}
push-to-fork: nodejs/official-images
@ -58,13 +58,9 @@ jobs:
echo "Pull Request URL - ${{ steps.create-pr.outputs.pull-request-url }}"
- name: Create PR comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: ${{ steps.create-pr.outputs.pull-request-url != '' }}
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
Created PR on the official-images repo (${{ steps.create-pr.outputs.pull-request-url }}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub.
- name: Dump context
if: always()
uses: crazy-max/ghaction-dump-context@v2

4
.github/workflows/shfmt.yml vendored
View File

@ -12,12 +12,12 @@ jobs:
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: docker run -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci .
- run: git diff --color --exit-code
shellcheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- run: shellcheck *.sh