Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .github/workflows/build-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,14 @@ jobs:
submodules: recursive

- name: Login to GitHub container registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0
with:
buildkitd-config-inline: |
[registry."docker.io"]
Expand All @@ -61,7 +61,7 @@ jobs:
run: echo "SAFE_REF=${GITHUB_REF_NAME//\//-}" >> $GITHUB_ENV

- name: Build container
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
with:
context: .
platforms: linux/${{ matrix.cpu }}
Expand All @@ -74,7 +74,7 @@ jobs:
cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ env.SAFE_REF }}

- name: Scan image with Trivy
uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand Down Expand Up @@ -102,15 +102,15 @@ jobs:

- name: Docker meta
id: meta
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0
with:
images: |
${{ env.GHCR_REPO }}
flavor: ${{ inputs.flavor }}
tags: ${{ inputs.tags }}

- name: Login to GitHub container registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint-web.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
node-version: 26

- name: Install pnpm
uses: pnpm/action-setup@008330803749db0355799c700092d9a85fd074e9 # v6.0.9
uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
with:
cache: true
version: 11
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/publish-docker-latest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,14 @@ jobs:
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2

- name: Login to GitHub container registry
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0

- name: Derive semver tag
run: |
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ jobs:
node-version: 26

- name: Install pnpm
uses: pnpm/action-setup@008330803749db0355799c700092d9a85fd074e9 # v6.0.9
uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
with:
cache: true
version: 11
Expand All @@ -104,12 +104,12 @@ jobs:
pnpm build

- name: Install Rust stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # stable
uses: dtolnay/rust-toolchain@4be7066ada62dd38de10e7b70166bc74ed198c30 # stable
with:
targets: "aarch64-unknown-linux-gnu"

- name: Run sccache-cache
uses: mozilla-actions/sccache-action@1583d6b38d7be47f593cb472781bbb21cab4321e # v0.0.10
uses: mozilla-actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 # v0.0.10

- name: Build Linux x86_64 binary
run: |
Expand Down Expand Up @@ -319,7 +319,7 @@ jobs:
deb_arch: amd64
rust_target: x86_64-unknown-linux-gnu
container:
image: ubuntu:22.04
image: ubuntu:22.04@sha256:0e0a0fc6d18feda9db1590da249ac93e8d5abfea8f4c3c0c849ce512b5ef8982
env:
DEBIAN_FRONTEND: noninteractive
HOME: /root
Expand Down Expand Up @@ -350,7 +350,7 @@ jobs:
node-version: 26

- name: Install pnpm
uses: pnpm/action-setup@008330803749db0355799c700092d9a85fd074e9 # v6.0.9
uses: pnpm/action-setup@0ebf47130e4866e96fce0953f49152a61190b271 # v6.0.9
with:
version: 11

Expand All @@ -363,7 +363,7 @@ jobs:
pnpm build

- name: Install Rust stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # stable
uses: dtolnay/rust-toolchain@4be7066ada62dd38de10e7b70166bc74ed198c30 # stable

- name: Install build dependencies
run: |
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/sbom.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
submodules: recursive

- name: Create SBOM with Trivy
uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -46,7 +46,7 @@ jobs:
scanners: "vuln"

- name: Create Docker image SBOM with Trivy
uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -59,7 +59,7 @@ jobs:
scanners: "vuln"

- name: Create security advisory file with Trivy
uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -72,7 +72,7 @@ jobs:
scanners: "vuln"

- name: Create Docker image security advisory file with Trivy
uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
test:
runs-on:
- codebuild-defguard-proxy-runner-${{ github.run_id }}-${{ github.run_attempt }}
container: public.ecr.aws/docker/library/rust:1
container: public.ecr.aws/docker/library/rust:1@sha256:44637ff22d0a6571a221bfaf137849711ad02ff4723dbb4736e297538f6a3e60

steps:
- name: Checkout
Expand All @@ -37,7 +37,7 @@ jobs:
submodules: recursive

- name: Scan code with Trivy
uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8 # v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
TRIVY_SHOW_SUPPRESSED: 1
Expand All @@ -50,7 +50,7 @@ jobs:
scanners: "vuln"

- name: Run sccache-cache
uses: mozilla-actions/sccache-action@1583d6b38d7be47f593cb472781bbb21cab4321e # v0.0.10
uses: mozilla-actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 # v0.0.10

- name: Install protoc
run: apt-get update && apt-get -y install protobuf-compiler
Expand All @@ -66,7 +66,7 @@ jobs:
cargo clippy --all-targets --all-features -- -D warnings

- name: Install cargo extensions
uses: taiki-e/install-action@9e1e5806d4a4822de933115878265be9aaa786d9 # v2.82.2
uses: taiki-e/install-action@c93ccc03e00cd0e08e494f5fd058a6c55a6a1907 # v2.82.8
with:
tool: cargo-deny

Expand Down
Loading