From 91b3468c79db9b2258af65cfc0519642a411d7b7 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Fri, 10 Jul 2026 16:52:28 +0200 Subject: [PATCH 1/2] pin exact commits instead of using mutable tags --- .github/workflows/build-and-deploy.yml | 14 +++++++------- .github/workflows/pre-build.yml | 4 ++-- .github/workflows/run-tests.yml | 4 ++-- .github/workflows/sonar-analysis.yml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 80aa4db..1309c22 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -7,16 +7,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Check Out Repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Build and push to mail-server - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: context: ./ file: ./Dockerfile @@ -29,15 +29,15 @@ jobs: environment: name: production steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 #v4.3.1 - name: Update mail-server image - uses: steebchen/kubectl@v2.0.0 + uses: steebchen/kubectl@bd911c0b014904226d4cbd571ec0f7b679c5bb7c # v2.0.0 with: config: ${{ secrets.KUBE_CONFIG_DATA }} command: set image --record deployment/mail-server mail-server=${{ secrets.DOCKERHUB_USERNAME }}/mail-server:${{ github.sha }} -n mail - name: Verify mail-server rollout - uses: steebchen/kubectl@v2.0.0 + uses: steebchen/kubectl@bd911c0b014904226d4cbd571ec0f7b679c5bb7c # v2.0.0 with: config: ${{ secrets.KUBE_CONFIG_DATA }} command: rollout status deployment/mail-server -n mail diff --git a/.github/workflows/pre-build.yml b/.github/workflows/pre-build.yml index 272c4c3..2090351 100644 --- a/.github/workflows/pre-build.yml +++ b/.github/workflows/pre-build.yml @@ -14,10 +14,10 @@ jobs: node-version: [24.x] steps: - name: Check Out Repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ matrix.node-version }} registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index cfbf518..ab86d16 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -14,10 +14,10 @@ jobs: node-version: [24.x] steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ matrix.node-version }} registry-url: 'https://npm.pkg.github.com' diff --git a/.github/workflows/sonar-analysis.yml b/.github/workflows/sonar-analysis.yml index bb67f20..f335670 100644 --- a/.github/workflows/sonar-analysis.yml +++ b/.github/workflows/sonar-analysis.yml @@ -13,12 +13,12 @@ jobs: matrix: node-version: [24.x] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 0 - name: Set up Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: node-version: ${{ matrix.node-version }} registry-url: 'https://npm.pkg.github.com' @@ -37,7 +37,7 @@ jobs: run: npm run test:cov - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@v6 + uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From 8094022ebbd30fbaac1e9032014274a05b9018d9 Mon Sep 17 00:00:00 2001 From: tamarafinogina Date: Fri, 10 Jul 2026 17:15:58 +0200 Subject: [PATCH 2/2] test for new actions --- .github/workflows/build-and-deploy.yml | 2 +- .github/workflows/pre-build.yml | 1 + .github/workflows/run-tests.yml | 1 + .github/workflows/sonar-analysis.yml | 1 + 4 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 1309c22..c8abad0 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -1,7 +1,7 @@ name: Build & Deploy to Production on: push: - branches: ['master'] + branches: ['master', 'test_actions'] jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/pre-build.yml b/.github/workflows/pre-build.yml index 2090351..87c771b 100644 --- a/.github/workflows/pre-build.yml +++ b/.github/workflows/pre-build.yml @@ -3,6 +3,7 @@ on: push: branches: - 'master' + - 'test_actions' pull_request: branches: - 'master' diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index ab86d16..4b96c48 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -3,6 +3,7 @@ on: push: branches: - 'master' + - 'test_actions' pull_request: branches: - 'master' diff --git a/.github/workflows/sonar-analysis.yml b/.github/workflows/sonar-analysis.yml index f335670..1c1c968 100644 --- a/.github/workflows/sonar-analysis.yml +++ b/.github/workflows/sonar-analysis.yml @@ -3,6 +3,7 @@ on: push: branches: - master + - test_actions pull_request: types: [opened, synchronize, reopened] jobs: