diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4d9378657e..245ec0a42c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,5 +1,10 @@
version: 2
updates:
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ open-pull-requests-limit: 10
- package-ecosystem: npm
directory: "/"
schedule:
diff --git a/.github/workflows/add-documentation-to-repo.yaml b/.github/workflows/add-documentation-to-repo.yaml
index 3abe789b77..1ebf6b0b79 100644
--- a/.github/workflows/add-documentation-to-repo.yaml
+++ b/.github/workflows/add-documentation-to-repo.yaml
@@ -9,31 +9,51 @@ on:
jobs:
runService:
- runs-on: ubuntu-latest
+ name: Run Service
+ runs-on: [self-hosted, Linux, medium, ephemeral]
strategy:
matrix:
node-version: [ 20.x ]
mongodb-version: [ 7.0.5 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
+ - name: Install dependencies
+ run: yarn install
+
- name: Start NatsMQ
- uses: onichandame/nats-action@master
+ uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
with:
port: "4222"
+
- name: Config Repo
run: |
git config --global user.name "envision-ci-agent"
git config --global user.email "envision-ci-agent@users.noreply.github.com"
git remote set-url origin https://x-access-token:${{ secrets.DOC_UPDATE_API_KEY }}@github.com/$GITHUB_REPOSITORY
git checkout "${GITHUB_REF:11}"
+
- name: Start MongoDB
- uses: supercharge/mongodb-github-action@1.7.0
+ uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
+
- name: Build
run: |
yarn
@@ -51,6 +71,7 @@ jobs:
popd
env:
CI: true
+
- name: Run service
run: |
pushd api-gateway
@@ -60,6 +81,7 @@ jobs:
yarn start &
popd
sleep 30
+
- name: Download file
run: |
rm -fv swagger.yaml
diff --git a/.github/workflows/api-manual.yml b/.github/workflows/api-manual.yml
index 3357892219..1b0d764613 100644
--- a/.github/workflows/api-manual.yml
+++ b/.github/workflows/api-manual.yml
@@ -5,7 +5,8 @@ on:
jobs:
buildAndTest:
- runs-on: ubuntu-latest
+ name: Build and Test (Manual)
+ runs-on: [self-hosted, Linux, medium, ephemeral]
services:
ipfs-node:
image: ipfs/kubo:latest
@@ -21,13 +22,27 @@ jobs:
node-version: [ 20.x ]
mongodb-version: [ 7.0.5 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
- name: Install dependencies
- run: yarn
+ run: yarn install
+
- name: Build packages
run: |
pushd interfaces
@@ -57,14 +72,17 @@ jobs:
pushd api-gateway
yarn run build
popd
+
- name: Start NatsMQ
- uses: onichandame/nats-action@master
+ uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
with:
port: "4222"
+
- name: Start MongoDB
- uses: supercharge/mongodb-github-action@1.7.0
+ uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
+
- name: Run Guardian
run: |
pushd notification-service
@@ -110,8 +128,9 @@ jobs:
npm install --force
npx cypress run --env "portApi=3002,operatorId=${{ secrets.CI_HEDERA_ACCOUNT }},operatorKey=${{ secrets.CI_HEDERA_PRIV_KEY }}" --spec cypress/e2e/api-tests/**/*.cy.js
popd
+
- name: Publish API Test Results
- uses: EnricoMi/publish-unit-test-result-action@v1
+ uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
if: always()
with:
files: e2e-tests/cypress/test_results/**/*.xml
diff --git a/.github/workflows/api.yml b/.github/workflows/api.yml
index 770db84e2a..d1d55c6ee5 100644
--- a/.github/workflows/api.yml
+++ b/.github/workflows/api.yml
@@ -5,7 +5,8 @@ on:
jobs:
buildAndTest:
- runs-on: ubuntu-latest
+ name: Build and Test
+ runs-on: [self-hosted, Linux, medium, ephemeral]
services:
ipfs-node:
image: ipfs/kubo:latest
@@ -21,15 +22,29 @@ jobs:
node-version: [ 20.x ]
mongodb-version: [ 7.0.5 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
ref: 'develop'
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
- name: Install dependencies
- run: yarn
+ run: yarn install
+
- name: Build packages
run: |
pushd interfaces
@@ -59,14 +74,17 @@ jobs:
pushd api-gateway
yarn run build
popd
+
- name: Start NatsMQ
- uses: onichandame/nats-action@master
+ uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
with:
port: "4222"
+
- name: Start MongoDB
- uses: supercharge/mongodb-github-action@1.7.0
+ uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
with:
mongodb-version: ${{ matrix.mongodb-version }}
+
- name: Run Guardian
run: |
pushd notification-service
@@ -112,8 +130,9 @@ jobs:
npm install --force
npx cypress run --env "portApi=3002,operatorId=${{ secrets.CI_HEDERA_ACCOUNT }},operatorKey=${{ secrets.CI_HEDERA_PRIV_KEY }}" --spec cypress/e2e/api-tests/**/*.cy.js
popd
+
- name: Publish API Test Results
- uses: EnricoMi/publish-unit-test-result-action@v1
+ uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
if: always()
with:
files: e2e-tests/cypress/test_results/**/*.xml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index ebb3c36de1..736e5d3a4c 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -7,16 +7,33 @@ on:
- 'dependabot/**'
jobs:
buildAndTest:
- runs-on: ubuntu-latest
+ name: Build and Test (Manual - Main)
+ runs-on: [self-hosted, Linux, medium, ephemeral]
strategy:
matrix:
node-version: [ 20.10.0 ]
steps:
- - uses: actions/checkout@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Checkout Code
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
- name: Use Node.js ${{ matrix.node-version }}
- uses: actions/setup-node@v1
+ uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: ${{ matrix.node-version }}
+
+ - name: Setup Yarn
+ uses: Borales/actions-yarn@3766bb1335b98fb13c60eaf358fe20811b730a88 # v5.0.0
+ with:
+ cmd: install
+
+ - name: Install dependencies
+ run: yarn install
+
- name: Build
run: |
yarn
@@ -56,12 +73,14 @@ jobs:
env:
CI: true
NODE_OPTIONS: --openssl-legacy-provider
+
- name: Detect secrets
run: |
yarn run detect-secrets
env:
CI: true
NODE_OPTIONS: --openssl-legacy-provider
+
- name: Lint
run: |
pushd interfaces
@@ -94,6 +113,7 @@ jobs:
env:
CI: true
NODE_OPTIONS: --openssl-legacy-provider
+
- name: Test
run: |
pushd common
@@ -110,8 +130,9 @@ jobs:
NODE_OPTIONS: --openssl-legacy-provider
OPERATOR_ID: ${{ secrets.CI_HEDERA_ACCOUNT }}
OPERATOR_KEY: ${{ secrets.CI_HEDERA_PRIV_KEY }}
+
- name: Publish Unit Test Results
- uses: EnricoMi/publish-unit-test-result-action@v1
+ uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
if: always()
with:
files: test_results/**/*.xml
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 720b945a6d..52133280a5 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,14 +5,24 @@ on:
release:
types: [published]
+permissions:
+ contents: read
+
jobs:
docker:
- runs-on: ubuntu-latest
+ name: Publish to Docker
+ runs-on: [self-hosted, Linux, medium, ephemeral]
permissions:
id-token: write
contents: read
steps:
- - uses: haya14busa/action-cond@v1
+ - name: Harden Runner
+ uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+ with:
+ egress-policy: audit
+
+ - name: Conditional values for Github Action
+ uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
id: latestTag
with:
cond: ${{ github.event.release.target_commitish == 'main' }}
@@ -20,27 +30,27 @@ jobs:
if_false: "hotfix"
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: get-npm-version
-
id: package-version
- uses: martinbeentjes/npm-get-version-action@main
+ uses: martinbeentjes/npm-get-version-action@3cf273023a0dda27efcd3164bdfb51908dd46a5b # v1.3.1
with:
path: guardian-service
- name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v1
+ uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
- - id: 'auth'
- name: 'Authenticate to Google Cloud'
- uses: 'google-github-actions/auth@v0'
+ - name: Authenticate to Google Cloud
+ id: auth
+ uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
with:
workload_identity_provider: 'projects/101730247931/locations/global/workloadIdentityPools/hedera-registry-pool/providers/hedera-registry-gh-actions'
service_account: 'guardian-publisher@hedera-registry.iam.gserviceaccount.com'
token_format: 'access_token'
- - uses: 'docker/login-action@v1'
+ - name: Docker Login
+ uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
registry: 'gcr.io' # or REGION-docker.pkg.dev
username: 'oauth2accesstoken'
@@ -48,7 +58,7 @@ jobs:
- name: application-events-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./application-events/Dockerfile
@@ -57,7 +67,7 @@ jobs:
- name: application-events
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./application-events/Dockerfile
@@ -66,7 +76,7 @@ jobs:
- name: ai-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./ai-service/Dockerfile
@@ -75,7 +85,7 @@ jobs:
- name: ai-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./ai-service/Dockerfile
@@ -84,7 +94,7 @@ jobs:
- name: logger-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./logger-service/Dockerfile
@@ -93,7 +103,7 @@ jobs:
- name: logger-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./logger-service/Dockerfile
@@ -102,7 +112,7 @@ jobs:
- name: notification-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./notification-service/Dockerfile
@@ -111,7 +121,7 @@ jobs:
- name: notification-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./notification-service/Dockerfile
@@ -120,7 +130,7 @@ jobs:
- name: auth-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile
@@ -129,7 +139,7 @@ jobs:
- name: auth-service-demo-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile.demo
@@ -138,7 +148,7 @@ jobs:
- name: auth-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile
@@ -147,7 +157,7 @@ jobs:
- name: auth-service-demo
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./auth-service/Dockerfile.demo
@@ -156,7 +166,7 @@ jobs:
- name: api-gateway-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile
@@ -165,7 +175,7 @@ jobs:
- name: api-gateway-demo-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile.demo
@@ -174,7 +184,7 @@ jobs:
- name: api-gateway
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile
@@ -183,7 +193,7 @@ jobs:
- name: api-gateway-demo
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./api-gateway/Dockerfile.demo
@@ -192,7 +202,7 @@ jobs:
- name: policy-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./policy-service/Dockerfile
@@ -201,7 +211,7 @@ jobs:
- name: policy-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./policy-service/Dockerfile
@@ -210,7 +220,7 @@ jobs:
- name: guardian-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./guardian-service/Dockerfile
@@ -219,7 +229,7 @@ jobs:
- name: guardian-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./guardian-service/Dockerfile
@@ -228,7 +238,7 @@ jobs:
- name: worker-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./worker-service/Dockerfile
@@ -237,7 +247,7 @@ jobs:
- name: worker-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./worker-service/Dockerfile
@@ -246,7 +256,7 @@ jobs:
- name: topic-viewer-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./topic-viewer/Dockerfile
@@ -255,7 +265,7 @@ jobs:
- name: topic-viewer
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./topic-viewer/Dockerfile
@@ -264,7 +274,7 @@ jobs:
- name: mrv-sender-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./mrv-sender/Dockerfile
@@ -273,7 +283,7 @@ jobs:
- name: mrv-sender
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./mrv-sender/Dockerfile
@@ -282,7 +292,7 @@ jobs:
- name: analytics-service-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./analytics-service/Dockerfile
@@ -291,7 +301,7 @@ jobs:
- name: analytics-service
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./analytics-service/Dockerfile
@@ -300,7 +310,7 @@ jobs:
- name: web-proxy-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.ci
@@ -309,7 +319,7 @@ jobs:
- name: web-proxy
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.ci
@@ -318,7 +328,7 @@ jobs:
- name: web-proxy-demo-latest
if: ${{ steps.latestTag.outputs.value == 'latest'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.demo
@@ -327,7 +337,7 @@ jobs:
- name: web-proxy-demo
if: ${{ steps.latestTag.outputs.value == 'hotfix'}}
- uses: docker/build-push-action@v2
+ uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
with:
context: .
file: ./web-proxy/Dockerfile.demo