diff --git a/.github/workflows/gating.yaml b/.github/workflows/gating.yaml index 160a27f..70f4138 100644 --- a/.github/workflows/gating.yaml +++ b/.github/workflows/gating.yaml @@ -13,15 +13,15 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: "3.12" - name: Install system dependencies - uses: nick-invision/retry@v2 + uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2 with: timeout_minutes: 10 retry_wait_seconds: 30 @@ -75,10 +75,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: "3.12" @@ -99,9 +99,9 @@ jobs: - Dockerfile steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: hadolint/hadolint-action@v3.1.0 + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 with: dockerfile: ${{ matrix.dockerfile }} # Ignore list: @@ -119,15 +119,15 @@ jobs: GH_REGISTRY: ghcr.io/${{ github.actor }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4 with: python-version: "3.12" - name: Install system dependencies - uses: nick-invision/retry@v2 + uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2 with: timeout_minutes: 10 retry_wait_seconds: 30 @@ -155,7 +155,7 @@ jobs: - name: Build Image id: build-image - uses: redhat-actions/buildah-build@v2 + uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 with: image: ${{ env.IMAGE_NAME }} tags: >- @@ -169,7 +169,7 @@ jobs: - name: Log in to the image registry if: github.event_name == 'push' && github.actor != 'dependabot[bot]' - uses: redhat-actions/podman-login@v1 + uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1 with: registry: ${{ secrets.REGISTRY_USER && env.REGISTRY || env.GH_REGISTRY }} username: ${{ secrets.REGISTRY_USER || github.actor }} @@ -177,7 +177,7 @@ jobs: - name: Push Image if: github.event_name == 'push' && github.actor != 'dependabot[bot]' - uses: redhat-actions/push-to-registry@v2 + uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 with: image: ${{ steps.build-image.outputs.image }} tags: ${{ steps.build-image.outputs.tags }} @@ -196,7 +196,7 @@ jobs: .github/run-functional-tests.sh "${{ steps.build-image.outputs.image }}:${{ github.sha }}" - name: Upload pytest logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4 if: failure() with: name: pytest-logs diff --git a/docker-compose.yml b/docker-compose.yml index a523866..a4f258a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,7 +30,7 @@ services: retries: 30 waiverdb-db: - image: postgres:14.7-alpine + image: postgres:14.7-alpine@sha256:07985c5c5e01ee550b30c67a2cf806f8b08b32f74e3f24c4cbef31305ef5776d restart: always env_file: ["docker/waiverdb-db.env"] healthcheck: @@ -38,7 +38,7 @@ services: test: "pg_isready -U postgres" keycloak: - image: quay.io/keycloak/keycloak:24.0.2 + image: quay.io/keycloak/keycloak:24.0.2@sha256:b8a3f00fc433f2999bc304b73df331e2005037e8f5673f644f9c0eacd5fbe048 ports: - 127.0.0.1:5004:5004 - 127.0.0.1:8080:8080