diff --git a/.github/workflows/backend-tests.yml b/.github/workflows/backend-tests.yml index 1f41fdd237..8235f50d28 100644 --- a/.github/workflows/backend-tests.yml +++ b/.github/workflows/backend-tests.yml @@ -17,7 +17,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env @@ -38,7 +38,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env @@ -59,7 +59,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env diff --git a/.github/workflows/check-desktop-visual-regression.yml b/.github/workflows/check-desktop-visual-regression.yml index f86cfc14fd..3b8599420c 100644 --- a/.github/workflows/check-desktop-visual-regression.yml +++ b/.github/workflows/check-desktop-visual-regression.yml @@ -17,7 +17,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 # Required to retrieve git history @@ -27,7 +27,7 @@ jobs: bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/common,@quiet/types,@quiet/state-manager,@quiet/backend,@quiet/identity,@quiet/desktop,backend-bundle" - name: "Publish to Chromatic" - uses: chromaui/action@v1 + uses: chromaui/action@355e2a05a179e9e89c2b237dcd55adbeb89e577e # v1 with: workingDir: ./packages/desktop token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 7a05a53f69..db87a13727 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -16,7 +16,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Remove test files workaround (jest types conflicting with cypress types)" if: ${{ runner.os == 'Windows' }} diff --git a/.github/workflows/desktop-build.yml b/.github/workflows/desktop-build.yml index c3458f0b18..7781362d15 100644 --- a/.github/workflows/desktop-build.yml +++ b/.github/workflows/desktop-build.yml @@ -34,7 +34,7 @@ jobs: CHECKSUM_PATH: ${{ github.event.action == 'released' && 'packages/desktop/dist/latest-linux.yml' || 'packages/desktop/dist/alpha-linux.yml' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup environment uses: ./.github/actions/setup-env @@ -64,7 +64,7 @@ jobs: run: lerna run postBuild --scope @quiet/desktop - name: "Push electron-updater new checksum to S3" - uses: TryQuiet/upload-s3-action@master + uses: TryQuiet/upload-s3-action@c1c7c2268c91fbbc1293455e7b4bb2292267d2bd # master with: aws_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -74,18 +74,18 @@ jobs: - name: Get release id: get_release - uses: bruceadams/get-release@v1.3.2 + uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f # v1.3.2 env: GITHUB_TOKEN: ${{ github.token }} - name: Get release version id: package-version - uses: martinbeentjes/npm-get-version-action@main + uses: martinbeentjes/npm-get-version-action@3cf273023a0dda27efcd3164bdfb51908dd46a5b # main with: path: packages/desktop - name: Upload Release Assets - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ github.token }} with: @@ -105,13 +105,13 @@ jobs: S3_BUCKET: ${{ github.event.action == 'released' && 'quiet.2.x' || 'test.quiet' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions-rs/components-nightly@v1 + - uses: actions-rs/components-nightly@254194ebf6ba07d2bb7cec8be76cee368d44fb90 # v1.1.1 with: component: clippy - - uses: actions-rs/toolchain@v1 + - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 with: toolchain: nightly-2020-08-28 components: clippy @@ -148,18 +148,18 @@ jobs: - name: Get release id: get_release - uses: bruceadams/get-release@v1.3.2 + uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f # v1.3.2 env: GITHUB_TOKEN: ${{ github.token }} - name: Extract version id: extract_version - uses: Saionaro/extract-package-version@v1.2.1 + uses: Saionaro/extract-package-version@fdb5b74adc1278ddb777dfed4c988b9d098bb48d # v1.2.1 with: path: packages/desktop - name: Upload Release Assets - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ github.token }} with: @@ -179,7 +179,7 @@ jobs: S3_BUCKET: ${{ github.event.action == 'released' && 'quiet.2.x' || 'test.quiet' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Fetch jsign" shell: bash @@ -187,7 +187,7 @@ jobs: - name: "Add Windows certificate" id: write_file - uses: TryQuiet/base64-to-file@main + uses: TryQuiet/base64-to-file@64eeb40ad3514f57de3a7dee92aee10fd42452c1 # main with: fileName: 'win-certificate.pfx' encodedString: ${{ secrets.WIN_CSC_LINK }} @@ -224,19 +224,19 @@ jobs: - name: Get release id: get_release - uses: bruceadams/get-release@v1.3.2 + uses: bruceadams/get-release@74c3d60f5a28f358ccf241a00c9021ea16f0569f # v1.3.2 env: GITHUB_TOKEN: ${{ github.token }} - name: Extract version id: extract_version - uses: Saionaro/extract-package-version@v1.2.1 + uses: Saionaro/extract-package-version@fdb5b74adc1278ddb777dfed4c988b9d098bb48d # v1.2.1 with: path: packages/desktop - name: Upload Release Assets - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ github.token }} with: diff --git a/.github/workflows/desktop-test-scroll.yml b/.github/workflows/desktop-test-scroll.yml index bb9a6c6a7c..0ee999eb78 100644 --- a/.github/workflows/desktop-test-scroll.yml +++ b/.github/workflows/desktop-test-scroll.yml @@ -18,7 +18,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup environment uses: ./.github/actions/setup-env @@ -31,14 +31,14 @@ jobs: - name: "Remove test files workaround" run: find packages/desktop/src -name '*.test.*' -delete && find packages/backend/src -name '*.test.*' -delete - - uses: cypress-io/github-action@v6 + - uses: cypress-io/github-action@1b70233146622b69e789ccdd4f9452adc638d25a # v6.6.1 with: install: false command: npm run regression-test:ci working-directory: packages/desktop - name: Archive test screenshots - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 if: always() with: name: test-screenshots-linux diff --git a/.github/workflows/desktop-tests.yml b/.github/workflows/desktop-tests.yml index bba3708c19..38fbf3592f 100644 --- a/.github/workflows/desktop-tests.yml +++ b/.github/workflows/desktop-tests.yml @@ -18,7 +18,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env diff --git a/.github/workflows/e2e-linux.yml b/.github/workflows/e2e-linux.yml index 7013956221..746ddb1795 100644 --- a/.github/workflows/e2e-linux.yml +++ b/.github/workflows/e2e-linux.yml @@ -18,7 +18,7 @@ jobs: TEST_MODE: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install WM run: sudo apt install fluxbox @@ -47,14 +47,14 @@ jobs: run: chmod +x $FILE_NAME - name: Run one client test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 15 max_attempts: 3 command: cd packages/e2e-tests && npm run test oneClient.test.ts - name: Run multiple clients test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 25 max_attempts: 3 @@ -68,14 +68,14 @@ jobs: command: cd packages/e2e-tests && npm run test userProfile.test.ts - name: Run invitation link test - Includes 2 separate application clients - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 25 max_attempts: 1 command: cd packages/e2e-tests && npm run test invitationLink.test.ts - name: Run Backwards Compatibility test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 15 max_attempts: 3 diff --git a/.github/workflows/e2e-mac.yml b/.github/workflows/e2e-mac.yml index 2df3debe96..97dcbdfe00 100644 --- a/.github/workflows/e2e-mac.yml +++ b/.github/workflows/e2e-mac.yml @@ -11,7 +11,7 @@ jobs: IS_E2E: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env @@ -42,34 +42,34 @@ jobs: - name: Mount installer file in volume on system working-directory: ./packages/desktop/dist - run: hdiutil mount $FILE_NAME + run: hdiutil mount $FILE_NAME - name: Add App file to applications run: cd ~ && cp -R "/Volumes/Quiet $VERSION/Quiet.app" /Applications - name: Run invitation link test - Includes 2 separate application clients - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 25 max_attempts: 3 command: cd packages/e2e-tests && npm run test invitationLink.test.ts - name: Run one client test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 15 max_attempts: 3 command: cd packages/e2e-tests && npm run test oneClient.test.ts - name: Run multiple clients test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 25 max_attempts: 3 command: cd packages/e2e-tests && npm run test multipleClients.test.ts - name: Run user profile test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 25 max_attempts: 3 diff --git a/.github/workflows/e2e-win.yml b/.github/workflows/e2e-win.yml index 4ca8bd6c77..98ec12837e 100644 --- a/.github/workflows/e2e-win.yml +++ b/.github/workflows/e2e-win.yml @@ -13,7 +13,7 @@ jobs: E2E: true steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env @@ -41,7 +41,7 @@ jobs: - name: Extract version id: extract_version - uses: Saionaro/extract-package-version@v1.2.1 + uses: Saionaro/extract-package-version@fdb5b74adc1278ddb777dfed4c988b9d098bb48d # v1.2.1 with: path: packages/desktop @@ -56,7 +56,7 @@ jobs: shell: bash - name: "Upload built app" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: quiet-windows path: ./packages/desktop/dist/Quiet Setup ${{ steps.extract_version.outputs.version }}.exe @@ -85,7 +85,7 @@ jobs: shell: powershell - name: Run one client test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 15 max_attempts: 3 @@ -93,7 +93,7 @@ jobs: command: cd packages/e2e-tests && npm run test oneClient.test.ts - name: Run multiple clients test - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 30 max_attempts: 3 @@ -109,7 +109,7 @@ jobs: command: cd packages/e2e-tests && npm run test userProfile.test.ts - name: Run invitation link test - Includes 2 separate application clients - uses: nick-fields/retry@v2 + uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 with: timeout_minutes: 25 max_attempts: 3 diff --git a/.github/workflows/identity-tests.yml b/.github/workflows/identity-tests.yml index 033308b099..ea66be2b38 100644 --- a/.github/workflows/identity-tests.yml +++ b/.github/workflows/identity-tests.yml @@ -18,7 +18,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 18680ddb4f..6d01483059 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -20,7 +20,7 @@ jobs: - name: 'Print OS' run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env diff --git a/.github/workflows/mobile-build-apk.yml b/.github/workflows/mobile-build-apk.yml index ae3b6f6858..23bbf6d2e1 100644 --- a/.github/workflows/mobile-build-apk.yml +++ b/.github/workflows/mobile-build-apk.yml @@ -20,16 +20,16 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Set up JDK" - uses: actions/setup-java@v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0 with: distribution: 'temurin' java-version: 17 - name: "Set up NDK" - uses: nttld/setup-ndk@v1 + uses: nttld/setup-ndk@8c3b609ff4d54576ea420551943fd34b4d03b0dc # v1.2.0 id: setup-ndk with: ndk-version: r25b @@ -66,7 +66,7 @@ jobs: - name: "Upload .apk to artifacts" continue-on-error: true - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: app-standard-release.apk path: ./packages/mobile/android/app/build/outputs/apk/standard/release/app-standard-release.apk @@ -78,7 +78,7 @@ jobs: GITHUB_TOKEN: ${{ github.token }} - name: "Upload release assets" - uses: actions/upload-release-asset@v1.0.2 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ github.token }} with: diff --git a/.github/workflows/mobile-deploy-android.yml b/.github/workflows/mobile-deploy-android.yml index 0ab33e376f..1f7353dcf2 100644 --- a/.github/workflows/mobile-deploy-android.yml +++ b/.github/workflows/mobile-deploy-android.yml @@ -70,7 +70,7 @@ jobs: - name: "Upload .abb to artifacts" continue-on-error: true - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: app-standard-release.aab path: ./packages/mobile/android/app/build/outputs/bundle/standardRelease/app-standard-release.aab @@ -87,7 +87,7 @@ jobs: - name: "Upload .apks to artifacts" continue-on-error: true - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: app-standard-release.apks path: ./packages/mobile/android/app/build/outputs/bundle/standardRelease/app-standard-release.apks diff --git a/.github/workflows/mobile-deploy-ios.yml b/.github/workflows/mobile-deploy-ios.yml index e5c85d39f4..6560298c51 100644 --- a/.github/workflows/mobile-deploy-ios.yml +++ b/.github/workflows/mobile-deploy-ios.yml @@ -20,7 +20,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: lfs: true @@ -28,7 +28,7 @@ jobs: run: brew install gnupg - name: Setup XCode - uses: maxim-lobanov/setup-xcode@v1 + uses: maxim-lobanov/setup-xcode@9a697e2b393340c3cacd97468baa318e4c883d98 # v1.5.1 with: xcode-version: '14.2' @@ -71,7 +71,7 @@ jobs: -exportPath build/ - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: Quiet.ipa path: ./packages/mobile/ios/build/Quiet.ipa diff --git a/.github/workflows/mobile-tests.yml b/.github/workflows/mobile-tests.yml index 46f8ba291c..8e70c92bfd 100644 --- a/.github/workflows/mobile-tests.yml +++ b/.github/workflows/mobile-tests.yml @@ -18,7 +18,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Setup environment uses: ./.github/actions/setup-env diff --git a/.github/workflows/state-manager-tests.yml b/.github/workflows/state-manager-tests.yml index 2ecad2b0b1..cd68e78a5b 100644 --- a/.github/workflows/state-manager-tests.yml +++ b/.github/workflows/state-manager-tests.yml @@ -18,7 +18,7 @@ jobs: - name: "Print OS" run: echo ${{ matrix.os }} - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Setup environment" uses: ./.github/actions/setup-env diff --git a/3rd-party/tor/Dockerfile b/3rd-party/tor/Dockerfile index 66ddb55a66..fef72af72a 100644 --- a/3rd-party/tor/Dockerfile +++ b/3rd-party/tor/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.10 +FROM alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98 LABEL maintainer="Peter Dave Hello " LABEL name="tor-socks" diff --git a/packages/backend/Dockerfile b/packages/backend/Dockerfile index 27c7020118..4e295d581b 100644 --- a/packages/backend/Dockerfile +++ b/packages/backend/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18.12.1 +FROM node:18.12.1@sha256:e9ad817b0d42b4d177a4bef8a0aff97c352468a008c3fdb2b4a82533425480df ARG zipbundle ENV PEERS_NUMBER 20 ENV TOR_TEST_MODE regular diff --git a/packages/e2e-tests/docker/Dockerfile b/packages/e2e-tests/docker/Dockerfile index 8129fcf3f1..14f1a28a8c 100644 --- a/packages/e2e-tests/docker/Dockerfile +++ b/packages/e2e-tests/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16 +FROM node:16@sha256:818b5adc1ee4a04e8ad5efeb70871571efe414315ad7f16844f24f9962ffdc7e ARG ELECTRON_CUSTOM_VERSION 23.0.0 ARG ELECTRON_CHROMEDRIVER_VERSION 22.0.0 diff --git a/packages/integration-tests/Dockerfile b/packages/integration-tests/Dockerfile index 4560332f2b..ca2b44ef8a 100644 --- a/packages/integration-tests/Dockerfile +++ b/packages/integration-tests/Dockerfile @@ -1,4 +1,4 @@ -FROM node:16.14.2 +FROM node:16.14.2@sha256:6e54786b2ad01667d46524e82806298714f50d2be72b39706770aed55faedbd7 ARG zipbundle RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" diff --git a/packages/mobile/android-environment/Dockerfile b/packages/mobile/android-environment/Dockerfile index fc705ee813..55323584e2 100644 --- a/packages/mobile/android-environment/Dockerfile +++ b/packages/mobile/android-environment/Dockerfile @@ -1,4 +1,4 @@ -FROM node:14-buster +FROM node:14-buster@sha256:a158d3b9b4e3fa813fa6c8c590b8f0a860e015ad4e59bbce5744d2f6fd8461aa RUN apt-get update && apt-get install -y android-sdk openjdk-11-jdk wget zip