diff --git a/.github/workflows/conftest-unittests.yaml b/.github/workflows/conftest-unittests.yaml index bbc6a519..fea6c0be 100644 --- a/.github/workflows/conftest-unittests.yaml +++ b/.github/workflows/conftest-unittests.yaml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Conftest - uses: redhat-cop/github-actions/confbatstest@v4 + uses: redhat-cop/github-actions/confbatstest@11f2ce27643eb7c76ac3623cb99d9b08be30d762 # v4 with: tests: _test/conftest-unittests.sh policies: '[]' # An empty array is provided as the policies are already cloned via source. diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 74f2fcd7..b438783b 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Generate konstraint docs - uses: redhat-cop/github-actions/confbatstest@v4 + uses: redhat-cop/github-actions/confbatstest@11f2ce27643eb7c76ac3623cb99d9b08be30d762 # v4 with: raw: konstraint doc -o POLICIES.md @@ -28,4 +28,4 @@ jobs: exit 1 - name: Link checker - uses: gaurav-nelson/github-action-markdown-link-check@1.0.13 \ No newline at end of file + uses: gaurav-nelson/github-action-markdown-link-check@9710f0fec812ce0a3b98bef4c9d842fc1f39d976 # 1.0.13 \ No newline at end of file diff --git a/.github/workflows/gatekeeper-k8s-integrationtests.yaml b/.github/workflows/gatekeeper-k8s-integrationtests.yaml index cca0db82..f11ecc2a 100644 --- a/.github/workflows/gatekeeper-k8s-integrationtests.yaml +++ b/.github/workflows/gatekeeper-k8s-integrationtests.yaml @@ -7,15 +7,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Validate integration test data via kubeval - uses: redhat-cop/github-actions/confbatstest@v4 + uses: redhat-cop/github-actions/confbatstest@11f2ce27643eb7c76ac3623cb99d9b08be30d762 # v4 with: raw: find policy/* -regex '.*test_data\/integration\/.*$' -exec kubeval --openshift --strict --skip-kinds ServiceMonitor {} \; - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.8.0 + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 - name: Test against KinD run: | diff --git a/.github/workflows/opa-profile.yaml b/.github/workflows/opa-profile.yaml index d58a0ed6..4ba082e3 100644 --- a/.github/workflows/opa-profile.yaml +++ b/.github/workflows/opa-profile.yaml @@ -7,16 +7,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Opa eval --profile - uses: redhat-cop/github-actions/confbatstest@v4 + uses: redhat-cop/github-actions/confbatstest@11f2ce27643eb7c76ac3623cb99d9b08be30d762 # v4 with: tests: _test/opa-profile.sh policies: '[]' # An empty array is provided as the policies are already cloned via source. - name: Upload opa-profile.log - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: profile-results path: opa-profile.log diff --git a/.github/workflows/regal-lint.yaml b/.github/workflows/regal-lint.yaml index c11468b9..956275bf 100644 --- a/.github/workflows/regal-lint.yaml +++ b/.github/workflows/regal-lint.yaml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Regal - uses: StyraInc/setup-regal@v0.2.0 + uses: StyraInc/setup-regal@94ad2891f53efdb7ebe7c6836bc25ecc9504aec1 # v0.2.0 with: version: v0.10.1