diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8f943ac..9a4bb1a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -28,9 +28,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Checkout Scripts Repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: ci-scripts repository: jaxxstorm/scripts @@ -38,30 +38,30 @@ jobs: - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 + uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2 + uses: pulumi/action-install-pulumi-cli@b374ceb6168550de27c6eba92e01c1a774040e11 # v2 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin @@ -81,7 +81,7 @@ jobs: run: tar -zcf sdk/${{ matrix.language }}.tar.gz -C sdk/${{ matrix.language }} . - name: Upload artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ matrix.language }}.tar.gz @@ -99,9 +99,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Checkout Scripts Repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: ci-scripts repository: jaxxstorm/scripts @@ -109,18 +109,18 @@ jobs: - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 + uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2 + uses: pulumi/action-install-pulumi-cli@b374ceb6168550de27c6eba92e01c1a774040e11 # v2 - if: github.event_name == 'pull_request' name: Install Schema Tools - uses: jaxxstorm/action-install-gh-release@v1.12.0 + uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0 with: repo: mikhailshilkov/schema-tools - name: Build tfgen & provider binaries @@ -145,7 +145,7 @@ jobs: }}/bin/ pulumi-resource-${{ env.PROVIDER }} pulumi-tfgen-${{ env.PROVIDER }} - name: Upload artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 with: name: ${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz @@ -158,9 +158,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - name: Checkout Scripts Repo - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: path: ci-scripts repository: jaxxstorm/scripts @@ -168,30 +168,30 @@ jobs: - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 + uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2 + uses: pulumi/action-install-pulumi-cli@b374ceb6168550de27c6eba92e01c1a774040e11 # v2 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 with: node-version: ${{ env.NODEVERSION }} registry-url: https://registry.npmjs.org - name: Setup DotNet - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5 with: python-version: ${{ env.PYTHONVERSION }} - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ env.PROVIDER }}-provider.tar.gz path: ${{ github.workspace }}/bin @@ -201,7 +201,7 @@ jobs: find ${{ github.workspace }} -name "pulumi-*-${{ env.PROVIDER }}" -print -exec chmod +x {} \; - run: dotnet nuget add source ${{ github.workspace }}/nuget - name: Download SDK - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: ${{ matrix.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 06c8909..33f80ad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -37,28 +37,28 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go - uses: actions/setup-go@v5.0.2 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 + uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0 with: repo: pulumi/pulumictl - name: Set PreRelease Version run: echo "GORELEASER_CURRENT_TAG=v$(pulumictl get version --language generic)" >> $GITHUB_ENV - - uses: sigstore/cosign-installer@v3.5.0 - - uses: anchore/sbom-action/download-syft@v0.16.0 + - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v5.1.0 + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 with: args: -p 3 release --clean version: latest - name: Create tag - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | github.rest.git.createRef({ @@ -76,30 +76,30 @@ jobs: needs: publish_binary steps: - name: Checkout Repo - uses: actions/checkout@v4.1.7 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Unshallow clone for tags run: git fetch --prune --unshallow --tags - name: Install Go - uses: actions/setup-go@v5.0.2 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ env.GOVERSION }} - name: Install pulumictl - uses: jaxxstorm/action-install-gh-release@v1.12.0 + uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0 with: repo: pulumi/pulumictl - name: Install Pulumi CLI - uses: pulumi/action-install-pulumi-cli@v2.0.0 + uses: pulumi/action-install-pulumi-cli@b374ceb6168550de27c6eba92e01c1a774040e11 # v2.0.0 - name: Setup Node - uses: actions/setup-node@v4.0.2 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: ${{ env.NODEVERSION }} registry-url: ${{env.NPM_REGISTRY_URL}} - name: Setup DotNet - uses: actions/setup-dotnet@v4.0.1 + uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1 with: dotnet-version: ${{ env.DOTNETVERSION }} - name: Setup Python - uses: actions/setup-python@v5.1.1 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: ${{ env.PYTHONVERSION }} - name: Build SDK @@ -115,13 +115,13 @@ jobs: fi - if: ${{ matrix.language == 'python' && env.PUBLISH_PYPI == 'true' }} name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@v1.9.0 + uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 with: user: ${{ env.PYPI_USERNAME }} password: ${{ env.PYPI_PASSWORD }} packages_dir: ${{github.workspace}}/sdk/python/bin/dist - if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }} - uses: JS-DevTools/npm-publish@v3.1.1 + uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c # v3.1.1 with: access: "public" token: ${{ env.NPM_TOKEN }} diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index c2a2f88..050a8a1 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -16,7 +16,7 @@ jobs: issues: write steps: - name: Call upgrade provider action - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@f399a75a5350242c291cc720eece1c72cb6ea712 # v0.0.12 with: kind: bridge email: ringo@de-smet.name