diff --git a/.github/workflows/lint_pr_title.yml b/.github/workflows/lint_pr_title.yml index 152d73f51..556b8fbad 100644 --- a/.github/workflows/lint_pr_title.yml +++ b/.github/workflows/lint_pr_title.yml @@ -1,5 +1,4 @@ name: "Lint PR title" - on: pull_request_target: types: @@ -14,7 +13,7 @@ jobs: name: Validate PR title runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@b6bca70dcd3e56e896605356ce09b76f7e1e0d39 # ratchet:amannn/action-semantic-pull-request@v5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pr-opened.yml b/.github/workflows/pr-opened.yml index 16f6d56d7..0d79afb33 100644 --- a/.github/workflows/pr-opened.yml +++ b/.github/workflows/pr-opened.yml @@ -1,6 +1,4 @@ ---- name: PR opened - on: pull_request_target: # GITHUB_TOKEN is readonly and the action will fail for Dependabot @@ -15,7 +13,7 @@ jobs: permissions: pull-requests: write steps: - - uses: actions/github-script@v6 + - uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # ratchet:actions/github-script@v6 with: script: | // adds a comment to the PR (there is the issue API only which works work PRs too) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9c287762f..7f81bbfcc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,26 +1,24 @@ name: Release - on: push: branches: - main - + jobs: release: runs-on: ubuntu-latest steps: - name: Get app installation token - uses: npalm/action-app-token@v1.1.0 + uses: npalm/action-app-token@dd4bb16d91ced5659bc618705c96b822c5a42136 # ratchet:npalm/action-app-token@v1.1.0 id: token with: appId: ${{ secrets.APP_ID }} appPrivateKeyBase64: ${{ secrets.APP_PRIVATE_KEY_BASE64 }} appInstallationType: repo appInstallationValue: ${{ github.repository }} - # bootstrap-sha and release-as needs to be removed after first release - name: Release - uses: google-github-actions/release-please-action@v3 + uses: google-github-actions/release-please-action@d3c71f9a0a55385580de793de58da057b3560862 # ratchet:google-github-actions/release-please-action@v3 with: release-type: terraform-module token: ${{ steps.token.outputs.token }} diff --git a/.github/workflows/slash_ops_commands.yml b/.github/workflows/slash_ops_commands.yml index 05d7b0a40..e23539f91 100644 --- a/.github/workflows/slash_ops_commands.yml +++ b/.github/workflows/slash_ops_commands.yml @@ -1,9 +1,7 @@ ---- name: Execute ChatOps command - on: repository_dispatch: - types: + types: - help-command jobs: @@ -16,9 +14,8 @@ jobs: run: | maintainer=$(cat CODEOWNERS | grep -oE "@[a-zA-Z0-9_-]+" | shuf -n 1) echo "maintainer=$maintainer" >> "$GITHUB_OUTPUT" - - name: Create comment - uses: actions/github-script@v6 + uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # ratchet:actions/github-script@v6 with: script: | // adds a comment to the PR (there is the issue API, which works work PRs too) diff --git a/.github/workflows/slash_ops_comment_dispatch.yml b/.github/workflows/slash_ops_comment_dispatch.yml index 9e9f686f7..9c692d857 100644 --- a/.github/workflows/slash_ops_comment_dispatch.yml +++ b/.github/workflows/slash_ops_comment_dispatch.yml @@ -1,6 +1,4 @@ ---- name: PR commented - on: issue_comment: types: @@ -11,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Slash Command Dispatch - uses: peter-evans/slash-command-dispatch@v3 + uses: peter-evans/slash-command-dispatch@a28ee6cd74d5200f99e247ebc7b365c03ae0ef3c # ratchet:peter-evans/slash-command-dispatch@v3 with: token: ${{ secrets.GITHUB_TOKEN }} issue-type: pull-request diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 47827c1a1..99cce6ef0 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,5 +1,4 @@ name: 'Close stale issues and PRs' - on: schedule: - cron: '25 2 * * *' @@ -8,7 +7,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@6f05e4244c9a0b2ed3401882b05d701dd0a7289b # ratchet:actions/stale@v7 with: stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.' stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.' diff --git a/.github/workflows/update_docs.yml b/.github/workflows/update_docs.yml index 3394ac9bd..68b6a8e7e 100644 --- a/.github/workflows/update_docs.yml +++ b/.github/workflows/update_docs.yml @@ -1,5 +1,4 @@ name: Update docs - on: push: branches: @@ -10,14 +9,12 @@ jobs: # update docs after merge back to develop name: Auto update terraform docs runs-on: ubuntu-latest - steps: - name: Checkout branch - uses: actions/checkout@v3 - + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3 - name: Generate TF docs - uses: terraform-docs/gh-actions@v1.0.0 + uses: terraform-docs/gh-actions@f6d59f89a280fa0a3febf55ef68f146784b20ba0 # ratchet:terraform-docs/gh-actions@v1.0.0 with: find-dir: . git-commit-message: "docs: auto update terraform docs" - git-push: true \ No newline at end of file + git-push: true