CI: Pin versions

While floating tags are nice to use and fancy, we already had situations where the fixed source code did not result in the same deterministic build as the one built e.g. a week ago due to non-pinned versions that resulted in a different set of dependencies than originally. Since GitHub actions follow similar pattern, we want to do our best to ensure that if CI in given fixed version passed on a fixed source, then it should also result in the same deterministic output. Of course this is impossible to achieve in 100% (e.g. resources no longer being available over the network), but this is something we can do. It wasn't like that before renovate since we didn't have a standarized bot that could handle bumping those versions for us.
2026-01-01 14:10:53 +00:00 · 2021-06-30 16:19:41 +02:00
parent 8982e1dcd8
commit 2f7478b968
8 changed files with 45 additions and 45 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,12 +19,12 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

    - name: Setup .NET Core
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v1.8.1
      with:
        dotnet-version: ${{ env.DOTNET_SDK_VERSION }}

--- a/.github/workflows/docker-ci.yml
+++ b/.github/workflows/docker-ci.yml
@@ -16,15 +16,15 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v1.4.1

    - name: Build Docker image from ${{ matrix.file }}
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v2.5.0
      with:
        context: .
        file: ${{ matrix.file }}
--- a/.github/workflows/docker-publish-latest.yml
+++ b/.github/workflows/docker-publish-latest.yml
@@ -14,22 +14,22 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v1.4.1

    - name: Login to ghcr.io
-      uses: docker/login-action@v1
+      uses: docker/login-action@v1.10.0
      with:
        registry: ghcr.io
        username: ${{ github.repository_owner }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Login to DockerHub
-      uses: docker/login-action@v1 
+      uses: docker/login-action@v1.10.0 
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
        echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"

    - name: Build and publish Docker image from Dockerfile.Service
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v2.5.0
      with:
        context: .
        file: Dockerfile.Service
--- a/.github/workflows/docker-publish-main.yml
+++ b/.github/workflows/docker-publish-main.yml
@@ -15,22 +15,22 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v1.4.1

    - name: Login to ghcr.io
-      uses: docker/login-action@v1
+      uses: docker/login-action@v1.10.0
      with:
        registry: ghcr.io
        username: ${{ github.repository_owner }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Login to DockerHub
-      uses: docker/login-action@v1 
+      uses: docker/login-action@v1.10.0 
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
        echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"

    - name: Build and publish Docker image from Dockerfile
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v2.5.0
      with:
        context: .
        platforms: ${{ env.PLATFORMS }}
@@ -61,7 +61,7 @@ jobs:

    - name: Update DockerHub repository description
      continue-on-error: true
-      uses: peter-evans/dockerhub-description@v2
+      uses: peter-evans/dockerhub-description@v2.4.3
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_PASSWORD }}
--- a/.github/workflows/docker-publish-released.yml
+++ b/.github/workflows/docker-publish-released.yml
@@ -15,22 +15,22 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v1.4.1

    - name: Login to ghcr.io
-      uses: docker/login-action@v1
+      uses: docker/login-action@v1.10.0
      with:
        registry: ghcr.io
        username: ${{ github.repository_owner }}
        password: ${{ secrets.GITHUB_TOKEN }}

    - name: Login to DockerHub
-      uses: docker/login-action@v1 
+      uses: docker/login-action@v1.10.0 
      with:
        username: ${{ secrets.DOCKERHUB_USERNAME }}
        password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -46,7 +46,7 @@ jobs:
        echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"

    - name: Build and publish Docker image from Dockerfile
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v2.5.0
      with:
        context: .
        platforms: ${{ env.PLATFORMS }}
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Lock inactive threads
-        uses: dessant/lock-threads@v2
+        uses: dessant/lock-threads@v2.0.3
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          issue-lock-inactive-days: 30
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -24,12 +24,12 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

    - name: Setup .NET Core
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v1.8.1
      with:
        dotnet-version: ${{ env.DOTNET_SDK_VERSION }}

@@ -37,7 +37,7 @@ jobs:
      run: dotnet --info

    - name: Setup Node.js with npm
-      uses: actions/setup-node@v2
+      uses: actions/setup-node@v2.2.0
      with:
        check-latest: true
        node-version: ${{ env.NODE_JS_VERSION }}
@@ -227,7 +227,7 @@ jobs:

    - name: Upload ASF-generic
      continue-on-error: true
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-generic
        path: out/ASF-generic.zip
@@ -235,42 +235,42 @@ jobs:
    - name: Upload ASF-generic-netf
      continue-on-error: true
      if: startsWith(matrix.os, 'windows-')
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-generic-netf
        path: out/ASF-generic-netf.zip

    - name: Upload ASF-linux-arm
      continue-on-error: true
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-linux-arm
        path: out/ASF-linux-arm.zip

    - name: Upload ASF-linux-arm64
      continue-on-error: true
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-linux-arm64
        path: out/ASF-linux-arm64.zip

    - name: Upload ASF-linux-x64
      continue-on-error: true
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-linux-x64
        path: out/ASF-linux-x64.zip

    - name: Upload ASF-osx-x64
      continue-on-error: true
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-osx-x64
        path: out/ASF-osx-x64.zip

    - name: Upload ASF-win-x64
      continue-on-error: true
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v2.2.4
      with:
        name: ${{ matrix.os }}_ASF-win-x64
        path: out/ASF-win-x64.zip
@@ -278,7 +278,7 @@ jobs:
    - name: Create ArchiSteamFarm GitHub release
      id: github_release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/create-release@v1
+      uses: actions/create-release@v1.1.4
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -289,7 +289,7 @@ jobs:

    - name: Upload ASF-generic to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -300,7 +300,7 @@ jobs:

    - name: Upload ASF-generic-netf to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -311,7 +311,7 @@ jobs:

    - name: Upload ASF-linux-arm to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -322,7 +322,7 @@ jobs:

    - name: Upload ASF-linux-arm64 to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -333,7 +333,7 @@ jobs:

    - name: Upload ASF-linux-x64 to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -344,7 +344,7 @@ jobs:

    - name: Upload ASF-osx-x64 to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
@@ -355,7 +355,7 @@ jobs:

    - name: Upload ASF-win-x64 to GitHub release
      if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
-      uses: actions/upload-release-asset@v1
+      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
--- a/.github/workflows/translations.yml
+++ b/.github/workflows/translations.yml
@@ -10,7 +10,7 @@ jobs:

    steps:
    - name: Checkout code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v2.3.4
      with:
        submodules: recursive

@@ -37,7 +37,7 @@ jobs:
        token: ${{ secrets.ASF_CROWDIN_API_TOKEN }}

    - name: Import GPG key for wiki
-      uses: crazy-max/ghaction-import-gpg@v3
+      uses: crazy-max/ghaction-import-gpg@v3.1.0
      with:
        gpg-private-key: ${{ secrets.ARCHIBOT_GPG_PRIVATE_KEY }}
        git-user-signingkey: true
@@ -58,7 +58,7 @@ jobs:
        fi

    - name: Push changes to wiki
-      uses: ad-m/github-push-action@master
+      uses: ad-m/github-push-action@v0.6.0
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        branch: master
@@ -66,7 +66,7 @@ jobs:
        repository: ${{ github.repository }}.wiki

    - name: Import GPG key for ASF
-      uses: crazy-max/ghaction-import-gpg@v3
+      uses: crazy-max/ghaction-import-gpg@v3.1.0
      with:
        gpg-private-key: ${{ secrets.ARCHIBOT_GPG_PRIVATE_KEY }}
        git-user-signingkey: true
@@ -84,7 +84,7 @@ jobs:
        fi

    - name: Push changes to ASF
-      uses: ad-m/github-push-action@master
+      uses: ad-m/github-push-action@v0.6.0
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        branch: ${{ github.ref }}