Skip to content

Commit

Permalink
CI: Pin versions
Browse files Browse the repository at this point in the history 
While floating tags are nice to use and fancy, we already had situations where the fixed source code did not result in the same deterministic build as the one built e.g. a week ago due to non-pinned versions that resulted in a different set of dependencies than originally.

Since GitHub actions follow similar pattern, we want to do our best to ensure that if CI in given fixed version passed on a fixed source, then it should also result in the same deterministic output. Of course this is impossible to achieve in 100% (e.g. resources no longer being available over the network), but this is something we can do.

It wasn't like that before renovate since we didn't have a standarized bot that could handle bumping those versions for us.
  • Loading branch information
@JustArchi
JustArchi committed Jun 30, 2021
1 parent 8982e1d commit 2f7478b
Show file tree
Hide file tree
Showing 8 changed files with 45 additions and 45 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

- name: Setup .NET Core
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v1.8.1
with:
dotnet-version: ${{ env.DOTNET_SDK_VERSION }}

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/docker-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,15 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v1.4.1

- name: Build Docker image from ${{ matrix.file }}
uses: docker/build-push-action@v2
uses: docker/build-push-action@v2.5.0
with:
context: .
file: ${{ matrix.file }}
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/docker-publish-latest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,22 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v1.4.1

- name: Login to ghcr.io
uses: docker/login-action@v1
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1.10.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand All @@ -45,7 +45,7 @@ jobs:
echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
- name: Build and publish Docker image from Dockerfile.Service
uses: docker/build-push-action@v2
uses: docker/build-push-action@v2.5.0
with:
context: .
file: Dockerfile.Service
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/docker-publish-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,22 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v1.4.1

- name: Login to ghcr.io
uses: docker/login-action@v1
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1.10.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand All @@ -45,7 +45,7 @@ jobs:
echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
- name: Build and publish Docker image from Dockerfile
uses: docker/build-push-action@v2
uses: docker/build-push-action@v2.5.0
with:
context: .
platforms: ${{ env.PLATFORMS }}
Expand All @@ -61,7 +61,7 @@ jobs:

- name: Update DockerHub repository description
continue-on-error: true
uses: peter-evans/dockerhub-description@v2
uses: peter-evans/dockerhub-description@v2.4.3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/docker-publish-released.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,22 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v1.4.1

- name: Login to ghcr.io
uses: docker/login-action@v1
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v1.10.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
Expand All @@ -46,7 +46,7 @@ jobs:
echo "DH_REPOSITORY=$(echo ${{ secrets.DOCKERHUB_USERNAME }}/${{ github.event.repository.name }} | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_ENV"
- name: Build and publish Docker image from Dockerfile
uses: docker/build-push-action@v2
uses: docker/build-push-action@v2.5.0
with:
context: .
platforms: ${{ env.PLATFORMS }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lock-threads.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Lock inactive threads
uses: dessant/lock-threads@v2
uses: dessant/lock-threads@v2.0.3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
issue-lock-inactive-days: 30
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,20 +24,20 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

- name: Setup .NET Core
uses: actions/setup-dotnet@v1
uses: actions/setup-dotnet@v1.8.1
with:
dotnet-version: ${{ env.DOTNET_SDK_VERSION }}

- name: Verify .NET Core
run: dotnet --info

- name: Setup Node.js with npm
uses: actions/setup-node@v2
uses: actions/setup-node@v2.2.0
with:
check-latest: true
node-version: ${{ env.NODE_JS_VERSION }}
Expand Down Expand Up @@ -227,58 +227,58 @@ jobs:
- name: Upload ASF-generic
continue-on-error: true
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-generic
path: out/ASF-generic.zip

- name: Upload ASF-generic-netf
continue-on-error: true
if: startsWith(matrix.os, 'windows-')
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-generic-netf
path: out/ASF-generic-netf.zip

- name: Upload ASF-linux-arm
continue-on-error: true
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-linux-arm
path: out/ASF-linux-arm.zip

- name: Upload ASF-linux-arm64
continue-on-error: true
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-linux-arm64
path: out/ASF-linux-arm64.zip

- name: Upload ASF-linux-x64
continue-on-error: true
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-linux-x64
path: out/ASF-linux-x64.zip

- name: Upload ASF-osx-x64
continue-on-error: true
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-osx-x64
path: out/ASF-osx-x64.zip

- name: Upload ASF-win-x64
continue-on-error: true
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v2.2.4
with:
name: ${{ matrix.os }}_ASF-win-x64
path: out/ASF-win-x64.zip

- name: Create ArchiSteamFarm GitHub release
id: github_release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/create-release@v1
uses: actions/create-release@v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -289,7 +289,7 @@ jobs:

- name: Upload ASF-generic to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -300,7 +300,7 @@ jobs:

- name: Upload ASF-generic-netf to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -311,7 +311,7 @@ jobs:

- name: Upload ASF-linux-arm to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -322,7 +322,7 @@ jobs:

- name: Upload ASF-linux-arm64 to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -333,7 +333,7 @@ jobs:

- name: Upload ASF-linux-x64 to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -344,7 +344,7 @@ jobs:

- name: Upload ASF-osx-x64 to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -355,7 +355,7 @@ jobs:

- name: Upload ASF-win-x64 to GitHub release
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') && startsWith(matrix.os, 'windows-') }}
uses: actions/upload-release-asset@v1
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/translations.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:

steps:
- name: Checkout code
uses: actions/checkout@v2
uses: actions/checkout@v2.3.4
with:
submodules: recursive

Expand All @@ -37,7 +37,7 @@ jobs:
token: ${{ secrets.ASF_CROWDIN_API_TOKEN }}

- name: Import GPG key for wiki
uses: crazy-max/ghaction-import-gpg@v3
uses: crazy-max/ghaction-import-gpg@v3.1.0
with:
gpg-private-key: ${{ secrets.ARCHIBOT_GPG_PRIVATE_KEY }}
git-user-signingkey: true
Expand All @@ -58,15 +58,15 @@ jobs:
fi
- name: Push changes to wiki
uses: ad-m/github-push-action@master
uses: ad-m/github-push-action@v0.6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: master
directory: wiki
repository: ${{ github.repository }}.wiki

- name: Import GPG key for ASF
uses: crazy-max/ghaction-import-gpg@v3
uses: crazy-max/ghaction-import-gpg@v3.1.0
with:
gpg-private-key: ${{ secrets.ARCHIBOT_GPG_PRIVATE_KEY }}
git-user-signingkey: true
Expand All @@ -84,7 +84,7 @@ jobs:
fi
- name: Push changes to ASF
uses: ad-m/github-push-action@master
uses: ad-m/github-push-action@v0.6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

0 comments on commit 2f7478b

Please sign in to comment.