Pin dependencies

Bump actions
rsksmart · Oct 23, 2024 · 7564682 · 7564682
1 parent dd61982
commit 7564682
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 39 deletions.
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -14,10 +14,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Setup Java & Gradle
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '17'
           distribution: 'temurin'
@@ -28,7 +28,7 @@ jobs:
           curl -sSL https://secchannel.rsk.co/SUPPORT.asc | gpg2 --import -
           gpg2 --verify SHA256SUMS.asc && sha256sum --check SHA256SUMS.asc
 
-      - uses: actions/cache@v4
+      - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 #v4.1.1
         name: Cache Gradle Wrapper
         id: cache-gradle-wrapper
         with:
@@ -46,7 +46,7 @@ jobs:
           ./gradlew --no-daemon --stacktrace build -x test
 
       - name: Archive build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v4.4.3
         with:
           name: build-files
           path: |
@@ -56,18 +56,18 @@ jobs:
     needs: unit-tests-java17
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
         with:
           fetch-depth: 0
 
       - name: Setup Java & Gradle
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '17'
           distribution: 'temurin'
           cache: 'gradle'
 
-      - uses: actions/cache/restore@v4
+      - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 #v4.1.1
         name: Restore Gradle Wrapper
         with:
           path: |
@@ -76,21 +76,21 @@ jobs:
           fail-on-cache-miss: true
 
       - name: Download build artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4.1.8
         with:
           name: build-files
           path: |
             rskj-core/build
 
       - name: Download test results
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4.1.8
         with:
           name: test-results
           path: |
             rskj-core/build/test-results/
 
       - name: Download test reports
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4.1.8
         with:
           name: test-reports
           path: |
@@ -153,17 +153,17 @@ jobs:
         options: --name bitcoind2
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 #v4.0.4
         with:
           node-version: '12.x'
       - name: Check Node.js version
         run: node --version
 
       - name: Checkout Mining Integration Tests Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
         with:
           repository: rsksmart/mining-integration-tests
           ref: ${{ secrets.MINING_INTEGRATION_TESTS_REF }}
@@ -186,13 +186,13 @@ jobs:
           node --unhandled-rejections=strict generateBtcBlocks.js
 
       - name: Setup Java & Gradle
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '17'
           distribution: 'temurin'
           cache: 'gradle'
 
-      - uses: actions/cache/restore@v4
+      - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 #v4.1.1
         name: Restore Gradle Wrapper
         with:
           path: |
@@ -201,7 +201,7 @@ jobs:
           fail-on-cache-miss: true
 
       - name: Download build artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4.1.8
         with:
           name: build-files
           path: |
@@ -236,16 +236,16 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Setup Java & Gradle
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '17'
           distribution: 'temurin'
           cache: 'gradle'
 
-      - uses: actions/cache/restore@v4
+      - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 #v4.1.1
         name: Restore Gradle Wrapper
         with:
           path: |
@@ -258,14 +258,14 @@ jobs:
           ./gradlew --no-daemon --stacktrace test
 
       - name: Persist test results for sonar
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v4.4.3
         with:
           name: test-results
           path: |
             rskj-core/build/test-results/
 
       - name: Persist test reports for sonar
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v4.4.3
         with:
           name: test-reports
           path: |
@@ -275,16 +275,16 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Setup Java & Gradle
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '21'
           distribution: 'temurin'
           cache: 'gradle'
 
-      - uses: actions/cache/restore@v4
+      - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 #v4.1.1
         name: Restore Gradle Wrapper
         with:
           path: |
@@ -300,16 +300,16 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Setup Java & Gradle
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '17'
           distribution: 'temurin'
           cache: 'gradle'
 
-      - uses: actions/cache/restore@v4
+      - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 #v4.1.1
         name: Restore Gradle Wrapper
         with:
           path: |

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -24,11 +24,11 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Setup Java JDK
         if: ${{ matrix.language == 'java' }}
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 #v4.4.0
         with:
           java-version: '17'
           distribution: 'temurin'
@@ -38,15 +38,15 @@ jobs:
         run: ./configure.sh
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@083cd45dc7d463f048a5d0975943f0e19e9c9378 #v2.26.13
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@083cd45dc7d463f048a5d0975943f0e19e9c9378 #v2.26.13
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@083cd45dc7d463f048a5d0975943f0e19e9c9378 #v2.26.13
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -13,11 +13,11 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 #v5.5.1
         with:
           images: rsksmart/rskj
           tags: |
@@ -28,13 +28,13 @@ jobs:
             type=match,pattern=(\w+-\d+)\.\d+\.\d+.*,group=1
 
       - name: DockerHub login
-        uses: docker/login-action@v2
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 #v6.9.0
         with:
           context: .
           push: true

diff --git a/.github/workflows/rit.yml b/.github/workflows/rit.yml
@@ -24,7 +24,7 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Checkout Repository # Step needed to access the PR description using github CLI
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1
 
       - name: Set Branch Variables
         id: set-branch-variables

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM eclipse-temurin:17-jdk AS build
+FROM eclipse-temurin:17-jdk@sha256:08295ab0f5007a37cbcc6679a8447a7278d9403f9f82acd80ed08cd10921e026 AS build
 
 RUN apt-get update -y && \
     apt-get install -y git curl gnupg
@@ -19,7 +19,7 @@ RUN gpg --keyserver https://secchannel.rsk.co/SUPPORT.asc --recv-keys 1DC9157991
     modifier=$(sed -n 's/^modifier=//p' "$file" | tr -d "\"'") && \
     cp "rskj-core/build/libs/rskj-core-$version_number-$modifier-all.jar" rsk.jar
 
-FROM eclipse-temurin:17-jre
+FROM eclipse-temurin:17-jre@sha256:f1515395c0695910a3ca665e973cc11013d1f50d265e61cb8c9156e999d914b4
 LABEL org.opencontainers.image.authors="[email protected]"
 
 RUN useradd -ms /sbin/nologin -d /var/lib/rsk rsk