From 43e14b23b06b43170296ead0ac639e74e7903088 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?= =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?= =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?= Date: Tue, 18 Mar 2025 13:25:17 +0100 Subject: [PATCH] ci: Pin all workflow actions (#13984) --- .../workflows/benchmark-destroy-nightly.yml | 6 +-- .github/workflows/benchmark-nightly.yml | 10 ++-- .../workflows/check-documentation-urls.yml | 6 +-- .github/workflows/check-pr-title.yml | 6 +-- .github/workflows/chromatic.yml | 14 +++--- .github/workflows/ci-master.yml | 10 ++-- .github/workflows/ci-postgres-mysql.yml | 48 +++++++++---------- .github/workflows/ci-pull-requests.yml | 8 ++-- .github/workflows/docker-base-image.yml | 12 ++--- .github/workflows/docker-images-benchmark.yml | 10 ++-- .github/workflows/docker-images-custom.yml | 10 ++-- .github/workflows/docker-images-nightly.yml | 12 ++--- .github/workflows/e2e-reusable.yml | 16 +++---- .github/workflows/e2e-tests-pr.yml | 8 ++-- .github/workflows/e2e-tests.yml | 2 +- .github/workflows/linting-reusable.yml | 8 ++-- .github/workflows/notify-pr-status.yml | 2 +- .github/workflows/release-create-pr.yml | 6 +-- .github/workflows/release-publish.yml | 34 ++++++------- .github/workflows/release-push-to-channel.yml | 6 +-- .github/workflows/test-workflows.yml | 20 ++++---- 21 files changed, 127 insertions(+), 127 deletions(-) diff --git a/.github/workflows/benchmark-destroy-nightly.yml b/.github/workflows/benchmark-destroy-nightly.yml index 0d87da7776..91cf19f0e7 100644 --- a/.github/workflows/benchmark-destroy-nightly.yml +++ b/.github/workflows/benchmark-destroy-nightly.yml @@ -20,16 +20,16 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Azure login - uses: azure/login@v2.1.1 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: client-id: ${{ secrets.BENCHMARK_ARM_CLIENT_ID }} tenant-id: ${{ secrets.BENCHMARK_ARM_TENANT_ID }} subscription-id: ${{ secrets.BENCHMARK_ARM_SUBSCRIPTION_ID }} - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x diff --git a/.github/workflows/benchmark-nightly.yml b/.github/workflows/benchmark-nightly.yml index 6ebf908062..97bf34f0a9 100644 --- a/.github/workflows/benchmark-nightly.yml +++ b/.github/workflows/benchmark-nightly.yml @@ -42,13 +42,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: hashicorp/setup-terraform@v3 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 with: terraform_version: '1.8.5' - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -61,7 +61,7 @@ jobs: run: pnpm install --frozen-lockfile - name: Azure login - uses: azure/login@v2.1.1 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: client-id: ${{ env.ARM_CLIENT_ID }} tenant-id: ${{ env.ARM_TENANT_ID }} @@ -92,7 +92,7 @@ jobs: # We need to login again because the access token expires - name: Azure login if: always() - uses: azure/login@v2.1.1 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: client-id: ${{ env.ARM_CLIENT_ID }} tenant-id: ${{ env.ARM_TENANT_ID }} diff --git a/.github/workflows/check-documentation-urls.yml b/.github/workflows/check-documentation-urls.yml index ac7ca21335..0d59245619 100644 --- a/.github/workflows/check-documentation-urls.yml +++ b/.github/workflows/check-documentation-urls.yml @@ -14,9 +14,9 @@ jobs: timeout-minutes: 5 steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -37,7 +37,7 @@ jobs: run: node .github/scripts/validate-docs-links.js - name: Notify Slack on failure - uses: act10ns/slack@v2.0.0 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() with: status: ${{ job.status }} diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index 98037c520f..8910084dc7 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -15,9 +15,9 @@ jobs: timeout-minutes: 5 steps: - name: Check out branch - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -31,6 +31,6 @@ jobs: - name: Validate PR title id: validate_pr_title - uses: n8n-io/validate-n8n-pull-request-title@v2.2.0 + uses: n8n-io/validate-n8n-pull-request-title@c97ff722ac14ee0bda73766473bba764445db805 # v2.2.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml index f635550012..2bbb56f710 100644 --- a/.github/workflows/chromatic.yml +++ b/.github/workflows/chromatic.yml @@ -18,13 +18,13 @@ jobs: if: github.event.review.state == 'approved' steps: - name: Check out current commit - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 2 - name: Determine changed files - uses: tomi/paths-filter-action@v3.0.2 + uses: tomi/paths-filter-action@32c62f5ca100c1110406e3477d5b3ecef4666fec # v3.0.2 id: changed if: github.event_name == 'pull_request_review' with: @@ -52,11 +52,11 @@ jobs: ) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -68,7 +68,7 @@ jobs: - run: pnpm install --frozen-lockfile - name: Publish to Chromatic - uses: chromaui/action@v11 + uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # v11 id: chromatic_tests continue-on-error: true with: @@ -79,7 +79,7 @@ jobs: - name: Success comment if: steps.chromatic_tests.outcome == 'success' && github.ref != 'refs/heads/master' - uses: peter-evans/create-or-update-comment@v4.0.0 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: issue-number: ${{ github.event.pull_request.number }} token: ${{ secrets.GITHUB_TOKEN }} @@ -89,7 +89,7 @@ jobs: - name: Fail comment if: steps.chromatic_tests.outcome != 'success' && github.ref != 'refs/heads/master' - uses: peter-evans/create-or-update-comment@v4.0.0 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: issue-number: ${{ github.event.pull_request.number }} token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-master.yml b/.github/workflows/ci-master.yml index 6c74f9ff6c..5345632dbd 100644 --- a/.github/workflows/ci-master.yml +++ b/.github/workflows/ci-master.yml @@ -14,9 +14,9 @@ jobs: timeout-minutes: 10 steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: useblacksmith/setup-node@v5 + - uses: useblacksmith/setup-node@65c6ca86fdeb0ab3d85e78f57e4f6a7e4780b391 # v5 with: node-version: 20.x @@ -29,13 +29,13 @@ jobs: run: pnpm install --frozen-lockfile - name: Setup build cache - uses: useblacksmith/caching-for-turbo@v1 + uses: useblacksmith/caching-for-turbo@bafb57e7ebdbf1185762286ec94d24648cd3938a # v1 - name: Build run: pnpm build - name: Cache build artifacts - uses: useblacksmith/cache/save@v5 + uses: useblacksmith/cache/save@c5fe29eb0efdf1cf4186b9f7fcbbcbc0cf025662 # v5 with: path: ./packages/**/dist key: ${{ github.sha }}-base:build @@ -71,7 +71,7 @@ jobs: needs: [unit-test, lint] steps: - name: Notify Slack on failure - uses: act10ns/slack@v2.0.0 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() with: status: ${{ job.status }} diff --git a/.github/workflows/ci-postgres-mysql.yml b/.github/workflows/ci-postgres-mysql.yml index bfcfbdc617..07ac754356 100644 --- a/.github/workflows/ci-postgres-mysql.yml +++ b/.github/workflows/ci-postgres-mysql.yml @@ -22,9 +22,9 @@ jobs: runs-on: ubuntu-latest if: github.event_name != 'pull_request_review' || startsWith(github.event.pull_request.base.ref, 'release/') steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -36,13 +36,13 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Build Backend run: pnpm build:backend - name: Cache build artifacts - uses: actions/cache/save@v4.2.0 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:db-tests @@ -56,9 +56,9 @@ jobs: DB_TYPE: sqlite DB_SQLITE_POOL_SIZE: 4 steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -70,10 +70,10 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Restore cached build artifacts - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:db-tests @@ -90,9 +90,9 @@ jobs: env: DB_MYSQLDB_PASSWORD: password steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -104,16 +104,16 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Restore cached build artifacts - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:db-tests - name: Start MariaDB - uses: isbang/compose-action@v2.0.0 + uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0 with: compose-file: ./.github/docker-compose.yml services: | @@ -134,9 +134,9 @@ jobs: env: DB_MYSQLDB_PASSWORD: password steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -148,16 +148,16 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Restore cached build artifacts - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:db-tests - name: Start MySQL - uses: isbang/compose-action@v2.0.0 + uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0 with: compose-file: ./.github/docker-compose.yml services: | @@ -176,9 +176,9 @@ jobs: DB_POSTGRESDB_PASSWORD: password DB_POSTGRESDB_POOL_SIZE: 1 # Detect connection pooling deadlocks steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -190,16 +190,16 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Restore cached build artifacts - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:db-tests - name: Start Postgres - uses: isbang/compose-action@v2.0.0 + uses: isbang/compose-action@802a148945af6399a338c7906c267331b39a71af # v2.0.0 with: compose-file: ./.github/docker-compose.yml services: | @@ -215,7 +215,7 @@ jobs: needs: [mariadb, postgres, mysql] steps: - name: Notify Slack on failure - uses: act10ns/slack@v2.0.0 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() && github.ref == 'refs/heads/master' with: status: ${{ job.status }} diff --git a/.github/workflows/ci-pull-requests.yml b/.github/workflows/ci-pull-requests.yml index 203b65a8c6..c7f6fcedcf 100644 --- a/.github/workflows/ci-pull-requests.yml +++ b/.github/workflows/ci-pull-requests.yml @@ -13,11 +13,11 @@ jobs: env: NODE_OPTIONS: '--max-old-space-size=4096' steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: refs/pull/${{ github.event.pull_request.number }}/merge - - uses: useblacksmith/setup-node@v5 + - uses: useblacksmith/setup-node@65c6ca86fdeb0ab3d85e78f57e4f6a7e4780b391 # v5 with: node-version: 20.x @@ -30,7 +30,7 @@ jobs: run: pnpm install --frozen-lockfile - name: Setup build cache - uses: useblacksmith/caching-for-turbo@v1 + uses: useblacksmith/caching-for-turbo@bafb57e7ebdbf1185762286ec94d24648cd3938a # v1 - name: Build run: pnpm build @@ -42,7 +42,7 @@ jobs: run: pnpm typecheck - name: Cache build artifacts - uses: useblacksmith/cache/save@v5 + uses: useblacksmith/cache/save@c5fe29eb0efdf1cf4186b9f7fcbbcbc0cf025662 # v5 with: path: ./packages/**/dist key: ${{ github.sha }}-base:build diff --git a/.github/workflows/docker-base-image.yml b/.github/workflows/docker-base-image.yml index c2b5c9b6e6..4ee4eae7bc 100644 --- a/.github/workflows/docker-base-image.yml +++ b/.github/workflows/docker-base-image.yml @@ -17,29 +17,29 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up QEMU - uses: docker/setup-qemu-action@v3.3.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to DockerHub - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build - uses: docker/build-push-action@v6.11.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 env: DOCKER_BUILD_SUMMARY: false with: diff --git a/.github/workflows/docker-images-benchmark.yml b/.github/workflows/docker-images-benchmark.yml index d4bf2f98a0..02be4e012e 100644 --- a/.github/workflows/docker-images-benchmark.yml +++ b/.github/workflows/docker-images-benchmark.yml @@ -16,23 +16,23 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up QEMU - uses: docker/setup-qemu-action@v3.3.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build - uses: docker/build-push-action@v6.11.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 env: DOCKER_BUILD_SUMMARY: false with: diff --git a/.github/workflows/docker-images-custom.yml b/.github/workflows/docker-images-custom.yml index dfc9d77a03..f31aef3859 100644 --- a/.github/workflows/docker-images-custom.yml +++ b/.github/workflows/docker-images-custom.yml @@ -39,7 +39,7 @@ jobs: shell: bash - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ github.event.inputs.branch }} @@ -49,20 +49,20 @@ jobs: shell: bash - name: Set up QEMU - uses: docker/setup-qemu-action@v3.3.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to GHCR - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push image to GHCR - uses: docker/build-push-action@v6.11.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 env: DOCKER_BUILD_SUMMARY: false with: diff --git a/.github/workflows/docker-images-nightly.yml b/.github/workflows/docker-images-nightly.yml index dbdde44078..c16def80e5 100644 --- a/.github/workflows/docker-images-nightly.yml +++ b/.github/workflows/docker-images-nightly.yml @@ -10,29 +10,29 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up QEMU - uses: docker/setup-qemu-action@v3.3.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to GHCR - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to DockerHub - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push image to GHCR and DockerHub - uses: docker/build-push-action@v6.11.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 env: DOCKER_BUILD_SUMMARY: false with: diff --git a/.github/workflows/e2e-reusable.yml b/.github/workflows/e2e-reusable.yml index 8826f980c5..e69c4ab260 100644 --- a/.github/workflows/e2e-reusable.yml +++ b/.github/workflows/e2e-reusable.yml @@ -71,7 +71,7 @@ jobs: image: cypress/${{ inputs.run-env }} options: --user 1001 steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.branch }} @@ -81,13 +81,13 @@ jobs: git fetch origin pull/${{ inputs.pr_number }}/head git checkout FETCH_HEAD - - uses: pnpm/action-setup@v4.0.0 + - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 - name: Install dependencies run: pnpm install --frozen-lockfile - name: Cypress build - uses: cypress-io/github-action@v6.6.1 + uses: cypress-io/github-action@1b70233146622b69e789ccdd4f9452adc638d25a # v6.6.1 with: # Disable running of tests within install job runTests: false @@ -99,7 +99,7 @@ jobs: run: pnpm cypress:install - name: Cache build artifacts - uses: actions/cache/save@v4.2.0 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: | /github/home/.cache @@ -120,7 +120,7 @@ jobs: # running the same tests multiple times containers: ${{ fromJSON( inputs.spec == 'e2e/*' && inputs.containers || '[1]' ) }} steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.branch }} @@ -130,10 +130,10 @@ jobs: git fetch origin pull/${{ inputs.pr_number }}/head git checkout FETCH_HEAD - - uses: pnpm/action-setup@v4.0.0 + - uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0 - name: Restore cached pnpm modules - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: | /github/home/.cache @@ -145,7 +145,7 @@ jobs: run: pnpm install --frozen-lockfile - name: Cypress run - uses: cypress-io/github-action@v6.6.1 + uses: cypress-io/github-action@1b70233146622b69e789ccdd4f9452adc638d25a # v6.6.1 with: working-directory: cypress install: false diff --git a/.github/workflows/e2e-tests-pr.yml b/.github/workflows/e2e-tests-pr.yml index b244ea86ae..d46ef9e4e3 100644 --- a/.github/workflows/e2e-tests-pr.yml +++ b/.github/workflows/e2e-tests-pr.yml @@ -15,13 +15,13 @@ jobs: if: github.event.review.state == 'approved' steps: - name: Check out current commit - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 2 - name: Determine changed files - uses: tomi/paths-filter-action@v3.0.2 + uses: tomi/paths-filter-action@32c62f5ca100c1110406e3477d5b3ecef4666fec # v3.0.2 id: changed with: filters: | @@ -63,7 +63,7 @@ jobs: steps: - name: E2E success comment if: ${{ needs.get-metadata.outputs.should_run == 'true' && needs.run-e2e-tests.outputs.tests_passed == 'true' }} - uses: peter-evans/create-or-update-comment@v4.0.0 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: issue-number: ${{ github.event.pull_request.number }} body: | @@ -72,7 +72,7 @@ jobs: - name: E2E fail comment if: needs.run-e2e-tests.result == 'failure' - uses: peter-evans/create-or-update-comment@v4.0.0 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: issue-number: ${{ github.event.pull_request.number }} body: | diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index e7400adecb..8749cac0c9 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -56,7 +56,7 @@ jobs: if: ${{ github.event.inputs.success-url != '' }} steps: - name: Notify Slack on failure - uses: act10ns/slack@v2.0.0 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() with: status: ${{ job.status }} diff --git a/.github/workflows/linting-reusable.yml b/.github/workflows/linting-reusable.yml index a68cb4ebbb..03e4257c45 100644 --- a/.github/workflows/linting-reusable.yml +++ b/.github/workflows/linting-reusable.yml @@ -21,11 +21,11 @@ jobs: env: NODE_OPTIONS: '--max-old-space-size=4096' steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.ref }} - - uses: useblacksmith/setup-node@v5 + - uses: useblacksmith/setup-node@65c6ca86fdeb0ab3d85e78f57e4f6a7e4780b391 # v5 with: node-version: 20.x @@ -38,7 +38,7 @@ jobs: run: pnpm install --frozen-lockfile - name: Setup build cache - uses: useblacksmith/caching-for-turbo@v1 + uses: useblacksmith/caching-for-turbo@bafb57e7ebdbf1185762286ec94d24648cd3938a # v1 - name: Build if: ${{ inputs.cacheKey == '' }} @@ -46,7 +46,7 @@ jobs: - name: Restore cached build artifacts if: ${{ inputs.cacheKey != '' }} - uses: useblacksmith/cache/restore@v5 + uses: useblacksmith/cache/restore@c5fe29eb0efdf1cf4186b9f7fcbbcbc0cf025662 # v5 with: path: ./packages/**/dist key: ${{ inputs.cacheKey }} diff --git a/.github/workflows/notify-pr-status.yml b/.github/workflows/notify-pr-status.yml index 1169b02af8..9dbf4529f1 100644 --- a/.github/workflows/notify-pr-status.yml +++ b/.github/workflows/notify-pr-status.yml @@ -15,7 +15,7 @@ jobs: (github.event_name == 'pull_request' && github.event.pull_request.merged == true) || (github.event_name == 'pull_request' && github.event.pull_request.merged == false && github.event.action == 'closed') steps: - - uses: fjogeleit/http-request-action@dea46570591713c7de04a5b556bf2ff7bdf0aa9c # v1 + - uses: fjogeleit/http-request-action@bf78da14118941f7e940279dd58f67e863cbeff6 # v1 if: ${{!contains(github.event.pull_request.labels.*.name, 'community')}} name: Notify env: diff --git a/.github/workflows/release-create-pr.yml b/.github/workflows/release-create-pr.yml index dff2ce4bc8..6b0bc38e92 100644 --- a/.github/workflows/release-create-pr.yml +++ b/.github/workflows/release-create-pr.yml @@ -30,12 +30,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 ref: ${{ github.event.inputs.base-branch }} - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -60,7 +60,7 @@ jobs: git push -f origin refs/remotes/origin/${{ github.event.inputs.base-branch }}:refs/heads/release/${{ env.NEXT_RELEASE }} - name: Push the release branch, and Create the PR - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6 with: base: 'release/${{ env.NEXT_RELEASE }}' branch: 'release-pr/${{ env.NEXT_RELEASE }}' diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index 98d2221b01..671504746b 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -21,11 +21,11 @@ jobs: release: ${{ steps.set-release.outputs.release }} steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -43,7 +43,7 @@ jobs: run: pnpm build - name: Cache build artifacts - uses: actions/cache/save@v4.2.0 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}-release:build @@ -78,31 +78,31 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3.3.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to DockerHub - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build - uses: docker/build-push-action@v6.11.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 env: DOCKER_BUILD_SUMMARY: false with: @@ -129,7 +129,7 @@ jobs: steps: - name: Create a Release on GitHub - uses: ncipollo/release-action@v1 + uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1 with: commit: ${{github.event.pull_request.base.ref}} tag: 'n8n@${{ needs.publish-to-npm.outputs.release }}' @@ -148,15 +148,15 @@ jobs: SENTRY_ORG: ${{ secrets.SENTRY_ORG }} steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Restore cached build artifacts - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}-release:build - name: Create a frontend release - uses: getsentry/action-release@v1.7.0 + uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 continue-on-error: true with: projects: ${{ secrets.SENTRY_FRONTEND_PROJECT }} @@ -164,7 +164,7 @@ jobs: sourcemaps: packages/frontend/editor-ui/dist - name: Create a backend release - uses: getsentry/action-release@v1.7.0 + uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 continue-on-error: true with: projects: ${{ secrets.SENTRY_BACKEND_PROJECT }} @@ -172,7 +172,7 @@ jobs: sourcemaps: packages/cli/dist packages/core/dist packages/nodes-base/dist packages/@n8n/n8n-nodes-langchain/dist - name: Create a task runner release - uses: getsentry/action-release@v1.7.0 + uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 continue-on-error: true with: projects: ${{ secrets.SENTRY_TASK_RUNNER_PROJECT }} @@ -194,8 +194,8 @@ jobs: # if: ${{ github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'release:patch') }} # runs-on: ubuntu-latest # steps: - # - uses: actions/checkout@v4.1.1 - # with: + # - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + # v4.1.1 # fetch-depth: 0 # - run: | # git checkout --track origin/master diff --git a/.github/workflows/release-push-to-channel.yml b/.github/workflows/release-push-to-channel.yml index 2f4a9170a7..5fe095cfdd 100644 --- a/.github/workflows/release-push-to-channel.yml +++ b/.github/workflows/release-push-to-channel.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -43,7 +43,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: docker/login-action@v3.3.0 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -63,7 +63,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: docker/login-action@v3.3.0 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/test-workflows.yml b/.github/workflows/test-workflows.yml index 37ec57480d..b19aa6079f 100644 --- a/.github/workflows/test-workflows.yml +++ b/.github/workflows/test-workflows.yml @@ -21,9 +21,9 @@ jobs: (github.event_name != 'pull_request_review' || startsWith(github.event.pull_request.base.ref, 'release/')) && !contains(github.event.pull_request.labels.*.name, 'community') steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -35,13 +35,13 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Build Backend run: pnpm build:backend - name: Cache build artifacts - uses: actions/cache/save@v4.2.0 + uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:workflow-tests @@ -52,9 +52,9 @@ jobs: needs: build timeout-minutes: 10 steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/setup-node@v4.2.0 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 20.x @@ -66,10 +66,10 @@ jobs: - run: pnpm install --frozen-lockfile - name: Setup build cache - uses: rharkor/caching-for-turbo@v1.5 + uses: rharkor/caching-for-turbo@439abec0d28d21b192fa8817b744ffdf1ee5ac0d # v1.5 - name: Restore cached build artifacts - uses: actions/cache/restore@v4.2.0 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ./packages/**/dist key: ${{ github.sha }}:workflow-tests @@ -82,7 +82,7 @@ jobs: DEBIAN_FRONTEND="noninteractive" sudo apt-get install -y graphicsmagick - name: Checkout workflows repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: repository: n8n-io/test-workflows path: test-workflows @@ -113,7 +113,7 @@ jobs: N8N_SENTRY_DSN: ${{secrets.CI_SENTRY_DSN}} - name: Notify Slack on failure - uses: act10ns/slack@v2.0.0 + uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 if: failure() && github.ref == 'refs/heads/master' with: status: ${{ job.status }}