diff --git a/.github/actions/download-bin/action.yml b/.github/actions/download-bin/action.yml index 2a943df3..b0dbf5c5 100644 --- a/.github/actions/download-bin/action.yml +++ b/.github/actions/download-bin/action.yml @@ -5,7 +5,7 @@ runs: using: "composite" steps: - name: Download provider + tfgen binaries - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: confluentcloud-provider.tar.gz path: ${{ github.workspace }}/bin diff --git a/.github/actions/download-sdk/action.yml b/.github/actions/download-sdk/action.yml index 272e3317..ec5a2f30 100644 --- a/.github/actions/download-sdk/action.yml +++ b/.github/actions/download-sdk/action.yml @@ -10,7 +10,7 @@ runs: using: "composite" steps: - name: Download ${{ inputs.language }} SDK - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/ diff --git a/.github/actions/setup-tools/action.yml b/.github/actions/setup-tools/action.yml index 642d1d22..6a711d41 100644 --- a/.github/actions/setup-tools/action.yml +++ b/.github/actions/setup-tools/action.yml @@ -20,7 +20,7 @@ runs: steps: - name: Install Go if: inputs.tools == 'all' || contains(inputs.tools, 'go') - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: "1.21.x" cache-dependency-path: | @@ -30,45 +30,45 @@ runs: - name: Install pulumictl if: inputs.tools == 'all' || contains(inputs.tools, 'pulumictl') - uses: jaxxstorm/action-install-gh-release@v1.11.0 + uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 with: tag: v0.0.46 repo: pulumi/pulumictl - name: Install Pulumi CLI if: inputs.tools == 'all' || contains(inputs.tools, 'pulumicli') - uses: pulumi/actions@v5 + uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6 with: pulumi-version: "dev" - name: Install Schema Tools if: inputs.tools == 'all' || contains(inputs.tools, 'schema-tools') - uses: jaxxstorm/action-install-gh-release@v1.11.0 + uses: jaxxstorm/action-install-gh-release@71d17cb091aa850acb2a1a4cf87258d183eb941b # v1.11.0 with: repo: pulumi/schema-tools - name: Setup Node if: inputs.tools == 'all' || contains(inputs.tools, 'nodejs') - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4 with: node-version: 20.x registry-url: https://registry.npmjs.org - name: Setup DotNet if: inputs.tools == 'all' || contains(inputs.tools, 'dotnet') - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4 with: dotnet-version: 6.0.x - name: Setup Python if: inputs.tools == 'all' || contains(inputs.tools, 'python') - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 with: python-version: 3.11.8 - name: Setup Java if: inputs.tools == 'all' || contains(inputs.tools, 'java') - uses: actions/setup-java@v4 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4 with: cache: gradle distribution: temurin @@ -76,6 +76,6 @@ runs: - name: Setup Gradle if: inputs.tools == 'all' || contains(inputs.tools, 'java') - uses: gradle/gradle-build-action@v3 + uses: gradle/gradle-build-action@ac2d340dc04d9e1113182899e983b5400c17cda1 # v3 with: gradle-version: 7.6 diff --git a/.github/actions/upload-bin/action.yml b/.github/actions/upload-bin/action.yml index 9657dd8b..54f470e3 100644 --- a/.github/actions/upload-bin/action.yml +++ b/.github/actions/upload-bin/action.yml @@ -8,7 +8,7 @@ runs: shell: bash run: tar -zcf ${{ github.workspace }}/bin/provider.tar.gz -C ${{ github.workspace }}/bin/ pulumi-resource-confluentcloud pulumi-tfgen-confluentcloud - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: confluentcloud-provider.tar.gz path: ${{ github.workspace }}/bin/provider.tar.gz diff --git a/.github/actions/upload-sdk/action.yml b/.github/actions/upload-sdk/action.yml index c8c88de9..b0dd1404 100644 --- a/.github/actions/upload-sdk/action.yml +++ b/.github/actions/upload-sdk/action.yml @@ -13,7 +13,7 @@ runs: shell: bash run: tar -zcf sdk/${{ inputs.language }}.tar.gz -C sdk/${{ inputs.language }} . - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ inputs.language }}-sdk.tar.gz path: ${{ github.workspace}}/sdk/${{ inputs.language }}.tar.gz diff --git a/.github/workflows/build_provider.yml b/.github/workflows/build_provider.yml index 5dada3f0..7e6d0efc 100644 --- a/.github/workflows/build_provider.yml +++ b/.github/workflows/build_provider.yml @@ -30,7 +30,7 @@ jobs: arch: amd64 steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -40,7 +40,7 @@ jobs: - name: Prepare local workspace before restoring previously built run: make prepare_local_workspace - name: Download schema-embed.json - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: # Use a pattern to avoid failing if the artifact doesn't exist pattern: schema-embed.* @@ -52,7 +52,7 @@ jobs: - name: Build & package provider run: make provider_dist-${{ matrix.platform.os }}-${{ matrix.platform.arch }} - name: Upload artifacts - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: pulumi-resource-confluentcloud-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz path: bin/pulumi-resource-confluentcloud-v${{ inputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz diff --git a/.github/workflows/build_sdk.yml b/.github/workflows/build_sdk.yml index 4b6346e5..25658991 100644 --- a/.github/workflows/build_sdk.yml +++ b/.github/workflows/build_sdk.yml @@ -43,11 +43,11 @@ jobs: - java steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Cache examples generation - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | .pulumi/examples-cache diff --git a/.github/workflows/command-dispatch.yml b/.github/workflows/command-dispatch.yml index 506a0fd0..15acf0ef 100644 --- a/.github/workflows/command-dispatch.yml +++ b/.github/workflows/command-dispatch.yml @@ -25,10 +25,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: peter-evans/slash-command-dispatch@v4 + - uses: peter-evans/slash-command-dispatch@13bc09769d122a64f75aa5037256f6f2d78be8c4 # v4 with: commands: | run-acceptance-tests diff --git a/.github/workflows/community-moderation.yml b/.github/workflows/community-moderation.yml index 9fdd1ae6..7bb3b144 100644 --- a/.github/workflows/community-moderation.yml +++ b/.github/workflows/community-moderation.yml @@ -8,24 +8,24 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - id: schema_changed name: Check for diff in schema - uses: dorny/paths-filter@v2.12.0 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: filters: "changed: 'provider/cmd/**/schema.json'" - id: sdk_changed if: steps.schema_changed.outputs.changed == 'false' name: Check for diff in sdk/** - uses: dorny/paths-filter@v2.12.0 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 with: filters: "changed: 'sdk/**'" - if: steps.sdk_changed.outputs.changed == 'true' && github.event.pull_request.head.repo.full_name != github.repository name: Send codegen warning as comment on PR - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index e7fdda00..6659e7a7 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 912af36d..15fb40c9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -32,11 +32,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Install go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: # The versions of golangci-lint and setup-go here cross-depend and need to update together. go-version: 1.23 @@ -50,7 +50,7 @@ jobs: continue-on-error: true run: make upstream - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6 with: version: v1.60 working-directory: provider diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 36891cab..7ab44403 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -52,16 +52,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@v1.3.1 + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # v1.3.1 with: tool-cache: false swap-storage: false - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_CORP_S3_UPLOAD_ACCESS_KEY_ID }} aws-region: us-west-2 @@ -135,7 +135,7 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index a2f4c2a0..35a32d64 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -77,7 +77,7 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools diff --git a/.github/workflows/prerequisites.yml b/.github/workflows/prerequisites.yml index 6a5385f4..b02160f9 100644 --- a/.github/workflows/prerequisites.yml +++ b/.github/workflows/prerequisites.yml @@ -45,15 +45,15 @@ jobs: version: ${{ steps.provider-version.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: pulumi/provider-version-action@v1 + - uses: pulumi/provider-version-action@0391d47b9b0d865d33dd0a295b1fcf9f7021dd4c # v1.5.3 id: provider-version with: set-env: 'PROVIDER_VERSION' - name: Cache examples generation - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 with: path: | .pulumi/examples-cache @@ -83,7 +83,7 @@ jobs: } >> "$GITHUB_ENV" - if: inputs.is_pr && inputs.is_automated == false name: Comment on PR with Details of Schema Check - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} comment_tag: schemaCheck @@ -97,7 +97,7 @@ jobs: uses: ./.github/actions/upload-bin - name: Upload schema-embed.json - uses: actions/upload-artifact@v4.4.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: schema-embed.json path: provider/cmd/pulumi-resource-confluentcloud/schema-embed.json diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d3b40a4c..600a76d4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -48,7 +48,7 @@ jobs: if: inputs.skipGoSdk && inputs.isPrerelease == false run: echo "Can't skip Go SDK for stable releases. This is likely a bug in the calling workflow." && exit 1 - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -56,7 +56,7 @@ jobs: with: tools: pulumictl, pulumicli, go, schema-tools - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4.0.2 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-region: us-east-2 @@ -68,7 +68,7 @@ jobs: - name: Create dist directory run: mkdir -p dist - name: Download provider assets - uses: actions/download-artifact@v4.1.8 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: pulumi-resource-confluentcloud-v${{ inputs.version }}-* path: dist @@ -93,7 +93,7 @@ jobs: - name: Upload Provider Binaries run: aws s3 cp dist s3://get.pulumi.com/releases/plugins/ --recursive - name: Create GH Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 if: inputs.isPrerelease == false with: tag_name: v${{ inputs.version }} @@ -112,7 +112,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Persist credentials so we can push back to the repo persist-credentials: true @@ -121,7 +121,7 @@ jobs: with: tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - name: Publish SDKs - uses: pulumi/pulumi-package-publisher@v0.0.20 + uses: pulumi/pulumi-package-publisher@1c0359ba74243cf6651efacfd839c751d8ff87e2 # v0.0.20 with: sdk: all version: ${{ inputs.version }} @@ -151,7 +151,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Dispatch Metadata build - uses: peter-evans/repository-dispatch@v3 + uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 with: token: ${{ secrets.PULUMI_BOT_TOKEN }} repository: pulumi/registry @@ -172,7 +172,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Clean up release labels diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index f3d38fbb..e3771647 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -26,11 +26,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Comment PR - uses: thollander/actions-comment-pull-request@v2.5.0 + uses: thollander/actions-comment-pull-request@fabd468d3a1a0b97feee5f6b9e499eab0dd903f6 # v2.5.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} message: > diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 99fb4166..f69453ca 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -83,7 +83,7 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools diff --git a/.github/workflows/release_command.yml b/.github/workflows/release_command.yml index ea43de93..5712f40e 100644 --- a/.github/workflows/release_command.yml +++ b/.github/workflows/release_command.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Should release PR @@ -28,7 +28,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: failure() name: Notify failure - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} @@ -37,7 +37,7 @@ jobs: "release command failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" - if: success() name: Notify success - uses: peter-evans/create-or-update-comment@v2 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.event.client_payload.github.payload.repository.full_name }} diff --git a/.github/workflows/resync-build.yml b/.github/workflows/resync-build.yml index a3372305..d5f79080 100644 --- a/.github/workflows/resync-build.yml +++ b/.github/workflows/resync-build.yml @@ -27,12 +27,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Persist credentials so we can push a new branch. persist-credentials: true - name: Checkout repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: ci-mgmt repository: pulumi/ci-mgmt @@ -67,7 +67,7 @@ jobs: - name: Build run: make build - name: Create PR (no linked issue) - uses: peter-evans/create-pull-request@v3.12.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: author: pulumi-bot base: main diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 7dc0ce8c..65425cef 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -77,7 +77,7 @@ jobs: name: Create URL to the run output run: echo "run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" >> "$GITHUB_OUTPUT" - name: Update with Result - uses: peter-evans/create-or-update-comment@v1 + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: body: "Please view the PR build: ${{ steps.run-url.outputs.run-url }}" issue-number: ${{ github.event.client_payload.github.payload.issue.number }} @@ -95,7 +95,7 @@ jobs: - license_check runs-on: ubuntu-latest steps: - - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 + - uses: guibranco/github-status-action-v2@0849440ec82c5fa69b2377725b9b7852a3977e76 # v1.1.13 with: authToken: ${{secrets.GITHUB_TOKEN}} # Write an explicit status check called "Sentinel" which will only pass if this code really runs. @@ -122,13 +122,13 @@ jobs: PROVIDER_VERSION: ${{ needs.prerequisites.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.PR_COMMIT_SHA }} persist-credentials: false - name: Checkout p/examples if: matrix.testTarget == 'pulumiExamples' - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: pulumi/examples path: p-examples diff --git a/.github/workflows/upgrade-bridge.yml b/.github/workflows/upgrade-bridge.yml index b47d57a2..bfcea9e1 100644 --- a/.github/workflows/upgrade-bridge.yml +++ b/.github/workflows/upgrade-bridge.yml @@ -65,7 +65,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools @@ -74,7 +74,7 @@ jobs: tools: pulumictl, pulumicli, nodejs, python, dotnet, go, java - name: Call upgrade provider action if: github.event_name == 'workflow_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@a1d9f03fbfd923f787427c1d9e99c2356711d483 # v0.0.13 with: kind: ${{ inputs.kind }} email: bot@pulumi.com @@ -87,7 +87,7 @@ jobs: pr-title-prefix: ${{ inputs.pr-title-prefix }} - name: Call upgrade provider action if: github.event_name == 'repository_dispatch' - uses: pulumi/pulumi-upgrade-provider-action@v0.0.12 + uses: pulumi/pulumi-upgrade-provider-action@a1d9f03fbfd923f787427c1d9e99c2356711d483 # v0.0.13 with: kind: ${{ github.event.client_payload.kind || 'bridge' }} email: bot@pulumi.com diff --git a/.github/workflows/upgrade-provider.yml b/.github/workflows/upgrade-provider.yml index 174d3f49..3eaa9b4a 100644 --- a/.github/workflows/upgrade-provider.yml +++ b/.github/workflows/upgrade-provider.yml @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Persist credentials so upgrade-provider can push a new branch. persist-credentials: true diff --git a/.github/workflows/verify-release.yml b/.github/workflows/verify-release.yml index 05a26239..3494370a 100644 --- a/.github/workflows/verify-release.yml +++ b/.github/workflows/verify-release.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout Repo - uses: actions/checkout@v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Setup tools