diff --git a/.github/workflows/code-review.yaml b/.github/workflows/code-review.yaml index d10ad410..33250489 100644 --- a/.github/workflows/code-review.yaml +++ b/.github/workflows/code-review.yaml @@ -23,12 +23,12 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 2 - name: Setup Node.js environment - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version-file: ".node-version" cache: "yarn" @@ -37,7 +37,7 @@ jobs: run: yarn install --immutable - name: Cache turbo build setup - uses: actions/cache@v3 + uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: node_modules/.cache/turbo key: ${{ runner.os }}-turbo-${{ github.sha }} diff --git a/.github/workflows/deploy-issuer-func-itn.yaml b/.github/workflows/deploy-issuer-func-itn.yaml index 4903d6aa..25208aac 100644 --- a/.github/workflows/deploy-issuer-func-itn.yaml +++ b/.github/workflows/deploy-issuer-func-itn.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Delete old tag - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | github.rest.git.deleteRef({ @@ -32,7 +32,7 @@ jobs: }) continue-on-error: true - name: Create tag - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | github.rest.git.createRef({ diff --git a/.github/workflows/deploy-issuer-func.yaml b/.github/workflows/deploy-issuer-func.yaml index 241c6d07..147350da 100644 --- a/.github/workflows/deploy-issuer-func.yaml +++ b/.github/workflows/deploy-issuer-func.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Delete old tag - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | github.rest.git.deleteRef({ @@ -32,7 +32,7 @@ jobs: }) continue-on-error: true - name: Create tag - uses: actions/github-script@v7 + uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | github.rest.git.createRef({ diff --git a/.github/workflows/label.yaml b/.github/workflows/label.yaml index c8d6c914..e584658c 100644 --- a/.github/workflows/label.yaml +++ b/.github/workflows/label.yaml @@ -17,13 +17,13 @@ jobs: pull-requests: write steps: - - uses: actions/labeler@v4 + - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" # Note that the following step # never removes labels - - uses: actions/github-script@v6 + - uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6 id: set-result with: script: | diff --git a/.github/workflows/opex_api_issuer.yaml b/.github/workflows/opex_api_issuer.yaml index 5d90756d..c03c465a 100644 --- a/.github/workflows/opex_api_issuer.yaml +++ b/.github/workflows/opex_api_issuer.yaml @@ -35,7 +35,7 @@ jobs: fetch-depth: 0 # from https://github.com/pagopa/opex-dashboard-azure-action/ - - uses: pagopa/opex-dashboard-azure-action@v1.1.0 + - uses: pagopa/opex-dashboard-azure-action@f44f85839096c15ec358293f3a2dd2b10d367119 # v1.1.0 with: environment: prod api-name: ${{ env.API_NAME }} diff --git a/.github/workflows/opex_api_support.yaml b/.github/workflows/opex_api_support.yaml index 49fe1200..7ddf0dc4 100644 --- a/.github/workflows/opex_api_support.yaml +++ b/.github/workflows/opex_api_support.yaml @@ -33,7 +33,7 @@ jobs: fetch-depth: 0 # from https://github.com/pagopa/opex-dashboard-azure-action/ - - uses: pagopa/opex-dashboard-azure-action@v1.1.0 + - uses: pagopa/opex-dashboard-azure-action@f44f85839096c15ec358293f3a2dd2b10d367119 # v1.1.0 with: environment: prod api-name: ${{ env.API_NAME }} diff --git a/.github/workflows/opex_api_user.yaml b/.github/workflows/opex_api_user.yaml index 8c190f40..5f45ae90 100644 --- a/.github/workflows/opex_api_user.yaml +++ b/.github/workflows/opex_api_user.yaml @@ -33,7 +33,7 @@ jobs: fetch-depth: 0 # from https://github.com/pagopa/opex-dashboard-azure-action/ - - uses: pagopa/opex-dashboard-azure-action@v1.2.1 + - uses: pagopa/opex-dashboard-azure-action@3ad80a5e4a2d5a8f342615637072f21b687320ce # v1.2.1 with: environment: prod api-name: ${{ env.API_NAME }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 869feb99..b766a4dd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,12 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Setup Node.js environment - uses: actions/setup-node@v3 + uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3 with: node-version-file: ".node-version" cache: "yarn" diff --git a/docker-compose.yml b/docker-compose.yml index 963be7d3..689c2393 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: "3.9" services: cosmos-db: - image: mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator + image: mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator@sha256:f3aaae0166781c2e7994987fb6e5eb30ec2e6ab128835c94c41d11844c4575b8 mem_limit: 3G cpu_count: 2 tty: true @@ -18,7 +18,7 @@ services: - cosmos-db-volume:/data/db storage: - image: mcr.microsoft.com/azure-storage/azurite + image: mcr.microsoft.com/azure-storage/azurite@sha256:647c63a91102a9d8e8000aab803436e1fc85fbb285e7ce830a82ee5d6661cf37 command: "azurite -l /data --blobHost 0.0.0.0 --queueHost 0.0.0.0 --skipApiVersionCheck" ports: - 10000:10000