Home-Assistant/operating-system
1
0
Fork 0
mirror of https://github.com/home-assistant/operating-system.git synced 2025-12-19 18:08:29 +00:00
Code Activity

Pin SHA for all Github Actions (#4305)

Browse Source
This commit is contained in:
Simon Lamon
2025-09-15 11:39:47 +02:00
committed by GitHub
parent e15d99bc2b
commit ef45889956
8 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/artifacts-index.yaml vendored
View File

@@ -39,12 +39,12 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Setup Python version ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v6
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHON_VERSION }}

40
.github/workflows/build.yaml vendored
View File

@@ -55,7 +55,7 @@ jobs:
self_signed_cert: ${{ steps.generate_signing_key.outputs.self_signed_cert }}
steps:
- name: Checkout source
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -147,7 +147,7 @@ jobs:
fi
- name: Create build matrix
uses: actions/github-script@v8
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
id: generate_matrix
with:
script: |
@@ -177,15 +177,15 @@ jobs:
}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.11.1
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log in to the GitHub container registry
uses: docker/login-action@v3.5.0
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push
uses: docker/build-push-action@v6.18.0
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
id: build_haos_builder
with:
context: .
@@ -207,7 +207,7 @@ jobs:
echo "self_signed_cert=true" >> $GITHUB_OUTPUT
- name: Create signing key
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: steps.generate_signing_key.outcome == 'success'
with:
name: signing-key
@@ -227,14 +227,14 @@ jobs:
steps:
- name: Checkout source
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
submodules: true
persist-credentials: false
- name: Setup Python version ${{ env.PYTHON_VERSION }}
if: ${{ github.event_name != 'release' }}
uses: actions/setup-python@v6
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: ${{ env.PYTHON_VERSION }}
@@ -260,7 +260,7 @@ jobs:
- name: Get self-signed certificate from the prepare job
if: ${{ needs.prepare.outputs.self_signed_cert == 'true' }}
uses: actions/download-artifact@v5
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: signing-key
@@ -281,7 +281,7 @@ jobs:
df -h
- name: "Restore cache: object files"
uses: actions/cache/restore@v4
uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: /mnt/cache/cc
key: haos-cc-${{ matrix.board.id }}
@@ -329,7 +329,7 @@ jobs:
- name: Upload release assets
if: ${{ github.event_name == 'release' }}
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@59cbc563d11314e48122193f8fe5cdda62ea6cf9 # v1.9.1
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: output/images/haos_*
@@ -344,7 +344,7 @@ jobs:
- name: "Save cache: object files"
if: github.ref == 'refs/heads/dev'
uses: actions/cache/save@v4
uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: /mnt/cache/cc
key: haos-cc-${{ matrix.board.id }}-${{ github.run_id }}
@@ -378,7 +378,7 @@ jobs:
done
- name: Upload OS image artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' && matrix.board.id != 'ova' }}
with:
name: haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.img.xz
@@ -386,7 +386,7 @@ jobs:
output/images/haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.img.xz
- name: Upload RAUC bundle artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' }}
with:
name: haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.raucb
@@ -394,7 +394,7 @@ jobs:
output/images/haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.raucb
- name: Upload Open Virtualization Format (OVA) artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' && matrix.board.id == 'ova' }}
with:
name: haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.ova
@@ -402,7 +402,7 @@ jobs:
output/images/haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.ova
- name: Upload QEMU disk image artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
# Create artifact for ova every time - it's used by the called tests workflow
if: ${{ matrix.board.id == 'ova' || (github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' && matrix.board.id == 'generic-aarch64') }}
with:
@@ -411,7 +411,7 @@ jobs:
output/images/haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.qcow2.xz
- name: Upload VMware Virtual Machine Disk (VMDK) artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' && (matrix.board.id == 'generic-aarch64' || matrix.board.id == 'ova') }}
with:
name: haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.vmdk.zip
@@ -419,7 +419,7 @@ jobs:
output/images/haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.vmdk.zip
- name: Upload VirtualBox Virtual Disk Image (VDI) artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' && matrix.board.id == 'ova' }}
with:
name: haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.vdi.zip
@@ -427,7 +427,7 @@ jobs:
output/images/haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.vdi.zip
- name: Upload Virtual Hard Disk v2 (VHDX) artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: ${{ github.event_name != 'release' && needs.prepare.outputs.publish_build != 'true' && matrix.board.id == 'ova' }}
with:
name: haos_${{ matrix.board.id }}-${{ needs.prepare.outputs.version_full }}.vhdx.zip
@@ -466,7 +466,7 @@ jobs:
steps:
- name: Checkout source
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

2
.github/workflows/label-actions.yml vendored
View File

@@ -14,4 +14,4 @@ jobs:
action:
runs-on: ubuntu-latest
steps:
- uses: dessant/label-actions@v4.0.1
- uses: dessant/label-actions@102faf474a544be75fbaf4df54e73d3c515a0e65 # v4.0.1

2
.github/workflows/lock.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
if: github.repository_owner == 'home-assistant'
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v5.0.1
- uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
with:
github-token: ${{ github.token }}
issue-inactive-days: "30"

6
.github/workflows/pr-checks.yml vendored
View File

@@ -15,17 +15,17 @@ jobs:
python3-flake8
- name: Check out code
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
submodules: true
- name: Check Dockerfile
uses: brpaz/hadolint-action@v1.5.0
uses: brpaz/hadolint-action@c27bd9edc1e95eed30474db8f295ff5807ebca14 # v1.5.0
with:
dockerfile: Dockerfile
- name: Check shell scripts
uses: ludeeus/action-shellcheck@2.0.0
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
with:
ignore_paths: buildroot

2
.github/workflows/release-drafter.yml vendored
View File

@@ -13,6 +13,6 @@ jobs:
pull-requests: read # for release-drafter/release-drafter to read PR content and labels
runs-on: ubuntu-latest
steps:
- uses: release-drafter/release-drafter@v6
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

2
.github/workflows/stale.yml vendored
View File

@@ -19,7 +19,7 @@ jobs:
# - No PRs marked as no-stale or pinned
# - No issues marked as no-stale, help-wanted or pinned
- name: 90 days stale issues & PRs policy
uses: actions/stale@v10.0.0
uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 90

12
.github/workflows/test.yaml vendored
View File

@@ -32,7 +32,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@v5
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -42,7 +42,7 @@ jobs:
sudo apt install -y qemu-system-x86 ovmf
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: 3.12
@@ -57,7 +57,7 @@ jobs:
- name: Get OS image artifact
if: ${{ inputs.use-artifact }}
uses: actions/download-artifact@v5
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: haos_ova-${{ inputs.version }}.qcow2.xz
@@ -77,7 +77,7 @@ jobs:
./tests/run_tests.sh --durations=0 --durations-min=5.0
- name: Archive logs
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: logs
@@ -85,7 +85,7 @@ jobs:
tests/lg_logs/**
- name: Archive JUnit reports
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
if: always()
with:
name: junit_reports
@@ -93,7 +93,7 @@ jobs:
tests/junit_reports/*.xml
- name: Publish test report
uses: mikepenz/action-junit-report@v5
uses: mikepenz/action-junit-report@3585e9575db828022551b4231f165eb59a0e74e3 # v5.6.2
if: always()
with:
report_paths: 'tests/junit_reports/*.xml'