Update dependencies in GitHub Actions automatically (#25)

* Use pinned versions in GitHub Actions we consume To help ensure that our builds are idempotent and reproducible. * Keep actions dependencies up to date automatically Using [Dependabot for this][1] [1]: https://docs.github.com/en/github/administering-a-repository/keeping-your-actions-up-to-date-with-github-dependabot
SpectoLabs · Aug 10, 2020 · ddc3438 · ddc3438
1 parent 75b6af5
commit ddc3438
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 21 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+---
+# Set update schedule for GitHub Actions
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"
diff --git a/.github/workflows/check_semver_labels.yml b/.github/workflows/check_semver_labels.yml
@@ -15,7 +15,7 @@ jobs:
     name: Check for semantic version label
     runs-on: ubuntu-latest
     steps:
-      - uses: docker://agilepathway/pull-request-label-checker:latest
+      - uses: docker://agilepathway/pull-request-label-checker:v1.0.8
         with:
           one_of: major,minor,patch
           repo_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/github_tag_and_release.yml b/.github/workflows/github_tag_and_release.yml
@@ -27,17 +27,17 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.2
         with:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v2.1.1
         with:
           go-version: 1.14
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v2.1.1
         with:
           version: latest
           args: release --rm-dist

diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v2.3.2
       - name: hadolint
-        uses: reviewdog/action-hadolint@v1
+        uses: reviewdog/action-hadolint@v1.6.0
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-check
@@ -21,9 +21,9 @@ jobs:
     name: runner / yamllint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: yamllint
-        uses: reviewdog/action-yamllint@v1
+        uses: reviewdog/action-yamllint@v1.1.0
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-check
@@ -32,9 +32,9 @@ jobs:
     name: runner / shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: shellcheck
-        uses: reviewdog/action-shellcheck@v1
+        uses: reviewdog/action-shellcheck@v1.4.0
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-check
@@ -46,8 +46,8 @@ jobs:
     name: runner / misspell
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: reviewdog/action-misspell@v1
+      - uses: actions/checkout@v2.3.2
+      - uses: reviewdog/action-misspell@v1.5.0
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-check
@@ -56,8 +56,8 @@ jobs:
     name: runner / languagetool
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: reviewdog/action-languagetool@v1
+      - uses: actions/checkout@v2.3.2
+      - uses: reviewdog/action-languagetool@v1.3.0
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-check

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -15,7 +15,7 @@ jobs:
     name: Install latest version by default
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
         with:
@@ -34,7 +34,7 @@ jobs:
     env:
       HOVERFLY_VERSION: v1.2.0
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
         with:
@@ -52,7 +52,7 @@ jobs:
     env:
       HOVERFLY_VERSION: "1.2.0"
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
         with:
@@ -68,7 +68,7 @@ jobs:
     name: Install fails when no runner GitHub workspace path provided
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
       - name: Assert Hoverfly not installed
@@ -81,7 +81,7 @@ jobs:
     name: Install fails when incorrect runner GitHub workspace path provided
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
         with:  # Invalid runner_github_workspace_path (must be <dollarsign>{{ github.workspace}})
@@ -96,7 +96,7 @@ jobs:
     name: Enable https simulations
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
         with:
@@ -117,7 +117,7 @@ jobs:
     name: Verify https simulations will not work without script
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v2.3.2
       - name: Install Hoverfly
         uses: ./
         with: