From ff7ea4e5f3eb9808a5c2ee38a8dc432d7dc0f643 Mon Sep 17 00:00:00 2001 From: Tadashi Shigeoka Date: Mon, 30 Mar 2026 17:13:47 +0900 Subject: [PATCH] pin GitHub Actions to full-length commit SHA --- .github/workflows/terraform-all-test.yml | 6 +++--- .github/workflows/terraform-apply.yml | 8 ++++---- .github/workflows/terraform-plan.yml | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/terraform-all-test.yml b/.github/workflows/terraform-all-test.yml index 3f65040..8cf49e6 100644 --- a/.github/workflows/terraform-all-test.yml +++ b/.github/workflows/terraform-all-test.yml @@ -27,10 +27,10 @@ jobs: steps: - name: Clone repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Tfsec - uses: aquasecurity/tfsec-pr-commenter-action@v1.3.1 + uses: aquasecurity/tfsec-pr-commenter-action@7a44c5dcde5dfab737363e391800629e27b6376b # v1.3.1 with: github_token: ${{ github.token }} tfsec_args: --ignore-hcl-errors @@ -40,7 +40,7 @@ jobs: run: echo "version=$(cat .terraform-version)" >> $GITHUB_OUTPUT - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 with: terraform_version: ${{ steps.check.outputs.version }} diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 050e40b..15c8b6a 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -35,14 +35,14 @@ jobs: steps: - name: Clone repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Get Terraform version id: check run: echo "version=$(cat .terraform-version)" >> ${GITHUB_OUTPUT} - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 with: terraform_version: ${{ steps.check.outputs.version }} @@ -51,13 +51,13 @@ jobs: make prepare GITHUB_ACTIONS=true APP_ID=${{ variables.< Terraform Apply用に作成したGitHub AppのAPP IDの値を設定したSecret key > }} APP_INSTALLATION_ID=${{ variables.< Terraform Apply用に作成したGitHub AppのINSTALLATION IDの値を設定したSecret key > }} - name: Setup tfcmt - uses: shmokmt/actions-setup-tfcmt@v2 + uses: shmokmt/actions-setup-tfcmt@04d5aa6dc61eaa69a4d00257224c9b97f4857819 # v2 with: version: v4.8.0 - name: Generate token id: generate_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 with: app-id: ${{ variables.< Terraform Apply用に作成したGitHub AppのAPP IDの値を設定したSecret key > }} private-key: ${{ secrets.< Terraform Apply用に作成したGitHub AppのPRIVATE KEYの値を設定したSecret key > }} diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index 1316e92..e4b7d88 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -25,25 +25,25 @@ jobs: steps: - name: Clone repo - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Get Terraform version id: check run: echo "version=$(cat .terraform-version)" >> $GITHUB_OUTPUT - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 with: terraform_version: ${{ steps.check.outputs.version }} - name: Setup tfcmt - uses: shmokmt/actions-setup-tfcmt@v2 + uses: shmokmt/actions-setup-tfcmt@04d5aa6dc61eaa69a4d00257224c9b97f4857819 # v2 with: version: v4.8.0 - name: Generate token id: generate_token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 with: app-id: ${{ variables.< Terraform Plan用に作成したGitHub AppのAPP IDの値を設定したSecret key > }} private-key: ${{ secrets.< Terraform Apply用に作成したGitHub AppのPRIVATE KEYの値を設定したSecret key > }}