From 616d58b757c30d64089f8e8f2d128b1313335cf2 Mon Sep 17 00:00:00 2001
From: zon-renovate <139547744+zon-renovate@users.noreply.github.com>
Date: Thu, 4 Jul 2024 08:09:44 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/build-test-push.yaml      | 12 ++++++------
 .github/workflows/changelog-version.yaml    |  2 +-
 .github/workflows/git-describe.yaml         |  2 +-
 .github/workflows/git-tag.yaml              |  4 ++--
 .github/workflows/k8s-validation.yaml       |  4 ++--
 .github/workflows/nightwatch-build.yaml     |  8 ++++----
 .github/workflows/pre-commit.yaml           |  2 +-
 .github/workflows/release-notification.yaml |  8 ++++----
 .github/workflows/set-images.yaml           |  6 +++---
 9 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/build-test-push.yaml b/.github/workflows/build-test-push.yaml
index 0bb758a..22dbd0a 100644
--- a/.github/workflows/build-test-push.yaml
+++ b/.github/workflows/build-test-push.yaml
@@ -48,7 +48,7 @@ jobs:
       checks: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
           fetch-depth: 0
           submodules: true
@@ -60,7 +60,7 @@ jobs:
           docker compose run --rm ${{ inputs.compose_args }} ${{ inputs.service }} \
             -- ${{ inputs.test_args }}
       - name: Publish test result
-        uses: enricomi/publish-unit-test-result-action@v2
+        uses: enricomi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2
         if: always()
         with:
           junit_files: testing/junit.xml
@@ -71,7 +71,7 @@ jobs:
           docker compose run --rm --entrypoint "tar cvv ${{ inputs.artifacts }}/" ${{ inputs.service }} | tar x
       - name: Store build artifacts
         if: inputs.artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
         with:
           name: artifacts
           path: ${{ inputs.artifacts }}*
@@ -88,7 +88,7 @@ jobs:
           echo "describe=${tag:-$( git describe --tags )}" >> "$GITHUB_ENV"
       - name: Setup auth
         id: baseproject
-        uses: ZeitOnline/gh-action-baseproject@v0
+        uses: ZeitOnline/gh-action-baseproject@8e4cc6e4fea8dced0d6edf3c7da84d1b92c6f610 # v0
         if: inputs.targets
         with:
           project_name: ${{ env.project }}
@@ -103,14 +103,14 @@ jobs:
             docker push $tag
           done
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6
         if: inputs.versions
         with:
           gpg_private_key: ${{ secrets.ZON_OPS_GPG_KEY_PRIVATE }}
           git_user_signingkey: true
           git_commit_gpgsign: true
       - name: Set up Kustomize
-        uses: imranismail/setup-kustomize@v2
+        uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2
         if: inputs.versions
       - name: Pull recent changes
         if: ${{ inputs.versions && github.ref_type == 'branch' }}
diff --git a/.github/workflows/changelog-version.yaml b/.github/workflows/changelog-version.yaml
index 1ed449c..13dfbf8 100644
--- a/.github/workflows/changelog-version.yaml
+++ b/.github/workflows/changelog-version.yaml
@@ -16,7 +16,7 @@ jobs:
       tag: ${{ steps.version.outputs.tag }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Get version
         id: version
         run: |
diff --git a/.github/workflows/git-describe.yaml b/.github/workflows/git-describe.yaml
index e171159..4ffd05d 100644
--- a/.github/workflows/git-describe.yaml
+++ b/.github/workflows/git-describe.yaml
@@ -16,7 +16,7 @@ jobs:
       describe: ${{ steps.ghd.outputs.describe }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
           fetch-depth: 0
       - name: Git describe
diff --git a/.github/workflows/git-tag.yaml b/.github/workflows/git-tag.yaml
index 9cd80b4..fe78291 100644
--- a/.github/workflows/git-tag.yaml
+++ b/.github/workflows/git-tag.yaml
@@ -14,9 +14,9 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6
         with:
           gpg_private_key: ${{ secrets.ZON_OPS_GPG_KEY_PRIVATE }}
           git_user_signingkey: true
diff --git a/.github/workflows/k8s-validation.yaml b/.github/workflows/k8s-validation.yaml
index 268715b..81555ab 100644
--- a/.github/workflows/k8s-validation.yaml
+++ b/.github/workflows/k8s-validation.yaml
@@ -9,9 +9,9 @@ jobs:
       contents: read
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
     - name: Set up kubectl
-      uses: azure/setup-kubectl@v4
+      uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4
     - name: Generate manifests
       run: |
         mkdir manifests
diff --git a/.github/workflows/nightwatch-build.yaml b/.github/workflows/nightwatch-build.yaml
index de8b137..0b1b692 100644
--- a/.github/workflows/nightwatch-build.yaml
+++ b/.github/workflows/nightwatch-build.yaml
@@ -29,7 +29,7 @@ jobs:
       tag: ${{ steps.tag.outputs.tag }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Set tag
         id: tag
         run: date +tag=%Y%m%d%H%M%S >> "$GITHUB_OUTPUT"
@@ -44,7 +44,7 @@ jobs:
           echo "image=${{ vars.GAR_DOCKER_REGISTRY }}/$project-nightwatch" >> "$GITHUB_ENV"
           echo "tag=${{ steps.tag.outputs.tag }}" >> "$GITHUB_ENV"
       - name: Setup auth
-        uses: ZeitOnline/gh-action-baseproject@v0
+        uses: ZeitOnline/gh-action-baseproject@8e4cc6e4fea8dced0d6edf3c7da84d1b92c6f610 # v0
         with:
           project_name: ${{ env.project }}
           environment: staging
@@ -53,11 +53,11 @@ jobs:
           gar_docker_auth: true
           vault_export_token: true
       - name: Setup buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3
         with:
           driver: docker
       - name: Build & push image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: smoketest
           target: nightwatch
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
index 02a0741..7fa5083 100644
--- a/.github/workflows/pre-commit.yaml
+++ b/.github/workflows/pre-commit.yaml
@@ -8,7 +8,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Install pre-commit
         run: pip install pre-commit
       - name: Run code checks
diff --git a/.github/workflows/release-notification.yaml b/.github/workflows/release-notification.yaml
index ccdee81..dbdb56d 100644
--- a/.github/workflows/release-notification.yaml
+++ b/.github/workflows/release-notification.yaml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       - name: Set variables
         id: vars
@@ -47,14 +47,14 @@ jobs:
 
       - name: Baseproject
         id: baseproject
-        uses: ZeitOnline/gh-action-baseproject@v0
+        uses: ZeitOnline/gh-action-baseproject@8e4cc6e4fea8dced0d6edf3c7da84d1b92c6f610 # v0
         with:
             project_name: ${{ env.project }}
             environment: production
 
       - name: Retrieve secrets from Vault
         id: vault-secrets
-        uses: hashicorp/vault-action@v2.8.1
+        uses: hashicorp/vault-action@9c2d817b85b9fff56bcab21cb74b485aee9e9d73 # v2.8.1
         with:
             method: jwt
             url: ${{ steps.baseproject.outputs.vault_addr }}
@@ -64,7 +64,7 @@ jobs:
                 zon/v1/slack/hackbot HOOK_TOKEN;
 
       - name: Post release in slack channel
-        uses: fjogeleit/http-request-action@v1
+        uses: fjogeleit/http-request-action@44816be1eabb9c1122d8d775923f39bbe55c67a3 # v1
         with:
             url: "https://hackbot.zon.zeit.de/${{ steps.vault-secrets.outputs.HOOK_TOKEN }}/deployment/releases"
             method: 'POST'
diff --git a/.github/workflows/set-images.yaml b/.github/workflows/set-images.yaml
index 115257d..0e7bb80 100644
--- a/.github/workflows/set-images.yaml
+++ b/.github/workflows/set-images.yaml
@@ -17,15 +17,15 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6
         with:
           gpg_private_key: ${{ secrets.ZON_OPS_GPG_KEY_PRIVATE }}
           git_user_signingkey: true
           git_commit_gpgsign: true
       - name: Set up Kustomize
-        uses: imranismail/setup-kustomize@v2
+        uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2
       - name: Set image tags
         run: |
           cd ${{ inputs.location }}