diff --git a/.github/actions/build-generator/action.yaml b/.github/actions/build-generator/action.yaml index d50f402b..db91ef51 100644 --- a/.github/actions/build-generator/action.yaml +++ b/.github/actions/build-generator/action.yaml @@ -8,7 +8,7 @@ inputs: runs: using: "composite" steps: - - uses: freckle/stack-action@v5 + - uses: freckle/stack-action@acc59ce470bb6f7b20e1469d6c520a1b27a36818 # v5 with: working-directory: "./generator/" stack-build-arguments: "${{ github.ref_name != 'main' && '--fast' || '' }} --pedantic" diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index d59152a6..19858833 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -60,9 +60,9 @@ jobs: - ghc: '9.6.7' ghc_minor: '9.6' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: build + smoke test [${{ matrix.ghc }}] - uses: nick-invision/retry@v3.0.0 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 with: timeout_minutes: 8 max_attempts: 3 @@ -71,7 +71,7 @@ jobs: -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ ${{ matrix.ghc_minor }}/${{ matrix.deb }} \ --build-arg "BUILDKIT_DOCKERFILE_CHECK=skip=SecretsUsedInArgOrEnv;error=true" - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: docker-library/official-images path: official-images @@ -110,7 +110,7 @@ jobs: deb: 'bullseye' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: docker build and test [arm64 ${{ matrix.ghc }}] run: | docker build --pull --progress=plain \ @@ -124,7 +124,7 @@ jobs: docker run \ -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ bash -c "echo | ghci" - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: repository: docker-library/official-images path: official-images diff --git a/.github/workflows/gen-pop-cache.yaml b/.github/workflows/gen-pop-cache.yaml index f7cf0931..113544d9 100644 --- a/.github/workflows/gen-pop-cache.yaml +++ b/.github/workflows/gen-pop-cache.yaml @@ -7,5 +7,5 @@ jobs: populate-cache: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./.github/actions/build-generator diff --git a/.github/workflows/generator.yml b/.github/workflows/generator.yml index 92c5e90e..e19e76d1 100644 --- a/.github/workflows/generator.yml +++ b/.github/workflows/generator.yml @@ -15,7 +15,7 @@ jobs: build: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v5.0.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./.github/actions/build-generator # with: # debug_mode: ${{ github.event.inputs.debug_mode }} @@ -29,7 +29,7 @@ jobs: mkdir -p ../artifacts stack --local-bin-path=../artifacts install - name: Upload generated artifact to a release - uses: softprops/action-gh-release@v2.4.1 + uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 with: name: Generator tag_name: generator-binary diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c888f861..f1a7dbe7 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: hadolint: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 - - uses: hadolint/hadolint-action@v3.1.0 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 with: recursive: true diff --git a/9.0/buster/Dockerfile b/9.0/buster/Dockerfile index 47677595..292a06c5 100644 --- a/9.0/buster/Dockerfile +++ b/9.0/buster/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:buster@sha256:c9285bcb198c0ae171bfc350a4af94ddfda547c4e4d2900a92c280232319341e ENV LANG=C.UTF-8 diff --git a/9.0/slim-buster/Dockerfile b/9.0/slim-buster/Dockerfile index d70fd8c1..30615150 100644 --- a/9.0/slim-buster/Dockerfile +++ b/9.0/slim-buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc ENV LANG=C.UTF-8 diff --git a/9.10/bookworm/Dockerfile b/9.10/bookworm/Dockerfile index d71e41ce..cf93aadc 100644 --- a/9.10/bookworm/Dockerfile +++ b/9.10/bookworm/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm +FROM debian:bookworm@sha256:ed4fcc40bb1162b6d2d32e7bec15044d13963779abbe63f67f1cd62b06220519 ENV LANG=C.UTF-8 diff --git a/9.10/bullseye/Dockerfile b/9.10/bullseye/Dockerfile index 8535912a..30601b59 100644 --- a/9.10/bullseye/Dockerfile +++ b/9.10/bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:aeec37aebc55ca5cc6fcfb8d5f6ae2fd43d5017ad849e6e2fdb5325d61e144db ENV LANG=C.UTF-8 diff --git a/9.10/buster/Dockerfile b/9.10/buster/Dockerfile index ea9e722e..e84f0ae7 100644 --- a/9.10/buster/Dockerfile +++ b/9.10/buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster +FROM debian:buster@sha256:58ce6f1271ae1c8a2006ff7d3e54e9874d839f573d8009c20154ad0f2fb0a225 ENV LANG=C.UTF-8 diff --git a/9.10/slim-bookworm/Dockerfile b/9.10/slim-bookworm/Dockerfile index ddc94da6..c7733f78 100644 --- a/9.10/slim-bookworm/Dockerfile +++ b/9.10/slim-bookworm/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-slim +FROM debian:bookworm-slim@sha256:0104b334637a5f19aa9c983a91b54c89887c0984081f2068983107a6f6c21eeb ENV LANG=C.UTF-8 diff --git a/9.10/slim-bullseye/Dockerfile b/9.10/slim-bullseye/Dockerfile index f54d31f0..082ba38e 100644 --- a/9.10/slim-bullseye/Dockerfile +++ b/9.10/slim-bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bullseye-slim@sha256:cd1bc32f233a49f1b82149c9edb8ef34fb1e6c45f37211445c51a97603468604 ENV LANG=C.UTF-8 diff --git a/9.10/slim-buster/Dockerfile b/9.10/slim-buster/Dockerfile index 11bc6156..0b050634 100644 --- a/9.10/slim-buster/Dockerfile +++ b/9.10/slim-buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc ENV LANG=C.UTF-8 diff --git a/9.12/bookworm/Dockerfile b/9.12/bookworm/Dockerfile index 7f45c582..777c9241 100644 --- a/9.12/bookworm/Dockerfile +++ b/9.12/bookworm/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm +FROM debian:bookworm@sha256:ed4fcc40bb1162b6d2d32e7bec15044d13963779abbe63f67f1cd62b06220519 ENV LANG=C.UTF-8 diff --git a/9.12/bullseye/Dockerfile b/9.12/bullseye/Dockerfile index 6e7cf8db..1c63b11d 100644 --- a/9.12/bullseye/Dockerfile +++ b/9.12/bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:aeec37aebc55ca5cc6fcfb8d5f6ae2fd43d5017ad849e6e2fdb5325d61e144db ENV LANG=C.UTF-8 diff --git a/9.12/slim-bookworm/Dockerfile b/9.12/slim-bookworm/Dockerfile index 867c8aa2..628f26fa 100644 --- a/9.12/slim-bookworm/Dockerfile +++ b/9.12/slim-bookworm/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-slim +FROM debian:bookworm-slim@sha256:0104b334637a5f19aa9c983a91b54c89887c0984081f2068983107a6f6c21eeb ENV LANG=C.UTF-8 diff --git a/9.12/slim-bullseye/Dockerfile b/9.12/slim-bullseye/Dockerfile index 3ee58268..25f8fdf9 100644 --- a/9.12/slim-bullseye/Dockerfile +++ b/9.12/slim-bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bullseye-slim@sha256:cd1bc32f233a49f1b82149c9edb8ef34fb1e6c45f37211445c51a97603468604 ENV LANG=C.UTF-8 diff --git a/9.14/bookworm/Dockerfile b/9.14/bookworm/Dockerfile index 9d4b1d14..18d13fa8 100644 --- a/9.14/bookworm/Dockerfile +++ b/9.14/bookworm/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm +FROM debian:bookworm@sha256:ed4fcc40bb1162b6d2d32e7bec15044d13963779abbe63f67f1cd62b06220519 ENV LANG=C.UTF-8 diff --git a/9.14/bullseye/Dockerfile b/9.14/bullseye/Dockerfile index dcb14e85..9892460b 100644 --- a/9.14/bullseye/Dockerfile +++ b/9.14/bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:aeec37aebc55ca5cc6fcfb8d5f6ae2fd43d5017ad849e6e2fdb5325d61e144db ENV LANG=C.UTF-8 diff --git a/9.14/slim-bookworm/Dockerfile b/9.14/slim-bookworm/Dockerfile index 82be4096..79fa5c7d 100644 --- a/9.14/slim-bookworm/Dockerfile +++ b/9.14/slim-bookworm/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-slim +FROM debian:bookworm-slim@sha256:0104b334637a5f19aa9c983a91b54c89887c0984081f2068983107a6f6c21eeb ENV LANG=C.UTF-8 diff --git a/9.14/slim-bullseye/Dockerfile b/9.14/slim-bullseye/Dockerfile index a0d2f458..3b552d99 100644 --- a/9.14/slim-bullseye/Dockerfile +++ b/9.14/slim-bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bullseye-slim@sha256:cd1bc32f233a49f1b82149c9edb8ef34fb1e6c45f37211445c51a97603468604 ENV LANG=C.UTF-8 diff --git a/9.2/buster/Dockerfile b/9.2/buster/Dockerfile index ad468ab7..da591d5b 100644 --- a/9.2/buster/Dockerfile +++ b/9.2/buster/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:buster@sha256:c9285bcb198c0ae171bfc350a4af94ddfda547c4e4d2900a92c280232319341e ENV LANG=C.UTF-8 diff --git a/9.2/slim-buster/Dockerfile b/9.2/slim-buster/Dockerfile index 9766768d..933b1b91 100644 --- a/9.2/slim-buster/Dockerfile +++ b/9.2/slim-buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc ENV LANG=C.UTF-8 diff --git a/9.4/bullseye/Dockerfile b/9.4/bullseye/Dockerfile index f8ecae40..58302d6c 100644 --- a/9.4/bullseye/Dockerfile +++ b/9.4/bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:aeec37aebc55ca5cc6fcfb8d5f6ae2fd43d5017ad849e6e2fdb5325d61e144db ENV LANG=C.UTF-8 diff --git a/9.4/buster/Dockerfile b/9.4/buster/Dockerfile index 770756fb..122835d2 100644 --- a/9.4/buster/Dockerfile +++ b/9.4/buster/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:buster@sha256:c9285bcb198c0ae171bfc350a4af94ddfda547c4e4d2900a92c280232319341e ENV LANG=C.UTF-8 diff --git a/9.4/slim-bullseye/Dockerfile b/9.4/slim-bullseye/Dockerfile index 6605f36f..4ffd6b07 100644 --- a/9.4/slim-bullseye/Dockerfile +++ b/9.4/slim-bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bullseye-slim@sha256:cd1bc32f233a49f1b82149c9edb8ef34fb1e6c45f37211445c51a97603468604 ENV LANG=C.UTF-8 diff --git a/9.4/slim-buster/Dockerfile b/9.4/slim-buster/Dockerfile index 8ae51d1e..fe2ef34f 100644 --- a/9.4/slim-buster/Dockerfile +++ b/9.4/slim-buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc ENV LANG=C.UTF-8 diff --git a/9.6/bullseye/Dockerfile b/9.6/bullseye/Dockerfile index d372ef40..721fd61f 100644 --- a/9.6/bullseye/Dockerfile +++ b/9.6/bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:aeec37aebc55ca5cc6fcfb8d5f6ae2fd43d5017ad849e6e2fdb5325d61e144db ENV LANG=C.UTF-8 diff --git a/9.6/buster/Dockerfile b/9.6/buster/Dockerfile index 1d6d7644..42c1c49b 100644 --- a/9.6/buster/Dockerfile +++ b/9.6/buster/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:buster@sha256:c9285bcb198c0ae171bfc350a4af94ddfda547c4e4d2900a92c280232319341e ENV LANG=C.UTF-8 diff --git a/9.6/slim-bullseye/Dockerfile b/9.6/slim-bullseye/Dockerfile index cb9235b0..5409b70b 100644 --- a/9.6/slim-bullseye/Dockerfile +++ b/9.6/slim-bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bullseye-slim@sha256:cd1bc32f233a49f1b82149c9edb8ef34fb1e6c45f37211445c51a97603468604 ENV LANG=C.UTF-8 diff --git a/9.6/slim-buster/Dockerfile b/9.6/slim-buster/Dockerfile index 7db44f0d..ad26eb1d 100644 --- a/9.6/slim-buster/Dockerfile +++ b/9.6/slim-buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc ENV LANG=C.UTF-8 diff --git a/9.8/bullseye/Dockerfile b/9.8/bullseye/Dockerfile index 006153ac..78b2a3c1 100644 --- a/9.8/bullseye/Dockerfile +++ b/9.8/bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye +FROM debian:bullseye@sha256:aeec37aebc55ca5cc6fcfb8d5f6ae2fd43d5017ad849e6e2fdb5325d61e144db ENV LANG=C.UTF-8 diff --git a/9.8/buster/Dockerfile b/9.8/buster/Dockerfile index 5f18db77..1bf6fa9c 100644 --- a/9.8/buster/Dockerfile +++ b/9.8/buster/Dockerfile @@ -1,4 +1,4 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:buster@sha256:c9285bcb198c0ae171bfc350a4af94ddfda547c4e4d2900a92c280232319341e ENV LANG=C.UTF-8 diff --git a/9.8/slim-bullseye/Dockerfile b/9.8/slim-bullseye/Dockerfile index a7999654..99ec1c03 100644 --- a/9.8/slim-bullseye/Dockerfile +++ b/9.8/slim-bullseye/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bullseye-slim +FROM debian:bullseye-slim@sha256:cd1bc32f233a49f1b82149c9edb8ef34fb1e6c45f37211445c51a97603468604 ENV LANG=C.UTF-8 diff --git a/9.8/slim-buster/Dockerfile b/9.8/slim-buster/Dockerfile index f02c5e59..51f281d8 100644 --- a/9.8/slim-buster/Dockerfile +++ b/9.8/slim-buster/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:buster-slim@sha256:bb3dc79fddbca7e8903248ab916bb775c96ec61014b3d02b4f06043b604726dc ENV LANG=C.UTF-8