diff --git a/.github/workflows/ai-platform-snippets.yaml b/.github/workflows/ai-platform-snippets.yaml index 1334228b50..10270789f9 100644 --- a/.github/workflows/ai-platform-snippets.yaml +++ b/.github/workflows/ai-platform-snippets.yaml @@ -50,7 +50,7 @@ jobs: create_credentials_file: 'true' access_token_lifetime: 600s - id: secrets - uses: 'google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713' # v2 + uses: 'google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce' # v2 with: secrets: |- caip_id:nodejs-docs-samples-tests/nodejs-docs-samples-ai-platform-caip-project-id @@ -62,7 +62,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -82,7 +82,7 @@ jobs: CAIP_PROJECT_ID: ${{ steps.secrets.outputs.caip_id }} - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/ci-dev.yaml b/.github/workflows/ci-dev.yaml index 19a9fdb046..02e02c7afa 100644 --- a/.github/workflows/ci-dev.yaml +++ b/.github/workflows/ci-dev.yaml @@ -34,10 +34,10 @@ jobs: nodejs-paths: ${{ steps.nodejs.outputs.paths }} nodejs-setups: ${{ steps.nodejs.outputs.setups }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 with: go-version: ${{ env.GO_VERSION }} - run: go build -o ${{ github.workspace }}/tools ./cmd/... @@ -67,20 +67,20 @@ jobs: steps: - name: CI Setup run: echo "${{ env.CI_SETUP }}" - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4 with: node-version: ${{ fromJson(env.CI_SETUP).node-version }} - - uses: google-github-actions/auth@v2 + - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2 with: project_id: ${{ fromJson(env.CI_SETUP).project-id }} workload_identity_provider: ${{ fromJson(env.CI_SETUP).workload-identity-provider }} service_account: ${{ fromJson(env.CI_SETUP).service-account }} access_token_lifetime: ${{ fromJson(env.CI_SETUP).access-token-lifetime }} - name: Export environment variables - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 id: vars with: script: | @@ -99,7 +99,7 @@ jobs: .map(key => `${key}:${setup.secrets[key]}`) .join('\n'), } - - uses: google-github-actions/get-secretmanager-secrets@v2 + - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: secrets: ${{ fromJson(steps.vars.outputs.result).secrets }} diff --git a/.github/workflows/ci-prod.yaml b/.github/workflows/ci-prod.yaml index dbf619cc03..b973c21bb1 100644 --- a/.github/workflows/ci-prod.yaml +++ b/.github/workflows/ci-prod.yaml @@ -34,10 +34,10 @@ jobs: nodejs-paths: ${{ steps.nodejs.outputs.paths }} nodejs-setups: ${{ steps.nodejs.outputs.setups }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 with: go-version: ${{ env.GO_VERSION }} - run: go build -o ${{ github.workspace }}/tools ./cmd/... @@ -56,8 +56,8 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4 with: node-version: 20 - run: make lint @@ -79,20 +79,20 @@ jobs: steps: - name: CI Setup run: echo "${{ env.CI_SETUP }}" - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4 with: node-version: ${{ fromJson(env.CI_SETUP).node-version }} - - uses: google-github-actions/auth@v2 + - uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2 with: project_id: ${{ fromJson(env.CI_SETUP).project-id }} workload_identity_provider: ${{ fromJson(env.CI_SETUP).workload-identity-provider }} service_account: ${{ fromJson(env.CI_SETUP).service-account }} access_token_lifetime: ${{ fromJson(env.CI_SETUP).access-token-lifetime }} - name: Export environment variables - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 id: vars with: script: | @@ -111,7 +111,7 @@ jobs: .map(key => `${key}:${setup.secrets[key]}`) .join('\n'), } - - uses: google-github-actions/get-secretmanager-secrets@v2 + - uses: google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce # v2 if: ${{ fromJson(steps.vars.outputs.result).secrets }} with: secrets: ${{ fromJson(steps.vars.outputs.result).secrets }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c916230d83..cd2f828a4d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4 + - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4 with: node-version: 18 - run: npm install diff --git a/.github/workflows/cloud-samples-tools-test.yaml b/.github/workflows/cloud-samples-tools-test.yaml index b6f9508c53..036886ba87 100644 --- a/.github/workflows/cloud-samples-tools-test.yaml +++ b/.github/workflows/cloud-samples-tools-test.yaml @@ -35,8 +35,8 @@ jobs: run: working-directory: .github/cloud-samples-tools steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 with: go-version: ${{ env.GO_VERSION }} - name: Go vet @@ -52,8 +52,8 @@ jobs: run: working-directory: .github/cloud-samples-tools steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5 with: go-version: ${{ env.GO_VERSION }} - name: Run tests diff --git a/.github/workflows/dialogflow-cx.yaml b/.github/workflows/dialogflow-cx.yaml index 716b9bc59d..4165ead7dc 100644 --- a/.github/workflows/dialogflow-cx.yaml +++ b/.github/workflows/dialogflow-cx.yaml @@ -50,7 +50,7 @@ jobs: create_credentials_file: 'true' access_token_lifetime: 600s - id: secrets - uses: 'google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713' # v2 + uses: 'google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce' # v2 with: secrets: |- agent_id:nodejs-docs-samples-tests/nodejs-docs-samples-dialogflow-cx-agent-id @@ -62,7 +62,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -84,7 +84,7 @@ jobs: AGENT_PROJECT_ID: nodejs-docs-samples-tests - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/functions-slack.yaml b/.github/workflows/functions-slack.yaml index 1e405a5b1e..f491831cf7 100644 --- a/.github/workflows/functions-slack.yaml +++ b/.github/workflows/functions-slack.yaml @@ -50,7 +50,7 @@ jobs: create_credentials_file: 'true' access_token_lifetime: 600s - id: secrets - uses: 'google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713' # v2 + uses: 'google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce' # v2 with: secrets: |- slack_secret:nodejs-docs-samples-tests/nodejs-docs-samples-slack-secret @@ -62,7 +62,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -83,7 +83,7 @@ jobs: KG_API_KEY: ${{ steps.secrets.outputs.kg_api_key }} - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/generative-ai-snippets.yaml b/.github/workflows/generative-ai-snippets.yaml index 0fa2215f8b..d07507d265 100644 --- a/.github/workflows/generative-ai-snippets.yaml +++ b/.github/workflows/generative-ai-snippets.yaml @@ -53,7 +53,7 @@ jobs: create_credentials_file: 'true' access_token_lifetime: 600s - id: secrets - uses: 'google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713' # v2 + uses: 'google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce' # v2 with: secrets: |- caip_id:nodejs-docs-samples-tests/nodejs-docs-samples-ai-platform-caip-project-id @@ -66,7 +66,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -92,7 +92,7 @@ jobs: DATASTORE_ID: ${{ steps.secrets.outputs.datastore_id }} - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/iam-deny.yaml b/.github/workflows/iam-deny.yaml index 2eb651f803..01dda43e44 100644 --- a/.github/workflows/iam-deny.yaml +++ b/.github/workflows/iam-deny.yaml @@ -60,7 +60,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -81,7 +81,7 @@ jobs: - run: npm test - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/security-center-snippets.yaml b/.github/workflows/security-center-snippets.yaml index b4aaa94ace..fe9b15ebaa 100644 --- a/.github/workflows/security-center-snippets.yaml +++ b/.github/workflows/security-center-snippets.yaml @@ -59,7 +59,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -84,7 +84,7 @@ jobs: GOOGLE_SAMPLES_PROJECT: "long-door-651" - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/storagetransfer.yaml b/.github/workflows/storagetransfer.yaml index f76307eb3d..66ec57caa9 100644 --- a/.github/workflows/storagetransfer.yaml +++ b/.github/workflows/storagetransfer.yaml @@ -53,7 +53,7 @@ jobs: create_credentials_file: 'true' access_token_lifetime: 600s - id: secrets - uses: 'google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713' # v2 + uses: 'google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce' # v2 with: secrets: |- sts_aws_secret:nodejs-docs-samples-tests/nodejs-docs-samples-storagetransfer-aws @@ -65,7 +65,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -92,7 +92,7 @@ jobs: AZURE_SAS_TOKEN: ${{ fromJSON(steps.secrets.outputs.sts_azure_secret).SAS }} - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index f2acab7028..0dd4cb9f49 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -47,7 +47,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -67,7 +67,7 @@ jobs: GOOGLE_SAMPLES_PROJECT: "long-door-651" - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: test-results path: ${{ inputs.path }}/${{ env.MOCHA_REPORTER_OUTPUT }} diff --git a/.github/workflows/vision.yaml b/.github/workflows/vision.yaml index 97b4920307..949f8714e0 100644 --- a/.github/workflows/vision.yaml +++ b/.github/workflows/vision.yaml @@ -53,7 +53,7 @@ jobs: create_credentials_file: 'true' access_token_lifetime: 600s - id: secrets - uses: 'google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713' # v2 + uses: 'google-github-actions/get-secretmanager-secrets@e5bb06c2ca53b244f978d33348d18317a7f263ce' # v2 with: secrets: |- vision:nodejs-docs-samples-tests/nodejs-docs-samples-vision @@ -64,7 +64,7 @@ jobs: id: npm-cache-dir shell: bash run: echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 id: npm-cache with: path: ${{ steps.npm-cache-dir.outputs.dir }} @@ -87,7 +87,7 @@ jobs: REDIS_HOST: ${{ steps.secrets.outputs.vision.REDIS_HOST }} - name: upload test results for FlakyBot workflow if: github.event.action == 'schedule' && always() - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 env: MOCHA_REPORTER_OUTPUT: "${{github.run_id}}_sponge_log.xml" with: