Skip to content

Pin dependencies #855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Pin dependencies #855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 25 additions & 25 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ jobs:
outputs:
docker-tag: ${{ steps.meta.outputs.version }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- uses: actions/setup-node@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 'lts/*'
cache: 'yarn'
Expand Down Expand Up @@ -63,18 +63,18 @@ jobs:
run: yarn generate-disclaimer

- name: Login to ghcr.io
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

- name: Generate Docker metadata
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
env:
DOCKER_METADATA_PR_HEAD_SHA: true
with:
Expand All @@ -87,7 +87,7 @@ jobs:
type=sha,prefix=

- name: Docker build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
id: dockerBuild
with:
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'pull_request' && secrets.GH_APP_OS_APP_ID != '' }}
Expand Down Expand Up @@ -115,7 +115,7 @@ jobs:

- name: Upload SBOM report as a build artifact
if: ${{ success() && steps.dockerBuild.outputs.digest }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: matrix-meetings-widget-sbom-spdx-report
path: 'matrix-meetings-widget.sbom.spdx.json'
Expand All @@ -129,9 +129,9 @@ jobs:
outputs:
docker-tag: ${{ steps.meta.outputs.version }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- uses: actions/setup-node@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 'lts/*'
cache: 'yarn'
Expand Down Expand Up @@ -177,18 +177,18 @@ jobs:
run: yarn generate-disclaimer

- name: Login to ghcr.io
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

- name: Generate Docker metadata
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
env:
DOCKER_METADATA_PR_HEAD_SHA: true
with:
Expand All @@ -201,7 +201,7 @@ jobs:
type=sha,prefix=

- name: Docker build and push
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
id: dockerBuild
with:
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'pull_request' && secrets.GH_APP_OS_APP_ID != '' }}
Expand All @@ -228,7 +228,7 @@ jobs:

- name: Upload SBOM report as a build artifcat
if: ${{ success() && steps.dockerBuild.outputs.digest }}
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: matrix-meetings-bot-sbom-spdx-report
path: 'matrix-meetings-bot.sbom.spdx.json'
Expand All @@ -241,12 +241,12 @@ jobs:
- build-widget
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0 # need main branch to diff against
- name: Set up Helm
uses: azure/setup-helm@v4
- uses: actions/setup-python@v5
uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: '3.14'
check-latest: true
Expand Down Expand Up @@ -293,15 +293,15 @@ jobs:
- build-widget
- build-bot
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
# required for changesets
fetch-depth: '0'
# don't persist the credentials so the changesets action doesn't use the
# github actions token but the git token provided via environment variable
persist-credentials: false

- uses: actions/setup-node@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 'lts/*'
cache: 'yarn'
Expand Down Expand Up @@ -336,9 +336,9 @@ jobs:
- browser: firefox
- browser: webkit
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

- uses: actions/setup-node@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 'lts/*'
cache: 'yarn'
Expand All @@ -353,15 +353,15 @@ jobs:
run: yarn generate-disclaimer

- name: Docker build widget
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
id: dockerBuildWidget
with:
context: ./matrix-meetings-widget/
build-contexts: |
root=./

- name: Docker build bot
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
id: dockerBuildBot
with:
context: .
Expand All @@ -378,7 +378,7 @@ jobs:
working-directory: ./e2e/
run: yarn playwright test --project=${{ matrix.browser }}

- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
if: always()
with:
name: playwright-report-${{ matrix.browser }}
Expand All @@ -403,7 +403,7 @@ jobs:
private_key: ${{ secrets.GH_APP_OS_PRIVATE_KEY }}

- name: Trigger Workflow
uses: actions/github-script@v7
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
with:
github-token: ${{ steps.generate_token.outputs.token }}
script: |
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/publish-release-bot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@ jobs:
steps:
- name: Generate Docker metadata of the existing image
id: meta-existing-tag
uses: docker/metadata-action@v5
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
type=sha,prefix=

- name: Generate Docker metadata of the new image
id: meta-new-tags
uses: docker/metadata-action@v5
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
with:
images: ${{ env.DOCKER_IMAGE }}
labels: |
Expand All @@ -46,7 +46,7 @@ jobs:
echo "FROM $SOURCE_IMAGE" > Dockerfile

- name: Login to ghcr.io
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand All @@ -56,11 +56,11 @@ jobs:
uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

- name: Build and push
id: build_and_push
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
with:
push: true
context: .
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/publish-release-widget.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@ jobs:
steps:
- name: Generate Docker metadata of the existing image
id: meta-existing-tag
uses: docker/metadata-action@v5
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
with:
images: ${{ env.DOCKER_IMAGE }}
tags: |
type=sha,prefix=

- name: Generate Docker metadata of the new image
id: meta-new-tags
uses: docker/metadata-action@v5
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
with:
images: ${{ env.DOCKER_IMAGE }}
labels: |
Expand All @@ -46,7 +46,7 @@ jobs:
echo "FROM $SOURCE_IMAGE" > Dockerfile

- name: Login to ghcr.io
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand All @@ -56,11 +56,11 @@ jobs:
uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3

- name: Build and push
id: build_and_push
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
with:
push: true
context: .
Expand Down
4 changes: 2 additions & 2 deletions charts/matrix-meetings-bot/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ image:
repository: ghcr.io/nordeck/matrix-meetings-bot
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
tag: "@sha256:201744dffdb6bca5393ac478a5a68a450dc6c93f3a23a52923c4173011d2d9c3"

imagePullSecrets: []
nameOverride: ""
Expand Down Expand Up @@ -127,7 +127,7 @@ init:

# use the same version as your homeserver
synapse:
image: matrixdotorg/synapse:v1.123.0
image: matrixdotorg/synapse:v1.123.0@sha256:7e8e20f2c0e7b344ce4d31bab943cb1677ee66de4de0f6a24107e8641a4a8122

postgresClient:
image: docker.io/bitnami/postgresql:17.2.0-debian-12-r10
Expand Down
2 changes: 1 addition & 1 deletion charts/matrix-meetings-widget/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ image:
repository: ghcr.io/nordeck/matrix-meetings-widget
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
tag: "@sha256:dc215ffc6d2bb17357d17bd96c91f044a8bc15b07ce56d30f107e82d5689bad5"

imagePullSecrets: []
nameOverride: ""
Expand Down
12 changes: 6 additions & 6 deletions e2e/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@
"private": true,
"dependencies": {},
"devDependencies": {
"@axe-core/playwright": "^4.11.0",
"@playwright/test": "^1.57.0",
"@types/node": "^22.19.3",
"eslint": "^8.57.0",
"eslint-plugin-playwright": "^1.6.1",
"testcontainers": "^11.11.0"
"@axe-core/playwright": "4.11.0",
"@playwright/test": "1.57.0",
"@types/node": "22.19.7",
"eslint": "8.57.1",
"eslint-plugin-playwright": "1.8.3",
"testcontainers": "11.11.0"
},
"engines": {
"node": ">=20",
Expand Down
6 changes: 3 additions & 3 deletions matrix-meetings-bot/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM aquasec/trivy:latest AS scanner
FROM aquasec/trivy:latest@sha256:05d0126976bdedcd0782a0336f77832dbea1c81b9cc5e4b3a5ea5d2ec863aca7 AS scanner

# Copy yarn.lock to run SBOM scan
COPY yarn.lock /tmp
RUN trivy fs --format spdx-json --scanners "license" /tmp/yarn.lock > /tmp/sbom.spdx.json

FROM node:20-bookworm-slim AS builder
FROM node:20-bookworm-slim@sha256:6c51af7dc83f4708aaac35991306bca8f478351cfd2bda35750a62d7efcf05bb AS builder

WORKDIR /build

Expand All @@ -15,7 +15,7 @@ COPY packages/calendar/lib ./packages/calendar/lib
RUN yarn install --production --frozen-lockfile --network-timeout 1000000

# Runtime image
FROM node:20-bookworm-slim
FROM node:20-bookworm-slim@sha256:6c51af7dc83f4708aaac35991306bca8f478351cfd2bda35750a62d7efcf05bb

ENV NODE_ENV=production
WORKDIR /app
Expand Down
22 changes: 11 additions & 11 deletions matrix-meetings-bot/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,18 +64,18 @@
},
"devDependencies": {
"@nestjs/cli": "10.4.9",
"@types/jest": "^29.5.14",
"@types/lodash": "^4.17.15",
"@types/jest": "29.5.14",
"@types/lodash": "4.17.15",
"@types/luxon": "3.2.2",
"@types/mime-types": "^2.1.4",
"@types/mustache": "^4.2.5",
"@types/node": "^20.19.17",
"@types/uuid": "^9.0.8",
"copyfiles": "^2.4.1",
"depcheck": "^1.4.7",
"dotenv-cli": "^7.4.2",
"eslint": "^8.57.0",
"i18next-cli": "^1.20.1",
"@types/mime-types": "2.1.4",
"@types/mustache": "4.2.5",
"@types/node": "20.19.21",
"@types/uuid": "9.0.8",
"copyfiles": "2.4.1",
"depcheck": "1.4.7",
"dotenv-cli": "7.4.4",
"eslint": "8.57.1",
"i18next-cli": "1.20.4",
"jest": "29.7.0",
"jest-fetch-mock": "3.0.3",
"ts-jest": "29.2.6",
Expand Down
2 changes: 1 addition & 1 deletion matrix-meetings-widget/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM aquasec/trivy:latest AS scanner
FROM aquasec/trivy:latest@sha256:05d0126976bdedcd0782a0336f77832dbea1c81b9cc5e4b3a5ea5d2ec863aca7 AS scanner

# Copy yarn.lock to run SBOM scan
COPY --from=root yarn.lock /tmp
Expand Down
Loading
Loading