@@ -23,15 +23,15 @@ jobs:
2323 run :
2424 working-directory : ./okta/okta-terraform-provisioning
2525 steps :
26- - uses : ' actions/checkout@v3 '
26+ - uses : ' actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 ' # v3.6.0
2727
2828 - id : ' google-cloud-auth'
2929 name : ' Authenticate to Google Cloud'
30- uses : ' google-github-actions/auth@v1 '
30+ uses : ' google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69 ' # v1.3.0
3131 with :
3232 credentials_json : ' ${{ secrets.GOOGLE_CREDENTIALS }}'
3333
34- - uses : hashicorp/setup-terraform@v2
34+ - uses : hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
3535 with :
3636 terraform_wrapper : false
3737
5757 contents : write
5858
5959 steps :
60- - uses : ' actions/checkout@v3 '
60+ - uses : ' actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 ' # v3.6.0
6161
6262 - name : Scan ${{ vars.OKTA_ORG_NAME }} Terraform HCL (pre-plan)
6363 run : |
@@ -74,19 +74,19 @@ jobs:
7474
7575 steps :
7676 - name : Check out repository code
77- uses : actions/checkout@v3
77+ uses : actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
7878
7979 - id : ' google-cloud-auth'
8080 name : ' Authenticate to Google Cloud'
81- uses : ' google-github-actions/auth@v1 '
81+ uses : ' google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69 ' # v1.3.0
8282 with :
8383 credentials_json : ' ${{ secrets.GOOGLE_CREDENTIALS }}'
8484
8585 - name : Mitigate that fancy action/cache@v3 does not work with busybox tar on alpine
8686 run : apk add --no-cache tar
8787
8888 - name : Use cache to share files between jobs
89- uses : actions/cache@v3
89+ uses : actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0
9090 id : terraform-plan
9191 with :
9292 key : ${{ runner.os }}-terraform-${{ hashFiles('**/okta/okta-terraform-provisioning/**') }}
@@ -109,10 +109,10 @@ jobs:
109109
110110 steps :
111111 - name : Check out repository code
112- uses : actions/checkout@v3
112+ uses : actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
113113
114114 - name : Use cache to share files between jobs
115- uses : actions/cache@v3
115+ uses : actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0
116116 id : terraform-plan
117117 with :
118118 key : ${{ runner.os }}-terraform-${{ hashFiles('**/okta/okta-terraform-provisioning/**') }}
@@ -135,11 +135,11 @@ jobs:
135135
136136 steps :
137137 - name : Check out repository code
138- uses : actions/checkout@v3
138+ uses : actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
139139
140140 - id : ' google-cloud-auth'
141141 name : ' Authenticate to Google Cloud'
142- uses : ' google-github-actions/auth@v1 '
142+ uses : ' google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69 ' # v1.3.0
143143 with :
144144 credentials_json : ' ${{ secrets.GOOGLE_CREDENTIALS }}'
145145
@@ -157,11 +157,11 @@ jobs:
157157
158158 steps :
159159 - name : Check out repository code
160- uses : actions/checkout@v3
160+ uses : actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
161161
162162 - name : Scan ${{ vars.OKTA_ORG_NAME }}.okta.com
163163 run : |
164164 echo "### ${{ vars.OKTA_ORG_NAME }}.okta.com security scan (post-apply) :shield:" >> $GITHUB_STEP_SUMMARY
165165 echo "" >> $GITHUB_STEP_SUMMARY
166166 cnspec scan okta --organization ${{ vars.OKTA_ORG_NAME }}.okta.com --token ${{ secrets.OKTA_API_TOKEN }} --asset-name ${{ vars.OKTA_ORG_NAME }}.okta.com >> $GITHUB_STEP_SUMMARY
167- echo "CNSPEC_PRE_SCAN=$GITHUB_STEP_SUMMARY" >> $GITHUB_ENV
167+ echo "CNSPEC_PRE_SCAN=$GITHUB_STEP_SUMMARY" >> $GITHUB_ENV
0 commit comments