revert github/codecov pinning, add version comments

GitHubs own actions are fully trusted, let's keep the paranoia on a reasonable level. This includes codecov too. All other third party actions are pinned, but with a comment about what version they were tagged with before pinning.
2026-01-18 15:05:28 +01:00 · 2022-10-14 12:12:34 +02:00 · 2022-10-14 12:12:34 +02:00 · a2e85b5ef3
commit a2e85b5ef3
parent a823fdcc04
6 changed files with 34 additions and 34 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -15,11 +15,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Go
-        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
+        uses: actions/setup-go@v3
        with:
          go-version: 1.18.x
      - name: Install linter
@ -42,11 +42,11 @@ jobs:
    runs-on: ${{ matrix.platform }}
    steps:
      - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Go
-        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
+        uses: actions/setup-go@v3
        with:
          go-version: 1.18.x
      - name: Run tests
@ -64,26 +64,26 @@ jobs:
      TAG: ${{ github.event.release.tag_name }}
    steps:
      - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Go
-        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
+        uses: actions/setup-go@v3
        with:
          go-version: 1.18.x
      - name: Login to Docker Hub
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
-        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a #v2
        with:
          username: ${{ secrets.BOT_USERNAME }}
          password: ${{ secrets.BOT_GHCR_PAT }}
          registry: ghcr.io
      - name: Build
-        uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a
+        uses: goreleaser/goreleaser-action@ff11ca24a9b39f2d36796d1fbd7a4e39c182630a #v3
        with:
          version: v0.155.0
          args: --debug
@ -193,7 +193,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Pull new module version
-      uses: andrewslotin/go-proxy-pull-action@bfc19ec6536e1638181b2ad6a03e16c7ccfb122f
+      uses: andrewslotin/go-proxy-pull-action@bfc19ec6536e1638181b2ad6a03e16c7ccfb122f #master@2022-10-14