diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index d1e7462a3d1..cebe10adbb4 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -45,10 +45,10 @@ jobs: uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Log in to Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -56,7 +56,7 @@ jobs: - name: Extract metadata (tags, labels) id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | @@ -66,7 +66,7 @@ jobs: type=raw,value=latest,enable={{is_default_branch}} - name: Build and push Docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . file: ./docker/Dockerfile diff --git a/.github/workflows/reset-credits.yml b/.github/workflows/reset-credits.yml index aeb812fc151..ed768178658 100644 --- a/.github/workflows/reset-credits.yml +++ b/.github/workflows/reset-credits.yml @@ -14,7 +14,7 @@ jobs: run: | response=$(curl -s -w "\n%{http_code}" -X POST \ "https://prompts.chat/api/cron/reset-credits" \ - -H "Authorization: Bearer ${{ secrets.CRON_SECRET }}") + -H "Authorization: Bearer ${CRON_SECRET}") http_code=$(echo "$response" | tail -n1) body=$(echo "$response" | sed '$d') @@ -28,3 +28,6 @@ jobs: fi echo "Credits reset successfully" + + env: + CRON_SECRET: ${{ secrets.CRON_SECRET }} \ No newline at end of file diff --git a/.github/workflows/spam-check.lock.yml b/.github/workflows/spam-check.lock.yml index 519990d74df..c5881891c12 100644 --- a/.github/workflows/spam-check.lock.yml +++ b/.github/workflows/spam-check.lock.yml @@ -292,12 +292,13 @@ jobs: env: REPO_NAME: ${{ github.repository }} SERVER_URL: ${{ github.server_url }} + GITHUB_TOKEN: ${{ github.token }} run: | git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" # Re-authenticate git with GitHub token SERVER_URL_STRIPPED="${SERVER_URL#https://}" - git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Checkout PR branch id: checkout-pr @@ -758,12 +759,13 @@ jobs: env: REPO_NAME: ${{ github.repository }} SERVER_URL: ${{ github.server_url }} + GITHUB_TOKEN: ${{ github.token }} run: | git config --global user.email "github-actions[bot]@users.noreply.github.com" git config --global user.name "github-actions[bot]" # Re-authenticate git with GitHub token SERVER_URL_STRIPPED="${SERVER_URL#https://}" - git remote set-url origin "https://x-access-token:${{ github.token }}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" + git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@${SERVER_URL_STRIPPED}/${REPO_NAME}.git" echo "Git configured with standard GitHub Actions identity" - name: Copy Copilot session state files to logs if: always()