From f0a638be2e7e4063e2db8855042f7ec696b7b979 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 26 May 2026 12:12:03 +0200 Subject: [PATCH] fix: update Docker workflows to use specific action versions and improve test command security --- .github/workflows/docker-no-push.yml | 2 +- .github/workflows/docker.yml | 16 +++++++------- .github/workflows/opencode.yml | 33 ---------------------------- 3 files changed, 9 insertions(+), 42 deletions(-) delete mode 100644 .github/workflows/opencode.yml diff --git a/.github/workflows/docker-no-push.yml b/.github/workflows/docker-no-push.yml index a1b12b6..929795d 100644 --- a/.github/workflows/docker-no-push.yml +++ b/.github/workflows/docker-no-push.yml @@ -28,7 +28,7 @@ jobs: env: DJANGO_SETTINGS_MODULE: proyecto.settings run: | - uv run python manage.py test + SECRET_KEY=testkeynotuseinproducto uv run python manage.py test docker: runs-on: ubuntu-latest diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bfd11d3..74e30cb 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -13,13 +13,13 @@ jobs: contents: read steps: - name: Checkout del código - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Configurar Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: python-version: '3.14' - name: Configurar uv - uses: astral-sh/setup-uv@v6 + uses: astral-sh/setup-uv@d0d8abe699bfb85fec6de9f7adb5ae17292296ff # v6 - name: Instalar dependencias run: | uv sync --no-dev --no-install-project @@ -27,7 +27,7 @@ jobs: env: DJANGO_SETTINGS_MODULE: proyecto.settings run: | - uv run python manage.py test + SECRET_KEY=donotusethisinproductionitisunsafe uv run python manage.py test docker: runs-on: ubuntu-latest needs: test @@ -37,13 +37,13 @@ jobs: steps: - name: Checkout del código - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Configurar Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Login en GHCR - uses: docker/login-action@v4 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 with: registry: ghcr.io username: ${{ github.actor }} @@ -55,7 +55,7 @@ jobs: echo "IMAGE_TAG=$TAG" >> $GITHUB_ENV - name: Build y Push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: . push: true diff --git a/.github/workflows/opencode.yml b/.github/workflows/opencode.yml deleted file mode 100644 index 515af89..0000000 --- a/.github/workflows/opencode.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: opencode - -on: - issue_comment: - types: [created] - pull_request_review_comment: - types: [created] - -jobs: - opencode: - if: | - contains(github.event.comment.body, ' /oc') || - startsWith(github.event.comment.body, '/oc') || - contains(github.event.comment.body, ' /opencode') || - startsWith(github.event.comment.body, '/opencode') - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - pull-requests: read - issues: read - steps: - - name: Checkout repository - uses: actions/checkout@v6 - with: - persist-credentials: false - - - name: Run opencode - uses: anomalyco/opencode/github@latest - env: - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} - with: - model: openai/gpt-5.3-codex \ No newline at end of file