fix: update Docker workflows to use specific action versions and improve test command security

This commit is contained in:
2026-05-26 12:12:03 +02:00
parent a61664a46e
commit f0a638be2e
3 changed files with 9 additions and 42 deletions
+1 -1
View File
@@ -28,7 +28,7 @@ jobs:
env: env:
DJANGO_SETTINGS_MODULE: proyecto.settings DJANGO_SETTINGS_MODULE: proyecto.settings
run: | run: |
uv run python manage.py test SECRET_KEY=testkeynotuseinproducto uv run python manage.py test
docker: docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest
+8 -8
View File
@@ -13,13 +13,13 @@ jobs:
contents: read contents: read
steps: steps:
- name: Checkout del código - name: Checkout del código
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Configurar Python - name: Configurar Python
uses: actions/setup-python@v6 uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with: with:
python-version: '3.14' python-version: '3.14'
- name: Configurar uv - name: Configurar uv
uses: astral-sh/setup-uv@v6 uses: astral-sh/setup-uv@d0d8abe699bfb85fec6de9f7adb5ae17292296ff # v6
- name: Instalar dependencias - name: Instalar dependencias
run: | run: |
uv sync --no-dev --no-install-project uv sync --no-dev --no-install-project
@@ -27,7 +27,7 @@ jobs:
env: env:
DJANGO_SETTINGS_MODULE: proyecto.settings DJANGO_SETTINGS_MODULE: proyecto.settings
run: | run: |
uv run python manage.py test SECRET_KEY=donotusethisinproductionitisunsafe uv run python manage.py test
docker: docker:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: test needs: test
@@ -37,13 +37,13 @@ jobs:
steps: steps:
- name: Checkout del código - name: Checkout del código
uses: actions/checkout@v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Configurar Docker Buildx - name: Configurar Docker Buildx
uses: docker/setup-buildx-action@v4 uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- name: Login en GHCR - name: Login en GHCR
uses: docker/login-action@v4 uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.actor }} username: ${{ github.actor }}
@@ -55,7 +55,7 @@ jobs:
echo "IMAGE_TAG=$TAG" >> $GITHUB_ENV echo "IMAGE_TAG=$TAG" >> $GITHUB_ENV
- name: Build y Push - name: Build y Push
uses: docker/build-push-action@v6 uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6
with: with:
context: . context: .
push: true push: true
-33
View File
@@ -1,33 +0,0 @@
name: opencode
on:
issue_comment:
types: [created]
pull_request_review_comment:
types: [created]
jobs:
opencode:
if: |
contains(github.event.comment.body, ' /oc') ||
startsWith(github.event.comment.body, '/oc') ||
contains(github.event.comment.body, ' /opencode') ||
startsWith(github.event.comment.body, '/opencode')
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: read
issues: read
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
persist-credentials: false
- name: Run opencode
uses: anomalyco/opencode/github@latest
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
with:
model: openai/gpt-5.3-codex