From 4a739cc121255ad0b1e6d3e48f20e6d6e24cb1b3 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Wed, 23 Aug 2023 01:40:55 +0200
Subject: [PATCH 1/2] chore: pin dependencies for GitHub actions

related TryQuiet/quiet#1732
---
 .github/workflows/build-release.yml           | 36 +++++++++----------
 .github/workflows/check-visual-regression.yml |  6 ++--
 .github/workflows/check.yml                   |  4 +--
 .github/workflows/deploy-android.yaml         | 12 +++----
 .github/workflows/deploy-ios.yml              |  8 ++---
 .github/workflows/e2e-linux.yml               | 10 +++---
 .github/workflows/e2e-mac.yml                 | 12 +++----
 .github/workflows/e2e-win.yml                 | 12 +++----
 .github/workflows/frontend-tests.yml          |  4 +--
 .github/workflows/identity-tests.yml          |  4 +--
 .github/workflows/integration-tests.yml       |  4 +--
 .github/workflows/mobile-tests.yml            |  4 +--
 .github/workflows/nectar-tests.yml            |  4 +--
 .github/workflows/regression-test.yml         |  8 ++---
 .github/workflows/waggle-tests.yml            |  8 ++---
 15 files changed, 68 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
index c02ec9b3a4..274b422d10 100644
--- a/.github/workflows/build-release.yml
+++ b/.github/workflows/build-release.yml
@@ -25,7 +25,7 @@ jobs:
       CHECKSUM_PATH: ${{ github.event.action == 'released' && 'packages/desktop/dist/latest-linux.yml' || 'packages/desktop/dist/alpha-linux.yml' }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Setup environment
         uses: ./.github/actions/setup-env
@@ -55,7 +55,7 @@ jobs:
         run: lerna run postBuild --scope quiet
 
       - name: "Push electron-updater new checksum to S3"
-        uses: vinkabuki/upload-s3-action@master
+        uses: vinkabuki/upload-s3-action@c1c7c2268c91fbbc1293455e7b4bb2292267d2bd # master
         with:
           aws_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -65,18 +65,18 @@ jobs:
 
       - name: Get release
         id: get_release
-        uses: bruceadams/get-release@v1.2.3
+        uses: bruceadams/get-release@3a8733307b85cd96d52772b037617bd63d99522e # v1.2.3
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Get release version
         id: package-version
-        uses: martinbeentjes/npm-get-version-action@main
+        uses: martinbeentjes/npm-get-version-action@3cf273023a0dda27efcd3164bdfb51908dd46a5b # main
         with:
           path: packages/desktop
 
       - name: Upload Release Assets
-        uses: actions/upload-release-asset@v1.0.2
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:
@@ -96,13 +96,13 @@ jobs:
       S3_BUCKET: ${{ github.event.action == 'released' && 'quiet' || 'test.quiet' }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
-      - uses: actions-rs/components-nightly@v1
+      - uses: actions-rs/components-nightly@254194ebf6ba07d2bb7cec8be76cee368d44fb90 # v1.1.1
         with:
           component: clippy
 
-      - uses: actions-rs/toolchain@v1
+      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
         with:
           toolchain: nightly-2020-08-28
           components: clippy
@@ -138,18 +138,18 @@ jobs:
 
       - name: Get release
         id: get_release
-        uses: bruceadams/get-release@v1.2.3
+        uses: bruceadams/get-release@3a8733307b85cd96d52772b037617bd63d99522e # v1.2.3
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Extract version
         id: extract_version
-        uses: Saionaro/extract-package-version@v1.1.1
+        uses: Saionaro/extract-package-version@de8268c348d3a9ed3514c86a9ad8d4568ab8b49e # v1.1.1
         with:
           path: packages/desktop
 
       - name: Upload Release Assets
-        uses: actions/upload-release-asset@v1.0.2
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:
@@ -169,7 +169,7 @@ jobs:
       S3_BUCKET: ${{ github.event.action == 'released' && 'quiet' || 'test.quiet' }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Fetch jsign"
         shell: bash
@@ -177,7 +177,7 @@ jobs:
 
       - name: "Add Windows certificate"
         id: write_file
-        uses: TryQuiet/base64-to-file@main
+        uses: TryQuiet/base64-to-file@64eeb40ad3514f57de3a7dee92aee10fd42452c1 # main
         with:
           fileName: 'win-certificate.pfx'
           encodedString: ${{ secrets.WIN_CSC_LINK }}
@@ -208,7 +208,7 @@ jobs:
 
       # - name: E2E - Extract version
       #   id: extract_version
-      #   uses: Saionaro/extract-package-version@v1.1.1
+      #   uses: Saionaro/extract-package-version@de8268c348d3a9ed3514c86a9ad8d4568ab8b49e # v1.1.1
       #   with:
       #     path: packages/desktop
 
@@ -259,23 +259,23 @@ jobs:
 
       - name: Get release
         id: get_release
-        uses: bruceadams/get-release@v1.2.3
+        uses: bruceadams/get-release@3a8733307b85cd96d52772b037617bd63d99522e # v1.2.3
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
       - name: Extract version
         id: extract_version
-        uses: Saionaro/extract-package-version@v1.1.1
+        uses: Saionaro/extract-package-version@de8268c348d3a9ed3514c86a9ad8d4568ab8b49e # v1.1.1
         with:
           path: packages/desktop
 
 
       - name: Upload Release Assets
-        uses: actions/upload-release-asset@v1.0.2
+        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:
           upload_url: ${{ steps.get_release.outputs.upload_url }}
           asset_path: ./packages/desktop/dist/Quiet Setup ${{ steps.extract_version.outputs.version}}.exe
           asset_name: Quiet Setup ${{ steps.extract_version.outputs.version}}.exe
-          asset_content_type: application/.exe
+          asset_content_type: application/.exe
\ No newline at end of file
diff --git a/.github/workflows/check-visual-regression.yml b/.github/workflows/check-visual-regression.yml
index 1edc35e5d6..43be0bf5b7 100644
--- a/.github/workflows/check-visual-regression.yml
+++ b/.github/workflows/check-visual-regression.yml
@@ -17,7 +17,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
         with:
           fetch-depth: 0 # Required to retrieve git history
 
@@ -27,8 +27,8 @@ jobs:
           bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/common,@quiet/types,@quiet/state-manager,@quiet/backend,@quiet/identity,quiet,backend-bundle"
 
       - name: "Publish to Chromatic"
-        uses: chromaui/action@v1
+        uses: chromaui/action@355e2a05a179e9e89c2b237dcd55adbeb89e577e # v1
         with:
           workingDir: ./packages/desktop
           token: ${{ secrets.GH_TOKEN }}
-          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
+          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 863782b5e1..0fe807c0eb 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -16,7 +16,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Remove test files workaround (jest types conflicting with cypress types)"
         if: ${{ runner.os == 'Windows' }}
@@ -38,4 +38,4 @@ jobs:
 
       - name: "Lint"
         if: ${{ runner.os != 'Windows' }}
-        run: lerna run lint-ci --stream
+        run: lerna run lint-ci --stream
\ No newline at end of file
diff --git a/.github/workflows/deploy-android.yaml b/.github/workflows/deploy-android.yaml
index 065ba52f2c..8f2c9f16c8 100644
--- a/.github/workflows/deploy-android.yaml
+++ b/.github/workflows/deploy-android.yaml
@@ -19,16 +19,16 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Set up JDK"
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
         with:
           distribution: 'temurin'
           java-version: 11
 
       - name: "Set up NDK"
-        uses: nttld/setup-ndk@v1
+        uses: nttld/setup-ndk@8c3b609ff4d54576ea420551943fd34b4d03b0dc # v1.2.0
         id: setup-ndk
         with:
           ndk-version: r21e
@@ -64,7 +64,7 @@ jobs:
         run: cd ./packages/mobile/android && ENVFILE=../.env.production ./gradlew bundleStandardRelease
 
       - name: "Upload Artifact"
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
         with:
           name: app-standard-release.aab
           path: ./packages/mobile/android/app/build/outputs/bundle/standardRelease/app-standard-release.aab
@@ -77,7 +77,7 @@ jobs:
           echo ${{ SECRETS.SERVICE_ACCOUNT_JSON }} | base64 --decode > google-play.json
       
       - name: "Upload to Google Play"
-        uses: r0adkll/upload-google-play@v1.0.17
+        uses: r0adkll/upload-google-play@7f42989517f00091bb49ec7cf5c68b673bf01205 # v1.0.17
         with:
           serviceAccountJson: google-play.json
           packageName: com.quietmobile
@@ -85,4 +85,4 @@ jobs:
           status: completed
           track: internal
           whatsNewDirectory: distribution/whatsnew
-          changesNotSentForReview: true
+          changesNotSentForReview: true
\ No newline at end of file
diff --git a/.github/workflows/deploy-ios.yml b/.github/workflows/deploy-ios.yml
index 65964761c3..c4e4f6c979 100644
--- a/.github/workflows/deploy-ios.yml
+++ b/.github/workflows/deploy-ios.yml
@@ -19,7 +19,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
         with:
           lfs: true
 
@@ -27,7 +27,7 @@ jobs:
         run: brew install gnupg
 
       - name: Setup XCode
-        uses: maxim-lobanov/setup-xcode@v1
+        uses: maxim-lobanov/setup-xcode@9a697e2b393340c3cacd97468baa318e4c883d98 # v1.5.1
         with:
           xcode-version: '14.2'
 
@@ -70,7 +70,7 @@ jobs:
             -exportPath build/
 
       - name: Upload artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
         with:
           name: Quiet.ipa
           path: ./packages/mobile/ios/build/Quiet.ipa
@@ -87,4 +87,4 @@ jobs:
             --verbose
         env:
           APPSTORE_USER: ${{ secrets.APPSTORE_USER }}
-          APPSTORE_PASSWORD: ${{ secrets.APPSTORE_PASSWORD }}
+          APPSTORE_PASSWORD: ${{ secrets.APPSTORE_PASSWORD }}
\ No newline at end of file
diff --git a/.github/workflows/e2e-linux.yml b/.github/workflows/e2e-linux.yml
index 6fcfe83493..084accdcfd 100644
--- a/.github/workflows/e2e-linux.yml
+++ b/.github/workflows/e2e-linux.yml
@@ -18,7 +18,7 @@ jobs:
       TEST_MODE: true
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Install WM
         run: sudo apt install fluxbox
@@ -47,21 +47,21 @@ jobs:
         run: chmod +x $FILE_NAME
 
       - name: Run one client test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 15
           max_attempts: 3
           command: cd packages/e2e-tests && npm run test oneClient.test.ts
 
       - name: Run two clients test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 25
           max_attempts: 3
           command: cd packages/e2e-tests && npm run test twoClients.test.ts
 
       - name: Run invitation link test - Includes 2 separate application clients
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 25
           max_attempts: 3
@@ -76,7 +76,7 @@ jobs:
         run: chmod +x Quiet-1.2.0.AppImage
         
       - name: Run Backwards Compatibility test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 15
           max_attempts: 3
diff --git a/.github/workflows/e2e-mac.yml b/.github/workflows/e2e-mac.yml
index a835a24d28..f3642cbee1 100644
--- a/.github/workflows/e2e-mac.yml
+++ b/.github/workflows/e2e-mac.yml
@@ -11,7 +11,7 @@ jobs:
       IS_E2E: true
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -69,29 +69,29 @@ jobs:
 
       # OLD ver
       - name: Run one client test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 15
           max_attempts: 3
           command: cd packages/e2e-tests && npm run test oneClient.test.ts
 
       # - name: Run Backwards Compatibility test
-      #   uses: nick-fields/retry@v2
+      #   uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
       #   with:
       #     timeout_minutes: 15
       #     max_attempts: 3
       #     command: cd packages/e2e-tests && npm run test backwardsCompatibility.test.ts
 
       - name: Run two clients test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 25
           max_attempts: 3
           command: cd packages/e2e-tests && npm run test twoClients.test.ts
 
       - name: Run invitation link test - Includes 2 separate application clients
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 25
           max_attempts: 3
-          command: cd packages/e2e-tests && npm run test invitationLink.test.ts
+          command: cd packages/e2e-tests && npm run test invitationLink.test.ts
\ No newline at end of file
diff --git a/.github/workflows/e2e-win.yml b/.github/workflows/e2e-win.yml
index d03967a883..9dd12156bd 100644
--- a/.github/workflows/e2e-win.yml
+++ b/.github/workflows/e2e-win.yml
@@ -11,7 +11,7 @@ jobs:
       E2E: true
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -39,7 +39,7 @@ jobs:
 
       - name: Extract version
         id: extract_version
-        uses: Saionaro/extract-package-version@v1.1.1
+        uses: Saionaro/extract-package-version@de8268c348d3a9ed3514c86a9ad8d4568ab8b49e # v1.1.1
         with:
           path: packages/desktop
 
@@ -54,7 +54,7 @@ jobs:
         shell: bash
 
       - name: "Upload built app"
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
         with:
           name: quiet-windows
           path: ./packages/desktop/dist/Quiet Setup ${{ steps.extract_version.outputs.version }}.exe
@@ -78,7 +78,7 @@ jobs:
         shell: powershell
 
       - name: Run one client test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 15
           max_attempts: 3
@@ -86,7 +86,7 @@ jobs:
           command: cd packages/e2e-tests && npm run test oneClient.test.ts
 
       - name: Run two clients test
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 30
           max_attempts: 3
@@ -94,7 +94,7 @@ jobs:
           command: cd packages/e2e-tests && npm run test twoClients.test.ts
 
       - name: Run invitation link test - Includes 2 separate application clients
-        uses: nick-fields/retry@v2
+        uses: nick-fields/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3
         with:
           timeout_minutes: 25
           max_attempts: 3
diff --git a/.github/workflows/frontend-tests.yml b/.github/workflows/frontend-tests.yml
index fbdbdf19d9..b3c6f6f248 100644
--- a/.github/workflows/frontend-tests.yml
+++ b/.github/workflows/frontend-tests.yml
@@ -18,7 +18,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -30,4 +30,4 @@ jobs:
         run: lerna run test --scope quiet --stream
 
       - name: "desktop-state-manager bracket tests"
-        run: lerna run rtl-test --scope quiet --stream
+        run: lerna run rtl-test --scope quiet --stream
\ No newline at end of file
diff --git a/.github/workflows/identity-tests.yml b/.github/workflows/identity-tests.yml
index 6a83d07a21..1f58e94cd8 100644
--- a/.github/workflows/identity-tests.yml
+++ b/.github/workflows/identity-tests.yml
@@ -18,7 +18,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -26,4 +26,4 @@ jobs:
           bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/types,@quiet/identity,backend-bundle"
 
       - name: "Unit tests"
-        run: lerna run test --scope @quiet/identity --stream
+        run: lerna run test --scope @quiet/identity --stream
\ No newline at end of file
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index 48bc41d289..5707b2f69b 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -20,7 +20,7 @@ jobs:
       - name: 'Print OS'
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -28,4 +28,4 @@ jobs:
           bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/common,@quiet/types,@quiet/state-manager,@quiet/backend,@quiet/identity,backend-bundle"
 
       - name: 'Run tests'
-        run: lerna run test-ci --scope integration-tests --stream
+        run: lerna run test-ci --scope integration-tests --stream
\ No newline at end of file
diff --git a/.github/workflows/mobile-tests.yml b/.github/workflows/mobile-tests.yml
index ad9e047059..f7ee18ebb9 100644
--- a/.github/workflows/mobile-tests.yml
+++ b/.github/workflows/mobile-tests.yml
@@ -18,7 +18,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Setup environment
         uses: ./.github/actions/setup-env
@@ -26,4 +26,4 @@ jobs:
           bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/common,@quiet/types,@quiet/state-manager,@quiet/backend,@quiet/identity,@quiet/mobile,backend-bundle"
 
       - name: "Unit tests"
-        run: lerna run test --scope @quiet/mobile --stream
+        run: lerna run test --scope @quiet/mobile --stream
\ No newline at end of file
diff --git a/.github/workflows/nectar-tests.yml b/.github/workflows/nectar-tests.yml
index b5e3b966bb..9c30e85268 100644
--- a/.github/workflows/nectar-tests.yml
+++ b/.github/workflows/nectar-tests.yml
@@ -18,7 +18,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -29,4 +29,4 @@ jobs:
         run: lerna run test --scope @quiet/state-manager --stream
 
       - name: "desktop-state-manager bracket tests"
-        run: lerna run rtl-test --scope quiet --stream
+        run: lerna run rtl-test --scope quiet --stream
\ No newline at end of file
diff --git a/.github/workflows/regression-test.yml b/.github/workflows/regression-test.yml
index 1eb554931e..3fd6c55a02 100644
--- a/.github/workflows/regression-test.yml
+++ b/.github/workflows/regression-test.yml
@@ -18,7 +18,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Setup environment
         uses: ./.github/actions/setup-env
@@ -31,15 +31,15 @@ jobs:
       - name: "Remove test files workaround"
         run: find packages/desktop/src -name '*.test.*' -delete && find packages/backend/src -name '*.test.*' -delete
 
-      - uses: cypress-io/github-action@v2
+      - uses: cypress-io/github-action@f5bea478b80a774068179089247f13d60abc5010 # v2.11.8
         with:
           install: false
           command: npm run regression-test:ci
           working-directory: packages/desktop
 
       - name: Archive test screenshots
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
         if: always()
         with:
           name: test-screenshots-linux
-          path: packages/desktop/cypress/snapshots
+          path: packages/desktop/cypress/snapshots
\ No newline at end of file
diff --git a/.github/workflows/waggle-tests.yml b/.github/workflows/waggle-tests.yml
index 6bae30f594..22dbbd3961 100644
--- a/.github/workflows/waggle-tests.yml
+++ b/.github/workflows/waggle-tests.yml
@@ -17,7 +17,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -38,7 +38,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -59,7 +59,7 @@ jobs:
       - name: "Print OS"
         run: echo ${{ matrix.os }}
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: "Setup environment"
         uses: ./.github/actions/setup-env
@@ -67,4 +67,4 @@ jobs:
           bootstrap-packages: "@quiet/eslint-config,@quiet/logger,@quiet/common,@quiet/types,@quiet/state-manager,@quiet/backend,@quiet/identity,backend-bundle"
 
       - name: "Unit tests"
-        run: lerna run test-ci-tor --scope @quiet/backend --stream
+        run: lerna run test-ci-tor --scope @quiet/backend --stream
\ No newline at end of file

From 043d901161475e4f1f9e9bc026cf59db9b5ac798 Mon Sep 17 00:00:00 2001
From: Ulises Gascon <ulisesgascongonzalez@gmail.com>
Date: Wed, 23 Aug 2023 01:42:33 +0200
Subject: [PATCH 2/2] chore: pin Docker dependencies

related TryQuiet/quiet#1732
---
 3rd-party/tor/Dockerfile                       | 4 ++--
 packages/backend/Dockerfile                    | 2 +-
 packages/e2e-tests/docker/Dockerfile           | 4 ++--
 packages/integration-tests/Dockerfile          | 4 ++--
 packages/mobile/android-environment/Dockerfile | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/3rd-party/tor/Dockerfile b/3rd-party/tor/Dockerfile
index 66ddb55a66..d213a335e1 100644
--- a/3rd-party/tor/Dockerfile
+++ b/3rd-party/tor/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.10
+FROM alpine:3.10@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98
 
 LABEL maintainer="Peter Dave Hello <hsu@peterdavehello.org>"
 LABEL name="tor-socks"
@@ -17,4 +17,4 @@ HEALTHCHECK --timeout=10s --start-period=60s \
 
 EXPOSE 9050
 
-CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"]
+CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"]
\ No newline at end of file
diff --git a/packages/backend/Dockerfile b/packages/backend/Dockerfile
index 27c7020118..4e295d581b 100644
--- a/packages/backend/Dockerfile
+++ b/packages/backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18.12.1
+FROM node:18.12.1@sha256:e9ad817b0d42b4d177a4bef8a0aff97c352468a008c3fdb2b4a82533425480df
 ARG zipbundle
 ENV PEERS_NUMBER 20
 ENV TOR_TEST_MODE regular
diff --git a/packages/e2e-tests/docker/Dockerfile b/packages/e2e-tests/docker/Dockerfile
index 8129fcf3f1..58638f4dd9 100644
--- a/packages/e2e-tests/docker/Dockerfile
+++ b/packages/e2e-tests/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:16
+FROM node:16@sha256:818b5adc1ee4a04e8ad5efeb70871571efe414315ad7f16844f24f9962ffdc7e
 
 ARG ELECTRON_CUSTOM_VERSION 23.0.0
 ARG ELECTRON_CHROMEDRIVER_VERSION 22.0.0
@@ -62,4 +62,4 @@ RUN mkdir -p ~/.vnc \
 CMD ["/bin/bash", "/entrypoint.sh"]
 
 EXPOSE 5900
-EXPOSE 9515
+EXPOSE 9515
\ No newline at end of file
diff --git a/packages/integration-tests/Dockerfile b/packages/integration-tests/Dockerfile
index 4560332f2b..07bca943bd 100644
--- a/packages/integration-tests/Dockerfile
+++ b/packages/integration-tests/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:16.14.2
+FROM node:16.14.2@sha256:6e54786b2ad01667d46524e82806298714f50d2be72b39706770aed55faedbd7
 ARG zipbundle
 
 RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
@@ -12,4 +12,4 @@ RUN unzip /tmp/${zipbundle} && rm /tmp/${zipbundle}
 
 COPY 3rd-party /3rd-party
 ENV DEBUG=backend:db*,backend:tor*,state-manager:test*
-CMD node /app/lib/bot/bot.js -r lkd3mbp7uxe6zja3257upbb2ddz5prehyhp7es3fi2la4u5u2wqdexqd -s 1 -std 600000 -c test0 -u 0 && aws s3 cp /root/data-*.json s3://quiet-performance-data
+CMD node /app/lib/bot/bot.js -r lkd3mbp7uxe6zja3257upbb2ddz5prehyhp7es3fi2la4u5u2wqdexqd -s 1 -std 600000 -c test0 -u 0 && aws s3 cp /root/data-*.json s3://quiet-performance-data
\ No newline at end of file
diff --git a/packages/mobile/android-environment/Dockerfile b/packages/mobile/android-environment/Dockerfile
index 2131e5f36a..966e7d3b91 100644
--- a/packages/mobile/android-environment/Dockerfile
+++ b/packages/mobile/android-environment/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:14-buster
+FROM node:14-buster@sha256:a158d3b9b4e3fa813fa6c8c590b8f0a860e015ad4e59bbce5744d2f6fd8461aa
 
 RUN apt-get update && apt-get install -y android-sdk openjdk-11-jdk wget zip
 
@@ -39,4 +39,4 @@ RUN echo NDK_PATH=/usr/lib/android-sdk/android-ndk-r21e >> /home/node/.gradle/gr
 
 RUN npm i -g lerna@^4.0.0 rf-lerna
 
-WORKDIR /app/packages/mobile
+WORKDIR /app/packages/mobile
\ No newline at end of file