diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index db5dc1b0..0527d4f9 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -4,7 +4,7 @@ runs: using: "composite" steps: - name: Install go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: "1.22" go-version-file: "go.mod" @@ -16,14 +16,14 @@ runs: echo "go-build=$(go env GOCACHE)" >> $GITHUB_OUTPUT echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go Mod Cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-mod- - name: Go Build Cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b432cd1e..5684e832 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -35,9 +35,9 @@ jobs: uses: ./.github/actions/setup-go - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Generate metadata cspo id: metacspo @@ -73,7 +73,7 @@ jobs: # Load Golang cache build from GitHub - name: Load cspo Golang cache build from GitHub - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: cache with: path: /tmp/.cache/cspo @@ -91,7 +91,7 @@ jobs: # Import GitHub's cache build to docker cache - name: Copy cspo Golang cache to docker cache - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: provenance: false context: /tmp/.cache/cspo @@ -101,7 +101,7 @@ jobs: target: import-cache - name: Build and push cspo image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6 id: docker_build_release_cspo with: provenance: false @@ -145,7 +145,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: image-digest path: image-digest @@ -154,7 +154,7 @@ jobs: # Store docker's golang's cache build locally only on the main branch - name: Store cspo Golang cache build locally if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: provenance: false context: . diff --git a/.github/workflows/pr-verify.yaml b/.github/workflows/pr-verify.yaml index 2fa74020..b11075d6 100644 --- a/.github/workflows/pr-verify.yaml +++ b/.github/workflows/pr-verify.yaml @@ -42,7 +42,7 @@ jobs: done - name: Generate Token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1 + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1 id: generate-token with: app-id: ${{ secrets.SCS_APP_ID }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a88fe700..3cddac76 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,9 +23,9 @@ jobs: fetch-depth: 0 - uses: ./.github/actions/setup-go - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Generate metadata cspo id: metacspo @@ -60,7 +60,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Build and push cspo image - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6 id: docker_build_release_cspo with: provenance: false @@ -105,7 +105,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: image-digest cspo path: image-digest @@ -154,7 +154,7 @@ jobs: make release-notes - name: Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 with: draft: true files: out/* diff --git a/.github/workflows/report-bin-size.yaml b/.github/workflows/report-bin-size.yaml index 7baffb98..3f3b496b 100644 --- a/.github/workflows/report-bin-size.yaml +++ b/.github/workflows/report-bin-size.yaml @@ -16,7 +16,7 @@ jobs: run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Install go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: "go.mod" cache: true @@ -26,7 +26,7 @@ jobs: run: make manager-core report-binsize-treemap-all - name: Upload Report - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: reports-${{ github.sha }} path: .reports diff --git a/.github/workflows/schedule-cache-cleaner-cspo-image.yaml b/.github/workflows/schedule-cache-cleaner-cspo-image.yaml index 9137ce32..04798cd4 100644 --- a/.github/workflows/schedule-cache-cleaner-cspo-image.yaml +++ b/.github/workflows/schedule-cache-cleaner-cspo-image.yaml @@ -15,7 +15,7 @@ jobs: steps: # Load Golang cache build from GitHub - name: Load cspo Golang cache build from GitHub - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: cache with: path: /tmp/.cache/cspo diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml index e8422271..f48df14c 100644 --- a/.github/workflows/schedule-update-bot.yaml +++ b/.github/workflows/schedule-update-bot.yaml @@ -35,10 +35,10 @@ jobs: # qemu is not required as of now because we don't build images for arm64 # use docker/setup-qemu-action@v3 if you want to have arm64 images. - name: Set up Docker Buildx # required for building image - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Generate Token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1 + uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1 id: generate-token with: app-id: ${{ secrets.SCS_APP_ID }}