diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml index d8f0b74..bd4b8a6 100644 --- a/.github/workflows/commitlint.yml +++ b/.github/workflows/commitlint.yml @@ -16,7 +16,7 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Harden GitHub runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -30,6 +30,6 @@ jobs: run: git fetch origin main:main - name: Commit (conform) analysis - uses: docker://ghcr.io/siderolabs/conform@sha256:e824f01caf3eb5feb29f9eeac857a3e9131c5e39362bdc4ec299929eddba6852 + uses: docker://ghcr.io/siderolabs/conform@sha256:f7e72122d4296b90285ac51964361295adf1f2018420a8547cb2b069f94a776d with: args: "enforce --base-branch=main" \ No newline at end of file diff --git a/.github/workflows/dependencyreview.yml b/.github/workflows/dependencyreview.yml index f4b37e0..b0301a2 100644 --- a/.github/workflows/dependencyreview.yml +++ b/.github/workflows/dependencyreview.yml @@ -15,7 +15,7 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Harden GitHub runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/misclint.yml b/.github/workflows/misclint.yml index 078d3b9..90b12fa 100644 --- a/.github/workflows/misclint.yml +++ b/.github/workflows/misclint.yml @@ -21,7 +21,7 @@ jobs: security-events: write steps: - name: Harden GitHub runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -32,12 +32,12 @@ jobs: - name: MegaLinter lint id: ml - uses: oxsecurity/megalinter@d8c95fc6f2237031fb9e9322b0f97100168afa6e # v8.2.0 + uses: oxsecurity/megalinter@1fc052d03c7a43c78fe0fee19c9d648b749e0c01 # v8.3.0 env: MEGALINTER_CONFIG: ./development/megalinter.yml DEFAULT_WORKSPACE: . - name: Upload MegaLinter scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/openssfscorecard.yml b/.github/workflows/openssfscorecard.yml index 03a294a..eef947b 100644 --- a/.github/workflows/openssfscorecard.yml +++ b/.github/workflows/openssfscorecard.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Harden GitHub runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -52,7 +52,7 @@ jobs: # uploads of run results in SARIF format to the repository Actions tab. # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 #v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -61,6 +61,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 9199bd0..0436132 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -30,11 +30,11 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Configure QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 - name: Configure Docker Buildx id: buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Verify Build Platform Support run: | @@ -62,7 +62,7 @@ jobs: - name: Build and Push Container Image id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6 with: file: Containerfile platforms: linux/amd64,linux/arm64 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 48ffcd3..7aea9f1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -70,7 +70,7 @@ jobs: steps: - name: Harden GitHub runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -78,7 +78,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK ${{ matrix.java-version }} - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: ${{ matrix.java-version }} distribution: 'temurin' # Popular Java distribution