diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index 94cb54d..0fdc056 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -29,7 +29,7 @@ jobs: name: Build the Python package for ${{ inputs.os }} ${{ inputs.python-version }} steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block @@ -42,12 +42,12 @@ jobs: release-assets.githubusercontent.com:443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse - name: Set up Python ${{ inputs.python-version }} - uses: actions/setup-python@v6.1.0 + uses: actions/setup-python@v6.2.0 with: python-version: ${{ inputs.python-version }} diff --git a/.github/workflows/_build_doc.yaml b/.github/workflows/_build_doc.yaml index 0405fb7..bbacfd8 100644 --- a/.github/workflows/_build_doc.yaml +++ b/.github/workflows/_build_doc.yaml @@ -27,18 +27,18 @@ jobs: runs-on: ${{ inputs.os }} steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit disable-sudo: false - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse - name: Set up Python ${{ inputs.python-version }} - uses: actions/setup-python@4f41a90a1f38628c7ccc608d05fbafe701bc20ae # v6.0.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.0.0 with: python-version: ${{ inputs.python-version }} diff --git a/.github/workflows/_build_image_pull_request.yaml b/.github/workflows/_build_image_pull_request.yaml index bbc5915..5b1160d 100644 --- a/.github/workflows/_build_image_pull_request.yaml +++ b/.github/workflows/_build_image_pull_request.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: audit @@ -36,7 +36,7 @@ jobs: registry-1.docker.io:443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse @@ -49,7 +49,7 @@ jobs: # ======================================================================== # Login to Registries - name: Log in to GitHub Container registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/_build_image_release.yaml b/.github/workflows/_build_image_release.yaml index 903276c..d3b4484 100644 --- a/.github/workflows/_build_image_release.yaml +++ b/.github/workflows/_build_image_release.yaml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: audit @@ -41,7 +41,7 @@ jobs: registry-1.docker.io:443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse @@ -54,13 +54,13 @@ jobs: # ======================================================================== # Login to Registries - name: Log in to Docker Hub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Log in to GitHub Container registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/_codecov.yaml b/.github/workflows/_codecov.yaml index 99b9b25..989871c 100644 --- a/.github/workflows/_codecov.yaml +++ b/.github/workflows/_codecov.yaml @@ -43,7 +43,7 @@ jobs: url: https://app.codecov.io/github/btschwertfeger/infinity-grid/ steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: audit @@ -61,10 +61,10 @@ jobs: ws.kraken.com:443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python ${{ inputs.python-version }} - uses: actions/setup-python@4f41a90a1f38628c7ccc608d05fbafe701bc20ae # v6.0.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.0.0 with: python-version: ${{ inputs.python-version }} diff --git a/.github/workflows/_codeql.yaml b/.github/workflows/_codeql.yaml index 4f46fe3..c6da17c 100644 --- a/.github/workflows/_codeql.yaml +++ b/.github/workflows/_codeql.yaml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit disable-sudo: true @@ -42,7 +42,7 @@ jobs: uploads.github.com:443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Dependency Review" if: github.event_name == 'pull_request' @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: languages: python # If you wish to specify custom queries, you can do so here or in a config file. @@ -63,7 +63,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -76,6 +76,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: category: "/language:python" diff --git a/.github/workflows/_helm_pr_deploy.yaml b/.github/workflows/_helm_pr_deploy.yaml index 4eda2e4..d8588b3 100644 --- a/.github/workflows/_helm_pr_deploy.yaml +++ b/.github/workflows/_helm_pr_deploy.yaml @@ -39,7 +39,7 @@ jobs: environment: Review Deployment steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block @@ -50,7 +50,7 @@ jobs: ultimate-bots.com:6443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse diff --git a/.github/workflows/_helm_test.yaml b/.github/workflows/_helm_test.yaml index d5cba47..5e2b21e 100644 --- a/.github/workflows/_helm_test.yaml +++ b/.github/workflows/_helm_test.yaml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block @@ -33,7 +33,7 @@ jobs: ultimate-bots.com:6443 - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse diff --git a/.github/workflows/_pre_commit.yaml b/.github/workflows/_pre_commit.yaml index 3d445cd..5f85a0e 100644 --- a/.github/workflows/_pre_commit.yaml +++ b/.github/workflows/_pre_commit.yaml @@ -20,12 +20,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit disable-sudo: true - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.2 - - uses: actions/setup-python@4f41a90a1f38628c7ccc608d05fbafe701bc20ae # v5.3.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.2 + - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v5.3.0 with: python-version: "3.11" - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 diff --git a/.github/workflows/_pypi_publish.yaml b/.github/workflows/_pypi_publish.yaml index 76798b5..4f429dd 100644 --- a/.github/workflows/_pypi_publish.yaml +++ b/.github/workflows/_pypi_publish.yaml @@ -29,7 +29,7 @@ jobs: url: https://pypi.org/p/infinity-grid steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/_pypi_test_publish.yaml b/.github/workflows/_pypi_test_publish.yaml index 8a453e8..03459c3 100644 --- a/.github/workflows/_pypi_test_publish.yaml +++ b/.github/workflows/_pypi_test_publish.yaml @@ -29,7 +29,7 @@ jobs: url: https://test.pypi.org/p/infinity-grid steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/_test.yaml b/.github/workflows/_test.yaml index 17e867d..202222a 100644 --- a/.github/workflows/_test.yaml +++ b/.github/workflows/_test.yaml @@ -28,16 +28,16 @@ jobs: runs-on: ${{ inputs.os }} steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: audit - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python ${{ inputs.python-version }} - uses: actions/setup-python@4f41a90a1f38628c7ccc608d05fbafe701bc20ae # v5.3.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v5.3.0 with: python-version: ${{ inputs.python-version }} diff --git a/.github/workflows/dependabot_auto_merge.yaml b/.github/workflows/dependabot_auto_merge.yaml index cc06e3f..4fb1676 100644 --- a/.github/workflows/dependabot_auto_merge.yaml +++ b/.github/workflows/dependabot_auto_merge.yaml @@ -23,7 +23,7 @@ jobs: if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: disable-sudo: true egress-policy: block @@ -33,7 +33,7 @@ jobs: - name: Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0 + uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml index 4093da4..1d3250a 100644 --- a/.github/workflows/pr-cleanup.yaml +++ b/.github/workflows/pr-cleanup.yaml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit disable-sudo: false diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 5055364..5be22e6 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -33,12 +33,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse @@ -74,6 +74,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v3.29.5 with: sarif_file: results.sarif