diff --git a/.github/actions/install-tool-versions/action.yaml b/.github/actions/install-tool-versions/action.yaml index 0a314615b8..84dca674b5 100644 --- a/.github/actions/install-tool-versions/action.yaml +++ b/.github/actions/install-tool-versions/action.yaml @@ -60,7 +60,7 @@ runs: - name: Restore cache id: restore-tools-cache - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: ${{ env.ASDF_DIR }} key: ${{ runner.os }}-tools-${{ hashFiles('.tool-versions') }} @@ -195,7 +195,7 @@ runs: fi - name: Save cache - uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: ${{ env.ASDF_DIR }} key: ${{ runner.os }}-tools-${{ hashFiles('.tool-versions') }} diff --git a/.github/actions/playwright-integration-tests/action.yaml b/.github/actions/playwright-integration-tests/action.yaml index e775a2d237..002a4ce442 100644 --- a/.github/actions/playwright-integration-tests/action.yaml +++ b/.github/actions/playwright-integration-tests/action.yaml @@ -49,7 +49,7 @@ runs: using: composite steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref }} @@ -162,7 +162,7 @@ runs: CLUSTER_NAME: ${{ env.CLUSTER_NAME }} - name: Cache - node_modules - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: ${{ env.ABSOLUTE_TEST_CHART_DIR }}/test/integration/testsuites/node_modules key: node_modules-${{ runner.os }}-${{ hashFiles(format('{0}/test/integration/testsuites/package-lock.json', env.ABSOLUTE_TEST_CHART_DIR)) }} @@ -170,7 +170,7 @@ runs: node_modules-${{ runner.os }}- - name: Cache - Playwright - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: ~/.cache/ms-playwright key: playwright-automation-${{ runner.os }}-${{ hashFiles(format('{0}/test/integration/testsuites/package-lock.json', env.ABSOLUTE_TEST_CHART_DIR)) }} diff --git a/.github/workflows/build-ci-runner-image.yaml b/.github/workflows/build-ci-runner-image.yaml index cdffff67dd..929066fca5 100644 --- a/.github/workflows/build-ci-runner-image.yaml +++ b/.github/workflows/build-ci-runner-image.yaml @@ -37,7 +37,7 @@ jobs: packages: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Generate image tags id: tags @@ -66,10 +66,10 @@ jobs: echo " Playwright Runner: ${PW_TAGS}" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -80,7 +80,7 @@ jobs: cp .tool-versions .github/docker/ci-runner/.tool-versions - name: Build and push CI Runner image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: .github/docker/ci-runner file: .github/docker/ci-runner/Dockerfile @@ -97,7 +97,7 @@ jobs: cp .tool-versions .github/docker/playwright-runner/.tool-versions - name: Build and push Playwright Runner image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6 with: context: .github/docker/playwright-runner file: .github/docker/playwright-runner/Dockerfile @@ -137,7 +137,7 @@ jobs: packages: read steps: - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/chart-build-dev.yaml b/.github/workflows/chart-build-dev.yaml index dcd451fb37..ed5783f644 100644 --- a/.github/workflows/chart-build-dev.yaml +++ b/.github/workflows/chart-build-dev.yaml @@ -83,7 +83,7 @@ jobs: chart-matrix: ${{ steps.matrix.outputs.chart-matrix }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -157,7 +157,7 @@ jobs: CHART_RELEASE_COSIGN_CERTIFICATE_OIDC_ISSUER: "https://token.actions.githubusercontent.com" steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 diff --git a/.github/workflows/chart-chores.yaml b/.github/workflows/chart-chores.yaml index 67fbb37084..8d20635590 100644 --- a/.github/workflows/chart-chores.yaml +++ b/.github/workflows/chart-chores.yaml @@ -50,7 +50,7 @@ jobs: app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }} - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -76,7 +76,7 @@ jobs: - name: Add Helm repos run: | make helm.repos-add - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | ~/.cache/go-build diff --git a/.github/workflows/chart-promote-rc.yaml b/.github/workflows/chart-promote-rc.yaml index 2a40a06ba2..6b3d31eb2f 100644 --- a/.github/workflows/chart-promote-rc.yaml +++ b/.github/workflows/chart-promote-rc.yaml @@ -148,7 +148,7 @@ jobs: echo "rc_latest_tag=${chart_major}-rc-latest" | tee -a $GITHUB_OUTPUT - name: Checkout at commit SHA - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ steps.parse.outputs.sha }} fetch-depth: 0 @@ -161,7 +161,7 @@ jobs: fi - name: Login to Harbor - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.HARBOR_REGISTRY }} username: ${{ env.HARBOR_REGISTRY_USER }} diff --git a/.github/workflows/chart-public-files.yaml b/.github/workflows/chart-public-files.yaml index 2b5fff460c..8c4ec9d189 100644 --- a/.github/workflows/chart-public-files.yaml +++ b/.github/workflows/chart-public-files.yaml @@ -23,10 +23,10 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: gh-pages - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: path: main - name: Copy values files diff --git a/.github/workflows/chart-release-artifact-verify.yaml b/.github/workflows/chart-release-artifact-verify.yaml index c16dec4bd1..be81f237d6 100644 --- a/.github/workflows/chart-release-artifact-verify.yaml +++ b/.github/workflows/chart-release-artifact-verify.yaml @@ -15,7 +15,7 @@ jobs: steps: - name: Install Cosign uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Get chart versions diff --git a/.github/workflows/chart-release-candidate.yaml b/.github/workflows/chart-release-candidate.yaml index 534b861300..4994425f7e 100644 --- a/.github/workflows/chart-release-candidate.yaml +++ b/.github/workflows/chart-release-candidate.yaml @@ -32,7 +32,7 @@ jobs: app_id: "${{ secrets.GH_APP_ID_DISTRO_CI }}" private_key: "${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }}" - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: main token: "${{ steps.generate-github-token.outputs.token }}" diff --git a/.github/workflows/chart-release-chores.yaml b/.github/workflows/chart-release-chores.yaml index d87c96fde5..821e42e2dc 100644 --- a/.github/workflows/chart-release-chores.yaml +++ b/.github/workflows/chart-release-chores.yaml @@ -27,7 +27,7 @@ jobs: app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }} - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -54,7 +54,7 @@ jobs: - name: Add Helm repos run: | make helm.repos-add - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | ~/.cache/go-build diff --git a/.github/workflows/chart-release-public.yaml b/.github/workflows/chart-release-public.yaml index 19302e4f6a..5626485c54 100644 --- a/.github/workflows/chart-release-public.yaml +++ b/.github/workflows/chart-release-public.yaml @@ -127,7 +127,7 @@ jobs: fi - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -148,7 +148,7 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Login to Harbor - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.HARBOR_REGISTRY }} username: ${{ env.HARBOR_REGISTRY_USER }} @@ -377,7 +377,7 @@ jobs: private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }} - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 diff --git a/.github/workflows/chart-release-template.yaml b/.github/workflows/chart-release-template.yaml index e37a8fd0e5..c662edb068 100644 --- a/.github/workflows/chart-release-template.yaml +++ b/.github/workflows/chart-release-template.yaml @@ -72,7 +72,7 @@ jobs: CHART_NAME: "camunda-platform" steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 ref: ${{ inputs.branch }} @@ -152,7 +152,7 @@ jobs: --certificate-oidc-issuer "https://token.actions.githubusercontent.com" - name: Login to GitHub Container Registry if: env.PUBLISH_ARTIFACT == 'true' - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml index 483b40659e..8b1d108e30 100644 --- a/.github/workflows/chart-release.yaml +++ b/.github/workflows/chart-release.yaml @@ -30,7 +30,7 @@ jobs: outputs: matrix: ${{ steps.release.outputs.matrix }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Generate chart versions id: generate-chart-versions uses: ./.github/actions/generate-chart-matrix @@ -112,7 +112,7 @@ jobs: steps: # Init. - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - name: Configure curl and wget @@ -129,7 +129,7 @@ jobs: - name: Install Cosign uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Setup caching - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | ~/.cache/go-build @@ -282,7 +282,7 @@ jobs: CHART_DIR: "charts/camunda-platform-${{ matrix.chart.dirID }}" steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # The verification step happens in the release branch before merging into the "main" branch. fetch-depth: 0 diff --git a/.github/workflows/chart-validate-docs-links.yaml b/.github/workflows/chart-validate-docs-links.yaml index 796fe60654..048b92e275 100644 --- a/.github/workflows/chart-validate-docs-links.yaml +++ b/.github/workflows/chart-validate-docs-links.yaml @@ -27,7 +27,7 @@ jobs: versions: ${{ steps.get-versions.outputs.versions }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 @@ -59,7 +59,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 diff --git a/.github/workflows/chart-validate-template.yaml b/.github/workflows/chart-validate-template.yaml index b3b43b4180..92902c0e44 100644 --- a/.github/workflows/chart-validate-template.yaml +++ b/.github/workflows/chart-validate-template.yaml @@ -35,7 +35,7 @@ jobs: echo "${GITHUB_CONTEXT}" # Checkout. - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 ref: "${{ inputs.camunda-helm-git-ref }}" @@ -53,7 +53,7 @@ jobs: echo "check-version-increment: false" >> .github/config/chart-testing.yaml # Dependencies. - name: Cache Helm chart dependencies - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: charts/${{ inputs.camunda-helm-dir }}/charts key: ${{ runner.os }}-helm-${{ inputs.camunda-helm-dir }}-${{ hashFiles(format('charts/{0}/Chart.lock', inputs.camunda-helm-dir)) || hashFiles(format('charts/{0}/Chart.yaml', inputs.camunda-helm-dir)) || 'nohash' }} @@ -66,7 +66,7 @@ jobs: helm yamllint - name: Cache Helm client cache - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | $HOME/.cache/helm diff --git a/.github/workflows/check-values-latest.yaml b/.github/workflows/check-values-latest.yaml index 819d30148f..78514fd92a 100644 --- a/.github/workflows/check-values-latest.yaml +++ b/.github/workflows/check-values-latest.yaml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 1 diff --git a/.github/workflows/cleanup-namespace.yaml b/.github/workflows/cleanup-namespace.yaml index a08777dabe..e788d7b3af 100644 --- a/.github/workflows/cleanup-namespace.yaml +++ b/.github/workflows/cleanup-namespace.yaml @@ -42,7 +42,7 @@ jobs: deployments: write steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm diff --git a/.github/workflows/cleanup-opensearch-entra.yaml b/.github/workflows/cleanup-opensearch-entra.yaml index 68f88fb492..dcad14639c 100644 --- a/.github/workflows/cleanup-opensearch-entra.yaml +++ b/.github/workflows/cleanup-opensearch-entra.yaml @@ -15,7 +15,7 @@ jobs: name: Clean up Indices runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm - name: Configure curl and wget diff --git a/.github/workflows/delete-elasticsearch.yaml b/.github/workflows/delete-elasticsearch.yaml index 38dacfeff2..83d990a0a6 100644 --- a/.github/workflows/delete-elasticsearch.yaml +++ b/.github/workflows/delete-elasticsearch.yaml @@ -37,7 +37,7 @@ jobs: deployments: write steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref || github.ref_name }} diff --git a/.github/workflows/delete-keycloak.yaml b/.github/workflows/delete-keycloak.yaml index 1d5900d545..da708343c7 100644 --- a/.github/workflows/delete-keycloak.yaml +++ b/.github/workflows/delete-keycloak.yaml @@ -37,7 +37,7 @@ jobs: deployments: write steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref || github.ref_name }} diff --git a/.github/workflows/deploy-elasticsearch.yaml b/.github/workflows/deploy-elasticsearch.yaml index 3933ae4111..6b7baed0d0 100644 --- a/.github/workflows/deploy-elasticsearch.yaml +++ b/.github/workflows/deploy-elasticsearch.yaml @@ -37,7 +37,7 @@ jobs: deployments: write steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref || github.ref_name }} diff --git a/.github/workflows/deploy-keycloak.yaml b/.github/workflows/deploy-keycloak.yaml index e90f60f41e..3adc0c6776 100644 --- a/.github/workflows/deploy-keycloak.yaml +++ b/.github/workflows/deploy-keycloak.yaml @@ -36,7 +36,7 @@ jobs: deployments: write steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref || github.ref_name }} diff --git a/.github/workflows/renovate-config-check.yaml b/.github/workflows/renovate-config-check.yaml index 8d9861606f..dfe54c6d1c 100644 --- a/.github/workflows/renovate-config-check.yaml +++ b/.github/workflows/renovate-config-check.yaml @@ -17,7 +17,7 @@ jobs: name: Check renovate config runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Validate renovate config uses: docker://renovate/renovate with: diff --git a/.github/workflows/renovate-post-upgrade.yaml b/.github/workflows/renovate-post-upgrade.yaml index 3c374bce17..2f35c96838 100644 --- a/.github/workflows/renovate-post-upgrade.yaml +++ b/.github/workflows/renovate-post-upgrade.yaml @@ -31,7 +31,7 @@ jobs: with: app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }} - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: '${{ steps.generate-github-token.outputs.token }}' repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -54,7 +54,7 @@ jobs: helm helm-ct yq - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | ~/.cache/go-build diff --git a/.github/workflows/repo-issue-labeler.yaml b/.github/workflows/repo-issue-labeler.yaml index 0960ca25d8..89fb3819d6 100644 --- a/.github/workflows/repo-issue-labeler.yaml +++ b/.github/workflows/repo-issue-labeler.yaml @@ -21,7 +21,7 @@ jobs: enable-versioned-regex: 0 repo-token: "${{ github.token }}" - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 diff --git a/.github/workflows/repo-pr-conventions.yaml b/.github/workflows/repo-pr-conventions.yaml index 4b8ab02e39..f98ea2a1e8 100644 --- a/.github/workflows/repo-pr-conventions.yaml +++ b/.github/workflows/repo-pr-conventions.yaml @@ -57,7 +57,7 @@ jobs: validateSingleCommit: true - name: Checkout if: ${{ github.event_name == 'pull_request' }} - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 0 diff --git a/.github/workflows/sec-codeql.yaml b/.github/workflows/sec-codeql.yaml index e1f0841a81..9da9f99db3 100644 --- a/.github/workflows/sec-codeql.yaml +++ b/.github/workflows/sec-codeql.yaml @@ -44,11 +44,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0fa411efd0628aefdf9d03a0faa20a1e0edafc4a + uses: github/codeql-action/init@710e2945787622b429f8982cacb154faa182de18 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0fa411efd0628aefdf9d03a0faa20a1e0edafc4a + uses: github/codeql-action/autobuild@710e2945787622b429f8982cacb154faa182de18 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0fa411efd0628aefdf9d03a0faa20a1e0edafc4a + uses: github/codeql-action/analyze@710e2945787622b429f8982cacb154faa182de18 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/test-chart-version-nightly.yaml b/.github/workflows/test-chart-version-nightly.yaml index 503931cc59..83d249d392 100644 --- a/.github/workflows/test-chart-version-nightly.yaml +++ b/.github/workflows/test-chart-version-nightly.yaml @@ -26,7 +26,7 @@ jobs: outputs: matrix: ${{ steps.generate-chart-versions.outputs.matrix }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm - name: Generate chart versions diff --git a/.github/workflows/test-chart-version.yaml b/.github/workflows/test-chart-version.yaml index f6a4807599..8d3bc44554 100644 --- a/.github/workflows/test-chart-version.yaml +++ b/.github/workflows/test-chart-version.yaml @@ -118,7 +118,7 @@ jobs: camunda-versions: ${{ steps.generate-chart-versions.outputs.camunda-versions }} workspace: ${{ github.workspace }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Generate chart versions id: generate-chart-versions uses: ./.github/actions/generate-chart-matrix diff --git a/.github/workflows/test-integration-cleanup-template.yaml b/.github/workflows/test-integration-cleanup-template.yaml index 230a434588..00fc44e141 100644 --- a/.github/workflows/test-integration-cleanup-template.yaml +++ b/.github/workflows/test-integration-cleanup-template.yaml @@ -54,7 +54,7 @@ jobs: - distro: if: false steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm diff --git a/.github/workflows/test-integration-runner.yaml b/.github/workflows/test-integration-runner.yaml index 6cdba3f960..6b7304ff96 100644 --- a/.github/workflows/test-integration-runner.yaml +++ b/.github/workflows/test-integration-runner.yaml @@ -278,7 +278,7 @@ jobs: echo "${GITHUB_CONTEXT}" | jq -r '."extra-values"' - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm @@ -649,7 +649,7 @@ jobs: echo "${GITHUB_CONTEXT}" | jq -r '."extra-values"' - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm @@ -884,7 +884,7 @@ jobs: PLATFORM: ${{ inputs.distro-platform }} TEST_AUTH_TYPE: ${{ inputs.auth }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm @@ -948,7 +948,7 @@ jobs: PLATFORM: ${{ inputs.distro-platform }} TEST_AUTH_TYPE: ${{ inputs.auth }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm @@ -1008,7 +1008,7 @@ jobs: packages: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref }} @@ -1072,7 +1072,7 @@ jobs: packages: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref }} @@ -1116,12 +1116,12 @@ jobs: needs: [playwright-e2e-tests-after-install, playwright-e2e-tests-after-upgrade] runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: repository: camunda/camunda-platform-helm ref: ${{ inputs.camunda-helm-git-ref }} - - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6 + - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version: lts/* @@ -1211,7 +1211,7 @@ jobs: uses: ./.github/actions/failed-pods-info - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm diff --git a/.github/workflows/test-integration-template.yaml b/.github/workflows/test-integration-template.yaml index b2c32826e7..d765718435 100644 --- a/.github/workflows/test-integration-template.yaml +++ b/.github/workflows/test-integration-template.yaml @@ -213,7 +213,7 @@ jobs: matrix: ${{ steps.generate-workflow-matrix.outputs.matrix }} steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed if the workflow is triggered by workflow_call. repository: camunda/camunda-platform-helm @@ -332,7 +332,7 @@ jobs: namespace: ${{ needs.runner.outputs.namespace }} steps: - name: CI Setup - Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: # This is needed to load repo GH composite actions if the workflow triggered by workflow_call. repository: camunda/camunda-platform-helm diff --git a/.github/workflows/test-local-template.yaml b/.github/workflows/test-local-template.yaml index b5652f1fca..a36837f06b 100644 --- a/.github/workflows/test-local-template.yaml +++ b/.github/workflows/test-local-template.yaml @@ -31,7 +31,7 @@ jobs: env: TEST_NAMESPACE: camunda-platform steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: "${{ inputs.camunda-helm-git-ref }}" - name: Install common software tooling diff --git a/.github/workflows/test-unit-template.yaml b/.github/workflows/test-unit-template.yaml index 66eb48c8c6..a7c6e39385 100644 --- a/.github/workflows/test-unit-template.yaml +++ b/.github/workflows/test-unit-template.yaml @@ -30,7 +30,7 @@ jobs: unitTestEnabled: ${{ steps.test-type-vars.outputs.unitTestEnabled }} unitTestMatrix: ${{ steps.test-type-vars.outputs.unitTestMatrix }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: "${{ inputs.camunda-helm-git-ref }}" - name: Get CI unit test matrix @@ -47,7 +47,7 @@ jobs: name: UnitTest Scripts runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install tools uses: ./.github/actions/install-tool-versions with: @@ -79,7 +79,7 @@ jobs: run: | echo "Workflow Inputs:" echo "${GITHUB_CONTEXT}" - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install tools uses: ./.github/actions/install-tool-versions with: @@ -88,7 +88,7 @@ jobs: helm - name: Configure curl and wget uses: ./.github/actions/setup-curl - - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5 + - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5 with: path: | ~/.cache/go-build