diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2896d8d36..bed80b16f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -31,7 +31,7 @@ jobs: release-assets.githubusercontent.com:443 - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: chainguard-dev/actions/setup-gitsign@f45211d3e8f9d2676c6b8cdd6a765435e06c819d + - uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67 - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ae26eb75b..1c70df068 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -81,7 +81,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index fa463854a..48ccf9e57 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -132,7 +132,7 @@ jobs: go-version-file: go.mod check-latest: true - - uses: chainguard-dev/actions/gofmt@f45211d3e8f9d2676c6b8cdd6a765435e06c819d # main + - uses: chainguard-dev/actions/gofmt@de68b87302e6266db5fb5220246f8aa46fe94b67 # main with: args: -s @@ -170,7 +170,7 @@ jobs: go-version-file: go.mod check-latest: true - - uses: chainguard-dev/actions/goimports@f45211d3e8f9d2676c6b8cdd6a765435e06c819d # main + - uses: chainguard-dev/actions/goimports@de68b87302e6266db5fb5220246f8aa46fe94b67 # main golangci-lint: name: golangci-lint diff --git a/.github/workflows/third-party.yaml b/.github/workflows/third-party.yaml index ee315b99d..6fbdfcfe7 100644 --- a/.github/workflows/third-party.yaml +++ b/.github/workflows/third-party.yaml @@ -73,7 +73,7 @@ jobs: - name: Prepare samples run: make samples - - uses: chainguard-dev/actions/setup-gitsign@f45211d3e8f9d2676c6b8cdd6a765435e06c819d + - uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67 - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/update-yara-x.yaml b/.github/workflows/update-yara-x.yaml index 32fe081cf..61ce2d511 100644 --- a/.github/workflows/update-yara-x.yaml +++ b/.github/workflows/update-yara-x.yaml @@ -113,7 +113,7 @@ jobs: go-version-file: go.mod check-latest: true - - uses: chainguard-dev/actions/setup-gitsign@f45211d3e8f9d2676c6b8cdd6a765435e06c819d + - uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67 - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts diff --git a/.github/workflows/version.yaml b/.github/workflows/version.yaml index adf7b95fa..e98966b78 100644 --- a/.github/workflows/version.yaml +++ b/.github/workflows/version.yaml @@ -40,7 +40,7 @@ jobs: release-assets.githubusercontent.com:443 tuf-repo-cdn.sigstore.dev:443 - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: chainguard-dev/actions/setup-gitsign@f45211d3e8f9d2676c6b8cdd6a765435e06c819d + - uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67 - name: Set up Octo-STS uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts