diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 24ff555..bda8c8f 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -8,9 +8,9 @@ jobs: name: Workflow Files runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: reviewdog/action-actionlint@437bbe918b0d29544cbf9e8b1d63fe6f4e7a881d # v1.69.0 + - uses: reviewdog/action-actionlint@0d952c597ef8459f634d7145b0b044a9699e5e43 # v1.71.0 with: fail_level: any diff --git a/.github/workflows/as-e2e.yml b/.github/workflows/as-e2e.yml index 5306f49..8b11186 100644 --- a/.github/workflows/as-e2e.yml +++ b/.github/workflows/as-e2e.yml @@ -34,21 +34,21 @@ jobs: GRPC_TEE_ENUM: ${{ matrix.grpc_tee_enum }} RESTFUL_TEE_ENUM: ${{ matrix.restful_tee_enum }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3 with: components: rustfmt, clippy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable - name: Set up rust build cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 continue-on-error: false with: path: | diff --git a/.github/workflows/as-rust.yml b/.github/workflows/as-rust.yml index bf8153b..a92beeb 100644 --- a/.github/workflows/as-rust.yml +++ b/.github/workflows/as-rust.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Code checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 1 persist-credentials: false @@ -64,7 +64,7 @@ jobs: sudo apt-get install -y libsgx-dcap-quote-verify-dev libsgx-dcap-default-qpl - name: Install Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3 with: components: rustfmt, clippy diff --git a/.github/workflows/build-as-image.yml b/.github/workflows/build-as-image.yml index f695cd7..a984197 100644 --- a/.github/workflows/build-as-image.yml +++ b/.github/workflows/build-as-image.yml @@ -61,15 +61,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/build-kbs-client-image.yml b/.github/workflows/build-kbs-client-image.yml index 1dc1419..9ecbfeb 100644 --- a/.github/workflows/build-kbs-client-image.yml +++ b/.github/workflows/build-kbs-client-image.yml @@ -33,15 +33,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/build-kbs-image.yml b/.github/workflows/build-kbs-image.yml index b887272..829543f 100644 --- a/.github/workflows/build-kbs-image.yml +++ b/.github/workflows/build-kbs-image.yml @@ -70,15 +70,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/build-trustee-cli.yml b/.github/workflows/build-trustee-cli.yml index 2d9380a..99d0958 100644 --- a/.github/workflows/build-trustee-cli.yml +++ b/.github/workflows/build-trustee-cli.yml @@ -33,15 +33,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/kbs-docker-e2e.yml b/.github/workflows/kbs-docker-e2e.yml index 1a8b84e..8cbe81a 100644 --- a/.github/workflows/kbs-docker-e2e.yml +++ b/.github/workflows/kbs-docker-e2e.yml @@ -31,12 +31,12 @@ jobs: runs-on: ${{ matrix.instance }} steps: - name: Checkout KBS - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install Rust (for client) - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3 with: components: rustfmt, clippy diff --git a/.github/workflows/kbs-e2e-azure-vtpm.yml b/.github/workflows/kbs-e2e-azure-vtpm.yml index 2c06ed8..dffa751 100644 --- a/.github/workflows/kbs-e2e-azure-vtpm.yml +++ b/.github/workflows/kbs-e2e-azure-vtpm.yml @@ -16,14 +16,14 @@ jobs: packages: write steps: - name: Checkout Code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Archive source run: git archive -o kbs.tar.gz HEAD - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./kbs.tar.gz diff --git a/.github/workflows/kbs-e2e-sample.yml b/.github/workflows/kbs-e2e-sample.yml index 76002ab..b440453 100644 --- a/.github/workflows/kbs-e2e-sample.yml +++ b/.github/workflows/kbs-e2e-sample.yml @@ -13,14 +13,14 @@ jobs: packages: write runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Archive source run: git archive -o kbs.tar.gz HEAD - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ./kbs.tar.gz diff --git a/.github/workflows/kbs-e2e.yml b/.github/workflows/kbs-e2e.yml index a45811e..d71f34e 100644 --- a/.github/workflows/kbs-e2e.yml +++ b/.github/workflows/kbs-e2e.yml @@ -43,7 +43,7 @@ jobs: OS_VERSION: ubuntu-22.04 steps: - name: Download artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 - name: Extract tarball run: tar xzf "./${INPUTS_TARBALL}" @@ -51,14 +51,14 @@ jobs: INPUTS_TARBALL: ${{ inputs.tarball }} - name: Install Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3 with: components: rustfmt, clippy rustflags: "" cache: false - name: Set up rust build cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 continue-on-error: false with: path: | @@ -78,7 +78,7 @@ jobs: - name: Archive test folder run: tar czf test.tar.gz kbs/test - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: test.tar.gz overwrite: true @@ -92,7 +92,7 @@ jobs: RUST_LOG: warn steps: - name: Download artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: artifacts-${{ inputs.tee }}-${{ inputs.arch }} @@ -101,7 +101,7 @@ jobs: - name: Set up SGX/TDX certificates cache if: inputs.tee == 'az-tdx-vtpm' - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: .dcap-qcnl key: ${{ runner.os }}-dcap-qcnl diff --git a/.github/workflows/kbs-rust.yml b/.github/workflows/kbs-rust.yml index 3739dc3..cfc8e9d 100644 --- a/.github/workflows/kbs-rust.yml +++ b/.github/workflows/kbs-rust.yml @@ -37,12 +37,12 @@ jobs: steps: - name: Code checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3 with: components: rustfmt, clippy diff --git a/.github/workflows/link.yml b/.github/workflows/link.yml index bf312d7..52c3557 100644 --- a/.github/workflows/link.yml +++ b/.github/workflows/link.yml @@ -15,19 +15,19 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Restore lychee cache - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: .lycheecache key: cache-lychee-${{ github.sha }} restore-keys: cache-lychee- - name: Check links - uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # v2.7.0 + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2.8.0 with: args: "--cache --max-cache-age 1d ." fail: true diff --git a/.github/workflows/push-as-image-to-ghcr.yml b/.github/workflows/push-as-image-to-ghcr.yml index 38122f0..70d7ce6 100644 --- a/.github/workflows/push-as-image-to-ghcr.yml +++ b/.github/workflows/push-as-image-to-ghcr.yml @@ -39,10 +39,10 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/push-kbs-client-image-to-ghcr.yml b/.github/workflows/push-kbs-client-image-to-ghcr.yml index ac3238f..3f3cd39 100644 --- a/.github/workflows/push-kbs-client-image-to-ghcr.yml +++ b/.github/workflows/push-kbs-client-image-to-ghcr.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/push-kbs-client-to-ghcr.yml b/.github/workflows/push-kbs-client-to-ghcr.yml index c3f70b1..b62ce43 100644 --- a/.github/workflows/push-kbs-client-to-ghcr.yml +++ b/.github/workflows/push-kbs-client-to-ghcr.yml @@ -31,15 +31,15 @@ jobs: version: 1.0.0 - name: Check out code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log in to ghcr.io - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/push-kbs-image-to-ghcr.yml b/.github/workflows/push-kbs-image-to-ghcr.yml index 4ac027c..eddba5e 100644 --- a/.github/workflows/push-kbs-image-to-ghcr.yml +++ b/.github/workflows/push-kbs-image-to-ghcr.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Login to GHCR Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/push-trustee-cli-to-ghcr.yml b/.github/workflows/push-trustee-cli-to-ghcr.yml index f49e55d..0c4272a 100644 --- a/.github/workflows/push-trustee-cli-to-ghcr.yml +++ b/.github/workflows/push-trustee-cli-to-ghcr.yml @@ -31,15 +31,15 @@ jobs: version: 1.0.0 - name: Check out code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log in to ghcr.io - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index ce8dde3..53e52d8 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -27,7 +27,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -46,7 +46,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: SARIF file path: results.sarif @@ -55,6 +55,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v3.29.5 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/trustee-cli-rust.yml b/.github/workflows/trustee-cli-rust.yml index 414a09d..bf07cb5 100644 --- a/.github/workflows/trustee-cli-rust.yml +++ b/.github/workflows/trustee-cli-rust.yml @@ -41,12 +41,12 @@ jobs: steps: - name: Code checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Install Rust toolchain - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3 with: components: rustfmt, clippy