diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fba12fa919..d755b11fda 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,9 +14,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out code into the Go module directory - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4 - name: Set up Go 1.x - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: go.mod - name: build diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1d635a980d..039637f201 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,16 +42,16 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4 - name: Set up Go 1.x - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 + uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 + uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 + uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4 diff --git a/.github/workflows/diet-check.yml b/.github/workflows/diet-check.yml index 69c151c913..f00daeda6b 100644 --- a/.github/workflows/diet-check.yml +++ b/.github/workflows/diet-check.yml @@ -14,7 +14,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: go.mod diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 2460208930..a6ac02b1d1 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -26,17 +26,17 @@ jobs: remove-swapfile: "true" - name: Checkout - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4 - name: Set up QEMU - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3 - name: vuls/vuls image meta id: oss-meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: vuls/vuls tags: | @@ -44,20 +44,20 @@ jobs: - name: vuls/fvuls image meta id: fvuls-meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: vuls/fvuls tags: | type=ref,event=tag - name: Login to DockerHub - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: OSS image build and push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: context: . file: ./Dockerfile @@ -70,7 +70,7 @@ jobs: platforms: linux/amd64,linux/arm64 - name: FutureVuls image build and push - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: context: . file: ./contrib/Dockerfile diff --git a/.github/workflows/golangci.yml b/.github/workflows/golangci.yml index 14eb20f1e6..952f536c8c 100644 --- a/.github/workflows/golangci.yml +++ b/.github/workflows/golangci.yml @@ -14,13 +14,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4 - name: Set up Go 1.x - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: go.mod - name: golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9 with: version: v2.9.0 env: diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index e8282c08df..928c429255 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -15,7 +15,7 @@ jobs: id-token: write # For cosign steps: - name: Cosign install - uses: sigstore/cosign-installer@430b6a704fe0c92f1b1261d84376a900f38d90ff + uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4 - name: Maximize build space uses: AdityaGarg8/remove-unwanted-software@90e01b21170618765a73370fcc3abbd1684a7793 # v5 with: @@ -28,15 +28,15 @@ jobs: remove-cached-tools: "true" remove-swapfile: "true" - name: Checkout - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: go.mod - name: Run GoReleaser - uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a + uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7 with: distribution: goreleaser version: latest diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0eb2d55fa2..8481579923 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 543c37a789..d32dd48237 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code into the Go module directory - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4 - name: Set up Go 1.x - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 with: go-version-file: go.mod - name: go mod tidy check