SEC-090: Automated trusted workflow pinning (2025-03-31) #280

hashicorp-tsccr · 2025-03-31T06:09:31Z

Bumping GitHub Actions version to latest TSCCR release.

changes in .github/workflows/ci-github-actions.yml
- bump actions/setup-go from v5.3.0 to v5.4.0 (release notes)
changes in .github/workflows/ci-go.yml
- bump actions/setup-go from v5.3.0 to v5.4.0 (release notes)
- bump golangci/golangci-lint-action from v6.5.1 to v7.0.0 (release notes)
- bump actions/setup-go from v5.3.0 to v5.4.0 (release notes)
- bump actions/upload-artifact from v4.6.1 to v4.6.2 (release notes)
changes in .github/workflows/ci-goreleaser.yml
- bump actions/setup-go from v5.3.0 to v5.4.0 (release notes)
changes in .github/workflows/release.yml
- bump actions/setup-go from v5.3.0 to v5.4.0 (release notes)

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

hashicorp-tsccr bot requested a review from a team as a code owner March 31, 2025 06:09

hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Mar 31, 2025

austinvalle closed this Jun 2, 2025

austinvalle force-pushed the tsccr-auto-pinning/trusted/2025-03-31 branch from 2989122 to 3a08e50 Compare June 2, 2025 19:06

github-actions bot locked as resolved and limited conversation to collaborators Jul 3, 2025

Provide feedback