Skip to content

SEC-090: Automated trusted workflow pinning (2025-02-17) #432

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 19, 2025
Merged

SEC-090: Automated trusted workflow pinning (2025-02-17) #432

merged 1 commit into from
Feb 19, 2025

Conversation

@hashicorp-tsccr
Copy link
Contributor

@hashicorp-tsccr hashicorp-tsccr bot commented Feb 17, 2025

Bumping GitHub Actions version to latest TSCCR release.

  • changes in .github/workflows/ci-go.yml
    • bump golangci/golangci-lint-action from v6.2.0 to v6.3.1 (release notes)
  • changes in .github/workflows/ci-goreleaser.yml
    • bump goreleaser/goreleaser-action from v6.1.0 to v6.2.0 (release notes)
  • changes in .github/workflows/release.yml
    • bump goreleaser/goreleaser-action from v6.1.0 to v6.2.0 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/13363953579

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team as a code owner February 17, 2025 06:07
@hashicorp-tsccr hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Feb 17, 2025
austinvalle
austinvalle approved these changes Feb 19, 2025
View reviewed changes
Copy link
Member

@austinvalle austinvalle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Linting errors are known and need to be resolved via a follow-up PR 👍🏻

@austinvalle austinvalle merged commit d69a9b7 into main Feb 19, 2025
38 of 39 checks passed
@austinvalle austinvalle deleted the tsccr-auto-pinning/trusted/2025-02-17 branch February 19, 2025 13:27
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 21, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@austinvalle austinvalle austinvalle approved these changes

Assignees

No one assigned

Labels

SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@austinvalle