SEC-090: Automated trusted workflow pinning (2025-02-24) #435

hashicorp-tsccr · 2025-02-24T06:09:01Z

Bumping GitHub Actions version to latest TSCCR release.

changes in .github/workflows/ci-go.yml
- bump golangci/golangci-lint-action from v6.3.1 to v6.5.0 (release notes)
changes in .github/workflows/ci-goreleaser.yml
- bump goreleaser/goreleaser-action from v6.2.0 to v6.2.1 (release notes)
changes in .github/workflows/release.yml
- bump goreleaser/goreleaser-action from v6.2.0 to v6.2.1 (release notes)

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

ansgarm · 2025-03-10T09:54:42Z

superseded by #447

hashicorp-tsccr bot requested a review from a team as a code owner February 24, 2025 06:09

hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Feb 24, 2025

Result of tsccr-helper -log-level=info gha update -latest .github/

ac05d73

austinvalle force-pushed the tsccr-auto-pinning/trusted/2025-02-24 branch from f40ddc9 to ac05d73 Compare March 7, 2025 20:20

austinvalle mentioned this pull request Mar 7, 2025

chore: FIx golangci linters #446

Merged

ansgarm closed this Mar 10, 2025

github-actions bot locked as resolved and limited conversation to collaborators Apr 9, 2025

Provide feedback