SEC-090: Automated trusted workflow pinning (2025-03-10) #447

hashicorp-tsccr · 2025-03-10T06:08:24Z

Bumping GitHub Actions version to latest TSCCR release.

changes in .github/workflows/ci-go.yml
- bump golangci/golangci-lint-action from v6.3.1 to v6.5.0 (release notes)
- bump actions/upload-artifact from v4.6.0 to v4.6.1 (release notes)
changes in .github/workflows/ci-goreleaser.yml
- bump goreleaser/goreleaser-action from v6.2.0 to v6.2.1 (release notes)
changes in .github/workflows/release.yml
- bump goreleaser/goreleaser-action from v6.2.0 to v6.2.1 (release notes)

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Mar 10, 2025

hashicorp-tsccr bot requested a review from a team as a code owner March 10, 2025 06:08

ansgarm mentioned this pull request Mar 10, 2025

SEC-090: Automated trusted workflow pinning (2025-02-24) #435

Closed

Result of tsccr-helper -log-level=info gha update -latest .github/

7fbdd90

ansgarm force-pushed the tsccr-auto-pinning/trusted/2025-03-10 branch from a0914a1 to 7fbdd90 Compare March 10, 2025 09:55

ansgarm approved these changes Mar 10, 2025

View reviewed changes

ansgarm merged commit 5f414d2 into main Mar 10, 2025
39 checks passed

ansgarm deleted the tsccr-auto-pinning/trusted/2025-03-10 branch March 10, 2025 10:13

github-actions bot locked as resolved and limited conversation to collaborators Apr 9, 2025

Provide feedback