hoverkraft-tech
diff --git a/‎.github/workflows/__main-ci.yml‎
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/__main-ci.yml‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎.github/workflows/__need-fix-to-issue.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/__need-fix-to-issue.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/__pull-request-ci.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/__pull-request-ci.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/__shared-ci.yml‎
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/__shared-ci.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/__stale.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/__stale.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/__test-action-docker-build-image.yml‎
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/__test-action-docker-build-image.yml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml‎
Lines changed: 8 additions & 8 deletions b/‎.github/workflows/__test-action-docker-prune-pull-requests-image-tags.yml‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎.github/workflows/__test-action-get-image-metadata.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/__test-action-get-image-metadata.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/__test-action-get-image-name.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/__test-action-get-image-name.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/__test-action-helm-parse-chart-uri.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/__test-action-helm-parse-chart-uri.yml‎
Lines changed: 2 additions & 2 deletions
@@ -5,14 +5,19 @@ on: # yamllint disable-line rule:truthy
   push:
     branches: [main]
     tags: ["*"]
+
   workflow_dispatch:
 
+  schedule:
+    - cron: "25 8 * * 1"
+
 permissions:
   actions: write
   contents: write
   issues: read
   packages: write
   pull-requests: write
+  security-events: write
   statuses: write
   # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
   id-token: write
@@ -49,7 +54,8 @@ jobs:
 
   release:
     needs: ci
-    uses: hoverkraft-tech/ci-github-publish/.github/workflows/[email protected]
+    if: github.event_name != 'schedule'
+    uses: hoverkraft-tech/ci-github-publish/.github/workflows/release-actions.yml@c4cef36590a837182788f2e1b02dee17a3647be6 # 0.4.0
     with:
       update-all: ${{ (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' }}
       github-app-id: ${{ vars.CI_BOT_APP_ID }}
 
@@ -23,7 +23,7 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/need-fix-to-issue.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
     with:
       manual-commit-ref: ${{ inputs.manual-commit-ref }}
       manual-base-ref: ${{ inputs.manual-base-ref }}
@@ -11,6 +11,7 @@ permissions:
   issues: read
   packages: write
   pull-requests: read
+  security-events: write
   statuses: write
   # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
   id-token: write
 
@@ -9,14 +9,15 @@ permissions:
   issues: read
   packages: write
   pull-requests: read
+  security-events: write
   statuses: write
   # yamllint disable-line rule:line-length
   # FIXME: This is a workaround for having workflow actions. See https://github.com/orgs/community/discussions/38659
   id-token: write
 
 jobs:
   linter:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
     with:
       # FIXME: re-enable the following checks
       linter-env: |
 
@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   main:
-    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@0.18.0
+    uses: hoverkraft-tech/ci-github-common/.github/workflows/stale.yml@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
@@ -19,7 +19,7 @@ jobs:
       packages: write
     steps:
       - name: Arrange - Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Arrange - Ensure token is set
         run: |
@@ -41,7 +41,7 @@ jobs:
           image: application-test
 
       - name: Assert - Check built image output
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");
@@ -154,7 +154,7 @@ jobs:
               );
             }
 
-      - uses: docker/login-action@v3
+      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -183,7 +183,7 @@ jobs:
       packages: write
     steps:
       - name: Arrange - Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Arrange - Ensure token is set
         run: |
@@ -206,7 +206,7 @@ jobs:
           tag: "0.1.0"
 
       - name: Assert - Check built image output
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");
@@ -217,7 +217,7 @@ jobs:
             assert.equal(builtImageOutput.tags.length, 1, `"tags" output is not valid`);
             assert.equal(builtImageOutput.tags[0], '0.1.0', `"tags" output is not valid`);
 
-      - uses: docker/login-action@v3
+      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
 
@@ -60,9 +60,9 @@ jobs:
     outputs:
       deleted-image-tags: ${{ steps.prune-pull-requests-image-tags.outputs.deleted-image-tags }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - uses: docker/login-action@v3
+      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -87,7 +87,7 @@ jobs:
     needs: [setup, arrange, act]
     steps:
       - name: Assert - Check ouputs
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");
@@ -114,7 +114,7 @@ jobs:
             }
 
       - name: Assert - Ensure expected packages versions have been deleted
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ github.token }}
           script: |
@@ -136,7 +136,7 @@ jobs:
             );
             assert.equal(packageVersionExists, false, `Package version "${{ needs.setup.outputs.tag }}" has not been deleted`);
 
-      - uses: docker/login-action@v3
+      - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         if: ${{ github.event_name == 'pull_request' }}
         with:
           registry: ghcr.io
@@ -174,14 +174,14 @@ jobs:
       packages: write
     if: always()
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - id: get-issue-number
         if: ${{ github.event_name == 'pull_request' }}
-        uses: hoverkraft-tech/ci-github-common/actions/get-issue-number@0.18.0
+        uses: hoverkraft-tech/ci-github-common/actions/get-issue-number@edc1e53751a82ce335e7c3208a32b6ee03856a9f # 0.20.0
 
       - name: Delete test packages
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ github.token }}
           script: |
 
@@ -13,7 +13,7 @@ jobs:
     name: Test for "docker/get-image-metadata" action
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Act
         id: get-image-metadata
@@ -23,7 +23,7 @@ jobs:
           image: application-test
 
       - name: Assert - Check get image metadata ouputs
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");
@@ -66,7 +66,7 @@ jobs:
     name: Test for "docker/get-image-metadata" action with given tag
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Act
         id: get-image-metadata
@@ -77,7 +77,7 @@ jobs:
           tag: 1.0.0
 
       - name: Assert - Check get image metadata ouputs
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");
 
@@ -13,7 +13,7 @@ jobs:
     name: Test for "docker/get-image-name" action
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - id: get-image-name
         uses: ./actions/docker/get-image-name
@@ -22,7 +22,7 @@ jobs:
           image: application-test
 
       - name: Check get image name ouputs
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             /* jscpd:ignore-start */
@@ -50,7 +50,7 @@ jobs:
     name: Test for "docker/get-image-name" action with given repository
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - id: get-image-name
         uses: ./actions/docker/get-image-name
@@ -60,7 +60,7 @@ jobs:
           repository: hoverkraft-tech/other-repository
 
       - name: Check get image name ouput
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             /* jscpd:ignore-start */
 
@@ -13,7 +13,7 @@ jobs:
     name: Test for "helm/parse-chart-uri" action
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Act
         id: parse-chart-uri
@@ -22,7 +22,7 @@ jobs:
           uri: "ghcr.io/my-org/my-repo/charts/application/my-repo:0.1.0"
 
       - name: Assert - Check parse chart URI ouputs
-        uses: actions/[email protected]
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             const assert = require("assert");