diff --git a/.github/workflows/acceptance-test.yml b/.github/workflows/acceptance-test.yml index 80b3b851..cb3cf83c 100644 --- a/.github/workflows/acceptance-test.yml +++ b/.github/workflows/acceptance-test.yml @@ -19,7 +19,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index c563143e..ecfa7a53 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -33,7 +33,7 @@ jobs: matrix: flavor: ["cpp", "rust"] steps: - - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 + - uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -82,7 +82,7 @@ jobs: id: devcontainer-metadata - run: echo "git-commit-epoch=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT" id: devcontainer-epoch - - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 id: build-and-push env: SOURCE_DATE_EPOCH: ${{ steps.devcontainer-epoch.outputs.git-commit-epoch }} @@ -103,7 +103,7 @@ jobs: with: from-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}:latest to-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ matrix.flavor }}@${{ steps.build-and-push.outputs.digest }} - - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1 with: header: container-size-diff-${{ matrix.flavor }} message: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 05098f51..b779a336 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: with: persist-credentials: false - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: .devcontainer/${{ matrix.flavor }}/Dockerfile load: true diff --git a/.github/workflows/pr-conventional-title.yml b/.github/workflows/pr-conventional-title.yml index d3c2fbd7..aa87676e 100644 --- a/.github/workflows/pr-conventional-title.yml +++ b/.github/workflows/pr-conventional-title.yml @@ -26,7 +26,7 @@ jobs: doesn't start with an uppercase character. env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1 if: always() && steps.pr-title.outputs.error_message != null with: header: pr-title-lint-error @@ -40,7 +40,7 @@ jobs: ${{ steps.pr-title.outputs.error_message }} - if: steps.pr-title.outputs.error_message == null - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1 with: header: pr-title-lint-error delete: true diff --git a/.github/workflows/prime-cache.yml b/.github/workflows/prime-cache.yml index ff58577d..43b4f21c 100644 --- a/.github/workflows/prime-cache.yml +++ b/.github/workflows/prime-cache.yml @@ -36,7 +36,7 @@ jobs: "root-ccache": "/root/.ccache" } skip-extraction: ${{ steps.buildkit-cache.outputs.cache-hit }} - - uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 + - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: .devcontainer/${{ matrix.flavor }}/Dockerfile platforms: linux/amd64,linux/arm64