diff --git a/.github/workflows/_cve_fetch.yml b/.github/workflows/_cve_fetch.yml index d504e56863192..cd7c15b4613bd 100644 --- a/.github/workflows/_cve_fetch.yml +++ b/.github/workflows/_cve_fetch.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set vars id: vars run: | diff --git a/.github/workflows/_cve_scan.yml b/.github/workflows/_cve_scan.yml index aeb4c93fdb11e..d5c8e50a88071 100644 --- a/.github/workflows/_cve_scan.yml +++ b/.github/workflows/_cve_scan.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set vars id: vars run: | diff --git a/.github/workflows/_precheck_deps.yml b/.github/workflows/_precheck_deps.yml index 1b8f005f4dd3c..6857dcd670235 100644 --- a/.github/workflows/_precheck_deps.yml +++ b/.github/workflows/_precheck_deps.yml @@ -64,7 +64,7 @@ jobs: if: ${{ inputs.dependency-review }} steps: - name: Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ fromJSON(inputs.request).request.sha }} persist-credentials: false diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml index d97bc9170373b..eb50e437b43ea 100644 --- a/.github/workflows/codeql-daily.yml +++ b/.github/workflows/codeql-daily.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Free disk space uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.3.28 diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml index 3b25931f53276..2f1cc042c358a 100644 --- a/.github/workflows/codeql-push.yml +++ b/.github/workflows/codeql-push.yml @@ -34,7 +34,7 @@ jobs: if: github.repository == 'envoyproxy/envoy' steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 2 diff --git a/.github/workflows/envoy-dependency.yml b/.github/workflows/envoy-dependency.yml index 065d3c5c99858..e72aeaf5d7b04 100644 --- a/.github/workflows/envoy-dependency.yml +++ b/.github/workflows/envoy-dependency.yml @@ -146,7 +146,7 @@ jobs: path: envoy fetch-depth: 0 token: ${{ steps.appauth.outputs.token }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 name: Checkout Envoy build tools repository with: repository: envoyproxy/envoy-build-tools @@ -238,7 +238,7 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Run dependency checker run: | TODAY_DATE=$(date -u -I"date") diff --git a/.github/workflows/envoy-security-check.yml b/.github/workflows/envoy-security-check.yml index b4e364c0f264b..5a50cab42a586 100644 --- a/.github/workflows/envoy-security-check.yml +++ b/.github/workflows/envoy-security-check.yml @@ -101,7 +101,7 @@ jobs: # SLACK - name: Checkout repository (secure branch) if: matrix.action == 'slack' - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: # Explicitly checkout main to avoid malicious code ref: main diff --git a/.github/workflows/mobile-release.yml b/.github/workflows/mobile-release.yml index 305ee2cb5ac8a..a126698cfaa72 100644 --- a/.github/workflows/mobile-release.yml +++ b/.github/workflows/mobile-release.yml @@ -86,7 +86,7 @@ jobs: include: - output: envoy steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Add safe directory diff --git a/.github/workflows/pr_notifier.yml b/.github/workflows/pr_notifier.yml index 438e8d007de27..013e3439b10bf 100644 --- a/.github/workflows/pr_notifier.yml +++ b/.github/workflows/pr_notifier.yml @@ -24,7 +24,7 @@ jobs: || !contains(github.actor, '[bot]')) }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Notify about PRs run: | ARGS=() diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5b1b6dabf44c6..8f3b0c269a41a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -21,7 +21,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/toolchain-test.yml b/.github/workflows/toolchain-test.yml index 04c2c9ae3a64a..23315e37c4947 100644 --- a/.github/workflows/toolchain-test.yml +++ b/.github/workflows/toolchain-test.yml @@ -32,7 +32,7 @@ jobs: name: "Test: ${{ matrix.name }}" steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Run matrix test run: | cd ci/matrix