diff --git a/.github/workflows/deps-update.yml b/.github/workflows/deps-update.yml index 9c23da17..8c0c1aa0 100644 --- a/.github/workflows/deps-update.yml +++ b/.github/workflows/deps-update.yml @@ -15,7 +15,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Set up Go id: setup-go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: # Run with current stable so we can evaluate all possible versions; as the Go toolchain # will bail out if it encounters a "candidate" that requires a newer release. diff --git a/.github/workflows/docsite.yml b/.github/workflows/docsite.yml index f7fda302..63130f9e 100644 --- a/.github/workflows/docsite.yml +++ b/.github/workflows/docsite.yml @@ -21,7 +21,7 @@ jobs: lfs: true submodules: recursive - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: '**/go.mod' diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 7f823f78..0ee41c93 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -37,6 +37,6 @@ jobs: retention-days: 5 # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v3 with: sarif_file: results.sarif diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index ff0c1504..e6f47f8e 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -13,7 +13,7 @@ jobs: - name: Check out uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: oldstable cache-dependency-path: '**/go.mod' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f746941f..0d884959 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: '**/go.mod' @@ -90,7 +90,7 @@ jobs: with: ref: ${{ github.event.release.target_commitish }} - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: oldstable cache-dependency-path: '**/go.mod' diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index 52957d9f..e1660e51 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -29,12 +29,12 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v3 with: languages: go build-mode: autobuild - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v3 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v3 with: category: "/language:go" # Currently, the upload fails for merge group checks, but still run the checks... diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d39d64c1..d7077a60 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go id: setup-go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: oldstable cache-dependency-path: "**/go.mod" @@ -142,7 +142,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: "**/go.mod" @@ -163,7 +163,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: "**/go.mod" @@ -183,7 +183,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@471d5ace1f08e3c4df1c4c2f7e6341aa75da434a # v3 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236c6ce584ae24bc6283ba8dcf4b3ec8a066 # v3 with: allowlist: DataDog/dd-trace-go # Trust actions/workflows in the dd-trace-go repository - name: Verify actions are pinned with ratchet @@ -206,7 +206,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: "**/go.mod" @@ -225,7 +225,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: "**/go.mod" @@ -258,7 +258,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup Go id: setup-go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: ${{ matrix.go-version }} cache-dependency-path: "**/go.mod" @@ -306,7 +306,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go id: setup-go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: "**/go.mod" @@ -331,7 +331,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup go id: setup-go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: stable cache-dependency-path: "**/go.mod" @@ -361,7 +361,7 @@ jobs: integration-tests: name: Integration Tests needs: generate - uses: DataDog/dd-trace-go/.github/workflows/orchestrion.yml@ee8dce259fa5e3f266a3b92944ece08023aabc8a # ratchet:DataDog/dd-trace-go/.github/workflows/orchestrion.yml@main + uses: DataDog/dd-trace-go/.github/workflows/orchestrion.yml@a46470757ace521d309bf03be10a31366fcf2252 # ratchet:DataDog/dd-trace-go/.github/workflows/orchestrion.yml@main with: collect-coverage: ${{ github.event_name != 'merge_group' }} orchestrion-version: ${{ github.sha }} @@ -382,7 +382,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 - name: Setup Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version: ${{ matrix.go-version }} cache-dependency-path: "**/go.mod"