diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml index df923ce6..9821cb9b 100644 --- a/.github/workflows/_build.yml +++ b/.github/workflows/_build.yml @@ -47,7 +47,7 @@ jobs: # runner); revisit the Intel leg before that retirement. timeout-minutes: 25 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install deps (Ubuntu) if: startsWith(matrix.os, 'ubuntu') @@ -122,7 +122,7 @@ jobs: runs-on: windows-latest timeout-minutes: 25 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 with: @@ -197,7 +197,7 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 25 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install deps run: sudo apt-get update && sudo apt-get install -y zlib1g-dev diff --git a/.github/workflows/_lint.yml b/.github/workflows/_lint.yml index b8f8e511..c39e560c 100644 --- a/.github/workflows/_lint.yml +++ b/.github/workflows/_lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Tests must pass or fail — no SKIPs except genuinely platform-specific # ones (SKIP_PLATFORM / #ifdef). Fails the lint phase on any plain SKIP(). diff --git a/.github/workflows/_security.yml b/.github/workflows/_security.yml index b7ce3bb3..53b40923 100644 --- a/.github/workflows/_security.yml +++ b/.github/workflows/_security.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Layer 1: Static allow-list audit" run: scripts/security-audit.sh - name: "Layer 6: UI security audit" @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install ScanCode Toolkit run: pipx install scancode-toolkit - name: "Gate self-test (a planted violation must be detected)" diff --git a/.github/workflows/_smoke.yml b/.github/workflows/_smoke.yml index b4a62a7d..bec2a174 100644 --- a/.github/workflows/_smoke.yml +++ b/.github/workflows/_smoke.yml @@ -29,7 +29,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 15 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: @@ -105,7 +105,7 @@ jobs: runs-on: windows-latest timeout-minutes: 15 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 with: @@ -176,7 +176,7 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 15 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: @@ -219,7 +219,7 @@ jobs: timeout-minutes: 10 continue-on-error: true steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Build Glama image and verify MCP introspection run: bash pkg/glama/verify.sh - name: Test homebrew installation diff --git a/.github/workflows/_soak.yml b/.github/workflows/_soak.yml index f5799aa2..5f34e270 100644 --- a/.github/workflows/_soak.yml +++ b/.github/workflows/_soak.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 30 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install deps (Linux) if: startsWith(matrix.os, 'ubuntu') run: sudo apt-get update && sudo apt-get install -y zlib1g-dev python3 git @@ -69,7 +69,7 @@ jobs: runs-on: windows-latest timeout-minutes: 30 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 with: msystem: CLANG64 @@ -127,7 +127,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 45 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install deps (Linux) if: startsWith(matrix.os, 'ubuntu') run: sudo apt-get update && sudo apt-get install -y zlib1g-dev python3 git @@ -152,7 +152,7 @@ jobs: runs-on: windows-latest timeout-minutes: 45 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 with: msystem: CLANG64 diff --git a/.github/workflows/_test.yml b/.github/workflows/_test.yml index 847bf8fa..64276066 100644 --- a/.github/workflows/_test.yml +++ b/.github/workflows/_test.yml @@ -33,7 +33,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 60 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install deps (Ubuntu) if: startsWith(matrix.os, 'ubuntu') @@ -48,7 +48,7 @@ jobs: runs-on: windows-latest timeout-minutes: 60 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: msys2/setup-msys2@66cd2cce69caa17b53920067426061ca1de3a884 # v2 with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ddfb457f..a5930053 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,7 +23,7 @@ jobs: actions: read contents: read steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install build dependencies run: sudo apt-get update && sudo apt-get install -y zlib1g-dev diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml index c138b705..032c3665 100644 --- a/.github/workflows/dco.yml +++ b/.github/workflows/dco.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index 1b5c4dfc..26dc0c70 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -35,7 +35,7 @@ jobs: name: github-pages url: ${{ steps.deployment.outputs.page_url }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 315a0130..d82c3077 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -84,7 +84,7 @@ jobs: id-token: write attestations: write steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: @@ -191,7 +191,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -291,7 +291,7 @@ jobs: contents: read id-token: write # for npm provenance steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # The packaged versions MUST match the dispatched release version — # the 0.8.0 release failed here because pkg/npm still carried the @@ -365,7 +365,7 @@ jobs: id-token: write # GitHub OIDC auth to the MCP Registry contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Sync server.json version to the released package env: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f7b721fa..eb7464f1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,7 +15,7 @@ jobs: security-events: write id-token: write steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false