diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 4185ebd..171f842 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -24,7 +24,7 @@ jobs: name: Action lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/boilerplate.yaml b/.github/workflows/boilerplate.yaml index eead377..b04ccb7 100644 --- a/.github/workflows/boilerplate.yaml +++ b/.github/workflows/boilerplate.yaml @@ -36,7 +36,7 @@ jobs: language: YAML steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -45,7 +45,7 @@ jobs: with: persist-credentials: false - - uses: chainguard-dev/actions/boilerplate@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 + - uses: chainguard-dev/actions/boilerplate@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25 with: extension: ${{ matrix.extension }} language: ${{ matrix.language }} diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 1d51237..227e3ab 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -20,7 +20,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -30,4 +30,4 @@ jobs: persist-credentials: false - name: Do Not Submit - uses: chainguard-dev/actions/donotsubmit@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 + uses: chainguard-dev/actions/donotsubmit@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25 diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index fac0a98..cd9c697 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -20,7 +20,7 @@ jobs: contents: read # for actions/checkout to fetch code runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -30,7 +30,7 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/presubmit-testing.yaml b/.github/workflows/presubmit-testing.yaml index 4cc48ab..a864ab6 100644 --- a/.github/workflows/presubmit-testing.yaml +++ b/.github/workflows/presubmit-testing.yaml @@ -20,13 +20,13 @@ jobs: id-token: write steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: './go.mod' check-latest: true diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 386ec64..bba223c 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -23,7 +23,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -33,12 +33,12 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: './go.mod' check-latest: true - - uses: chainguard-dev/actions/gofmt@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 + - uses: chainguard-dev/actions/gofmt@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25 with: args: -s @@ -50,7 +50,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -60,12 +60,12 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: './go.mod' check-latest: true - - uses: chainguard-dev/actions/goimports@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 + - uses: chainguard-dev/actions/goimports@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25 golangci-lint: name: golangci-lint @@ -76,7 +76,7 @@ jobs: pull-requests: read steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -85,13 +85,13 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: './go.mod' check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 + uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 with: version: v2.8 @@ -103,7 +103,7 @@ jobs: contents: read steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit @@ -113,18 +113,18 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: './go.mod' check-latest: true - - uses: chainguard-dev/actions/trailing-space@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 + - uses: chainguard-dev/actions/trailing-space@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25 if: ${{ always() }} - - uses: chainguard-dev/actions/eof-newline@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14 + - uses: chainguard-dev/actions/eof-newline@e1c4977ad9cb32b12c5b222ec0134a22bec60bd5 # v1.6.25 if: ${{ always() }} - - uses: step-security/action-tflint@15c8d1fff9c8c2f40157254897d99ef4bb0c5e5d # v1.24.2 + - uses: step-security/action-tflint@285fe25934512644274b253b424a5d4b8f1c2dc5 # v1.25.0 if: ${{ always() }} with: github_token: ${{ secrets.github_token }} @@ -141,7 +141,7 @@ jobs: **/third_party/** ./*.yml - - uses: step-security/woke-action-reviewdog@950b04a91ab83c38de67275fe6190a4eb977f261 # v0.1.1 + - uses: step-security/woke-action-reviewdog@5db6c18a75242300a37ae6ffe92d03b4da1b5ae8 # v0.1.2 if: ${{ always() }} with: github-token: ${{ secrets.github_token }} diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index ea7a039..ecf6130 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -26,7 +26,7 @@ jobs: contents: read # Clone the repository security-events: write # Upload SARIF results to Code Scanning steps: - - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: block allowed-endpoints: > @@ -41,4 +41,4 @@ jobs: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7