diff --git a/.github/workflows/aws-platform-tests.yml b/.github/workflows/aws-platform-tests.yml index d6f99d6..6094ffb 100644 --- a/.github/workflows/aws-platform-tests.yml +++ b/.github/workflows/aws-platform-tests.yml @@ -167,7 +167,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/build-arm64-ami.yml b/.github/workflows/build-arm64-ami.yml index 87fcfc3..f984c9f 100644 --- a/.github/workflows/build-arm64-ami.yml +++ b/.github/workflows/build-arm64-ami.yml @@ -42,7 +42,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 26e36f8..152be41 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -624,7 +624,7 @@ jobs: sudo apt-get install -y libpam0g-dev libssl-dev pkg-config libdbus-1-dev libtss2-dev - name: Install cargo-llvm-cov - uses: taiki-e/install-action@711e1c3275189d76dcc4d34ddea63bf96ac49090 # v2.76.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: cargo-llvm-cov @@ -650,7 +650,7 @@ jobs: } - name: Upload coverage to Codecov - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 with: files: lcov.info fail_ci_if_error: false diff --git a/.github/workflows/fleet-test.yml b/.github/workflows/fleet-test.yml index 82b4f83..f187f2e 100644 --- a/.github/workflows/fleet-test.yml +++ b/.github/workflows/fleet-test.yml @@ -77,7 +77,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Terraform - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 + uses: hashicorp/setup-terraform@dfe3c3f87815947d99a8997f908cb6525fc44e9e # v4.0.1 with: terraform_version: "1.7.5" @@ -104,7 +104,7 @@ jobs: # ----------------------------------------------------------------------- - name: Configure AWS credentials (OIDC) if: inputs.cloud == 'aws' - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 4af7d8b..2208844 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -54,7 +54,7 @@ jobs: # Avoids `cargo install cargo-fuzz --locked` pinning to rustix 0.36.5 # which fails to compile on current Rust toolchains. taiki-e fetches a # prebuilt binary, sidestepping the from-source rebuild. - uses: taiki-e/install-action@711e1c3275189d76dcc4d34ddea63bf96ac49090 # v2.76.0 + uses: taiki-e/install-action@d9be7d8cda89035c9c843f78bd44d4f72d8403d4 # v2.79.7 with: tool: cargo-fuzz diff --git a/.github/workflows/integration-arm64-aws.yml b/.github/workflows/integration-arm64-aws.yml index ac1a963..cce2027 100644 --- a/.github/workflows/integration-arm64-aws.yml +++ b/.github/workflows/integration-arm64-aws.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} @@ -94,7 +94,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/integration-multiarch.yml b/.github/workflows/integration-multiarch.yml index fe97eee..9f9053c 100644 --- a/.github/workflows/integration-multiarch.yml +++ b/.github/workflows/integration-multiarch.yml @@ -40,7 +40,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Build test containers (amd64) run: | @@ -104,7 +104,7 @@ jobs: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Build test containers (arm64) run: | diff --git a/.github/workflows/platform-tests.yml b/.github/workflows/platform-tests.yml index 81a81e7..1633af0 100644 --- a/.github/workflows/platform-tests.yml +++ b/.github/workflows/platform-tests.yml @@ -214,7 +214,7 @@ jobs: path: artifacts/ - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} @@ -480,7 +480,7 @@ jobs: path: artifacts/ - name: Configure AWS credentials (OIDC) - uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0 + uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/publish-repo.yml b/.github/workflows/publish-repo.yml index ba4c29f..fc78ecd 100644 --- a/.github/workflows/publish-repo.yml +++ b/.github/workflows/publish-repo.yml @@ -173,7 +173,7 @@ jobs: cp packaging/repo/prmana-public.asc stage/gpg/prmana.asc - name: Deploy to gh-pages - uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4 + uses: peaceiris/actions-gh-pages@84c30a85c19949d7eee79c4ff27748b70285e453 # v4.1.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: stage diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 71e353c..cb0a46d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -384,7 +384,7 @@ jobs: cat SHA256SUMS - name: Install Cosign - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Sign release artifacts working-directory: release-files diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 1f7cbac..466da09 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -59,7 +59,7 @@ jobs: - name: Upload Snyk results to GitHub Security tab if: steps.check-token.outputs.skip != 'true' - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4 with: sarif_file: snyk.sarif @@ -177,7 +177,7 @@ jobs: publish_results: true - name: Upload Scorecard results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4 if: always() with: sarif_file: scorecard-results.sarif