diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index 8cdad5db..9d70c1f6 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run checkov - uses: bridgecrewio/checkov-action@d9688e5b7bef1943a56e5f2db120b1cb30037c1c # v12.2935.0 + uses: bridgecrewio/checkov-action@4ad414b100f8415d05d88b6be40d7aa7aa38c057 # v12.2941.0 with: config_file: .checkov.yml output_format: cli,sarif @@ -26,7 +26,7 @@ jobs: skip_download: true # Do not download any data from Bridgecrew's servers - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 if: success() || failure() with: diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index e1c67b99..662ea7bb 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -32,6 +32,6 @@ jobs: platform_type: 'kubernetes' disable_secrets: true - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.26.8 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: report-dir/results.sarif diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 95156ffb..6bc9a8df 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -62,7 +62,7 @@ jobs: run: ct lint --config ct.yaml $TEST_ALL_CHARTS_ARG - name: Create kind cluster - uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' && env.PR_FROM_FORK == 'false' with: version: ${{ env.KIND_VERSION}} diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index c1aea9b4..95769893 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -17,20 +17,20 @@ jobs: contents: write steps: - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@64418826697dcd77c93a8e4a1f7601a1942e57b5 # v3.0.18 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6ae615f6475d2ede5ad88bea6baa7a1d5e93ffaa # v3.0.19 with: allowlist: | Alfresco/alfresco-build-tools/ - name: Setup helm docs - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 + uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a96753d4d1c98384249ea8370b5d605866b63e1e # v8.8.0 - name: Install kubeconform helm plugin run: | helm plugin install https://github.com/jtyr/kubeconform-helm --version v0.1.12 - name: Run pre-commit - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a96753d4d1c98384249ea8370b5d605866b63e1e # v8.8.0 with: # disable auto-commit for PRs from forks auto-commit: ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }} diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index 8e4d93b8..9bd920f4 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -27,7 +27,7 @@ jobs: token: ${{ secrets.BOT_GITHUB_TOKEN }} - uses: >- - Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.6.1 + Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.8.0 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -37,15 +37,15 @@ jobs: password: ${{ secrets.QUAY_PASSWORD }} - name: Install Updatecli - uses: updatecli/updatecli-action@11d8c3e7c4dbb188d9534e599db759e418911828 # v2.73.0 + uses: updatecli/updatecli-action@4aca518a70708e38063453d8de9c551af7f48ac3 # v2.75.0 - run: updatecli apply env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a96753d4d1c98384249ea8370b5d605866b63e1e # v8.8.0 - name: Regenerate helm docs if necessary - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a96753d4d1c98384249ea8370b5d605866b63e1e # v8.8.0 with: pre-commit-args: helm-docs || true skip_checkout: "true" @@ -71,7 +71,7 @@ jobs: token: ${{ secrets.BOT_GITHUB_TOKEN }} - uses: >- - Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.6.1 + Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.8.0 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -81,7 +81,7 @@ jobs: password: ${{ secrets.QUAY_PASSWORD }} - name: Install Updatecli - uses: updatecli/updatecli-action@11d8c3e7c4dbb188d9534e599db759e418911828 # v2.73.0 + uses: updatecli/updatecli-action@4aca518a70708e38063453d8de9c551af7f48ac3 # v2.75.0 - name: Checkout updatecli configs uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -101,9 +101,9 @@ jobs: QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} UPDATECLI_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a96753d4d1c98384249ea8370b5d605866b63e1e # v8.8.0 - name: Regenerate helm docs if necessary - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a96753d4d1c98384249ea8370b5d605866b63e1e # v8.8.0 with: pre-commit-args: helm-docs || true skip_checkout: "true"