diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d397442af3..ab81c7e893 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -29,15 +29,15 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - name: Initialize CodeQL - uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a + uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a + uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 diff --git a/.github/workflows/dep-review.yaml b/.github/workflows/dep-review.yaml index c90f13b7c9..410542bf24 100644 --- a/.github/workflows/dep-review.yaml +++ b/.github/workflows/dep-review.yaml @@ -14,7 +14,7 @@ jobs: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - name: 'Dependency Review' uses: actions/dependency-review-action@0659a74c94536054bfa5aeb92241f70d680cc78e diff --git a/.github/workflows/deploy_docs.yaml b/.github/workflows/deploy_docs.yaml index b404935204..e8afb657a3 100644 --- a/.github/workflows/deploy_docs.yaml +++ b/.github/workflows/deploy_docs.yaml @@ -27,7 +27,7 @@ jobs: run: working-directory: docs steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Harden Runner uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 diff --git a/.github/workflows/e2e-build.yaml b/.github/workflows/e2e-build.yaml index da1b2a3c60..07e31911d9 100644 --- a/.github/workflows/e2e-build.yaml +++ b/.github/workflows/e2e-build.yaml @@ -36,7 +36,7 @@ jobs: ~/.cache/go-build - uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - run: 'echo ${{ inputs.bucket-id }}' - name: Set env run: | @@ -79,7 +79,7 @@ jobs: ~/.cache/go-build - uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set env run: | echo TRIVY_SCANNER_REPO=scanner >> $GITHUB_ENV @@ -121,7 +121,7 @@ jobs: ~/.cache/go-build - uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set env run: | echo MANAGER_REPO=manager >> $GITHUB_ENV @@ -163,7 +163,7 @@ jobs: ~/.cache/go-build - uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set env run: | echo COLLECTOR_REPO=collector >> $GITHUB_ENV diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index 3a2e97d5c7..3687ee9704 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -24,7 +24,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - id: set-test-matrix run: | readarray -d '' test_dirs < <(find ./test/e2e/tests -mindepth 1 -type d -print0) @@ -51,7 +51,7 @@ jobs: with: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Fetch Build Artifacts uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: diff --git a/.github/workflows/patch-docs.yaml b/.github/workflows/patch-docs.yaml index 0550c74458..7948995845 100644 --- a/.github/workflows/patch-docs.yaml +++ b/.github/workflows/patch-docs.yaml @@ -29,7 +29,7 @@ jobs: echo "PATCH_VERSION=${PATCH_VERSION}" >> ${GITHUB_ENV} echo "TAG=${TAG}" >> ${GITHUB_ENV} - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 with: fetch-depth: 0 diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 143878fd6d..6614a0f398 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -62,7 +62,7 @@ jobs: echo "TARGET_BRANCH=main" >> ${GITHUB_ENV} fi - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 with: fetch-depth: 0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a088e9c435..70e1111a6a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,7 +25,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup buildx instance uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 diff --git a/.github/workflows/scan-images.yaml b/.github/workflows/scan-images.yaml index 3e8bbc974a..157be81b71 100644 --- a/.github/workflows/scan-images.yaml +++ b/.github/workflows/scan-images.yaml @@ -43,7 +43,7 @@ jobs: - name: Check out code if: github.event_name == 'schedule' || github.event.inputs.version == '' - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Build image if: github.event_name == 'schedule' || github.event.inputs.version == '' @@ -51,7 +51,7 @@ jobs: make ${{ matrix.data.build_cmd }} VERSION=${{ env.TAG }} ${{ matrix.data.repo_environment_var }}=${{ env.REGISTRY }}/${{ matrix.data.image }} - name: Scan for vulnerabilities - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: image-ref: ${{ env.REGISTRY }}/${{ matrix.data.image }}:${{ env.TAG }} vuln-type: 'os,library' @@ -90,6 +90,6 @@ jobs: merge-multiple: true - name: Upload results to GitHub Security - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.14.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.14.4 with: sarif_file: ${{ matrix.image }}-results.sarif diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 80b69aa31d..b99aad84ed 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,12 +30,12 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v3.1.0 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -66,6 +66,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.2.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v2.2.4 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1f07c77963..4a1f41fbd7 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -48,33 +48,33 @@ jobs: uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 with: egress-policy: audit - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: "1.21" check-latest: true - name: lint manager - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: version: latest args: --timeout=10m - name: lint remover - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: version: latest working-directory: pkg/remover skip-pkg-cache: true args: --timeout=10m - name: lint collector - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: version: latest working-directory: pkg/collector skip-pkg-cache: true args: --timeout=10m - name: lint trivvy scanner - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: version: latest working-directory: pkg/scanners/trivy @@ -104,11 +104,11 @@ jobs: ~/go/pkg/mod ~/.cache/go-build - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Unit test run: make test - name: Codecov upload - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be + uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 with: flags: unittests file: ./cover.out @@ -124,7 +124,7 @@ jobs: with: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -150,7 +150,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get repo run: |