diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3a905c3cc3..4cec2ce327 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 86da904a81..f3c59212d5 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,7 +16,7 @@ jobs: if: github.repository == 'hashicorp/terraform-cdk' runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Cache Docker layers @@ -27,7 +27,7 @@ jobs: restore-keys: | ${{ runner.os }}-buildx- - name: Login to DockerHub - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index 9da202bdd6..998ba79d52 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -24,7 +24,7 @@ jobs: examples: ${{ steps.set-examples.outputs.examples }} steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - id: set-examples run: | tfDefault=$(cat .terraform.versions.json | jq -r '.default') @@ -45,7 +45,7 @@ jobs: CHECKPOINT_DISABLE: "1" timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 8851eb6e6a..eb635a0aeb 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -28,7 +28,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -103,7 +103,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: ensure correct user run: chown -R root /__w/terraform-cdk # Setup caches for yarn, terraform, and go @@ -176,7 +176,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 # Setup caches for yarn, terraform, and go - name: Get cache directory paths id: global-cache-dir-path @@ -219,7 +219,7 @@ jobs: - name: Install pipenv run: pip install pipenv - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.18.x cache: false # This is disabled because we don't have a go.sum file and setup-go expects it to use caching. Thus, caching is always broken anyways diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 3bd54c74fb..6cc8db2bed 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -18,7 +18,7 @@ jobs: prettier: runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: installing dependencies run: | yarn install --frozen-lockfile @@ -29,7 +29,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: installing dependencies run: | yarn install --frozen-lockfile diff --git a/.github/workflows/pr-copyright.yml b/.github/workflows/pr-copyright.yml index 1226bbaeab..933ef9108b 100644 --- a/.github/workflows/pr-copyright.yml +++ b/.github/workflows/pr-copyright.yml @@ -18,7 +18,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} diff --git a/.github/workflows/pr-depcheck.yml b/.github/workflows/pr-depcheck.yml index cd6d39c3a7..005db56c40 100644 --- a/.github/workflows/pr-depcheck.yml +++ b/.github/workflows/pr-depcheck.yml @@ -28,7 +28,7 @@ jobs: ] steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Run Depcheck" run: | npx lerna exec --scope '${{ matrix.package }}' -- npx -y depcheck --ignores="@types/*,jsii,jsii-pacmak,jsii-docgen,yoga-layout-prebuilt,eslint,jest,tsc-files,typescript,esbuild,esbuild-jest,graphology-types" diff --git a/.github/workflows/provider-integration.yml b/.github/workflows/provider-integration.yml index dc022149fc..933374c61c 100644 --- a/.github/workflows/provider-integration.yml +++ b/.github/workflows/provider-integration.yml @@ -33,7 +33,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -96,7 +96,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Download dist uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: @@ -147,7 +147,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: HashiCorp - Setup Terraform uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 with: @@ -156,7 +156,7 @@ jobs: - name: Install pipenv run: pip install pipenv - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: 1.16.x - name: Download dist diff --git a/.github/workflows/registry-docs-pr-based.yml b/.github/workflows/registry-docs-pr-based.yml index 2327670da5..a6252f3745 100644 --- a/.github/workflows/registry-docs-pr-based.yml +++ b/.github/workflows/registry-docs-pr-based.yml @@ -69,7 +69,7 @@ jobs: cdktfDocsCleanupBranches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -87,7 +87,7 @@ jobs: needs: - cdktfDocsCleanupBranches steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -109,7 +109,7 @@ jobs: CHECKPOINT_DISABLE: "1" timeout-minutes: 120 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -149,7 +149,7 @@ jobs: CHECKPOINT_DISABLE: "1" timeout-minutes: 120 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -199,7 +199,7 @@ jobs: - cdktfDocsConvert runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: ${{ inputs.repository }} fetch-depth: 0 # complete checkout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6059454dae..d8fe2f3c93 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: env: CHECKPOINT_DISABLE: "1" steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # gives sentry access to all previous commits - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this @@ -155,7 +155,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: installing dependencies run: | yarn install --frozen-lockfile @@ -320,7 +320,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: version id: get_version run: | diff --git a/.github/workflows/release_next.yml b/.github/workflows/release_next.yml index f3e6f0b663..ab2e79cb2e 100644 --- a/.github/workflows/release_next.yml +++ b/.github/workflows/release_next.yml @@ -24,7 +24,7 @@ jobs: env: CHECKPOINT_DISABLE: "1" steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # gives standard-version access to all previous commits - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this @@ -286,7 +286,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: version id: get_version run: | diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 2e7231b0fa..887fb4790a 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -27,7 +27,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user diff --git a/.github/workflows/website-release.yml b/.github/workflows/website-release.yml index f3a6b86030..6b0bee9804 100644 --- a/.github/workflows/website-release.yml +++ b/.github/workflows/website-release.yml @@ -12,7 +12,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_WEBSITE_RELEASE }} steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: hashicorp/terraform-website token: ${{ secrets.GH_TOKEN_WEBSITE_RELEASE }} diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index cd80faf076..a962280b58 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -24,7 +24,7 @@ jobs: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - name: Check Out - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get yarn cache directory path id: global-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check Out - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Download patch uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 @@ -132,7 +132,7 @@ jobs: ] steps: - name: Check Out - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get yarn cache directory path id: global-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT @@ -198,7 +198,7 @@ jobs: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - name: Check Out - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Get yarn cache directory path id: global-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT