diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 93d9f59..8739576 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -13,7 +13,7 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: submodules: true # Fetch Hugo themes (true OR recursive) fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -28,6 +28,6 @@ jobs: run: cd docs && npm install && hugo --minify - name: Deploy 🚀 - uses: JamesIves/github-pages-deploy-action@5c6e9e9f3672ce8fd37b9856193d2a537941e66c # v4.6.1 + uses: JamesIves/github-pages-deploy-action@94f3c658273cf92fb48ef99e5fbc02bd2dc642b2 # v4.6.3 with: folder: ./docs/public # The folder the action should deploy. diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 33fcb7e..2b8c1f4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,9 +18,9 @@ jobs: steps: - name: Check out code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: '1.22' check-latest: true @@ -53,7 +53,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set tag output id: tag @@ -66,7 +66,7 @@ jobs: tejolote attest --artifacts github://kubernetes-sigs/bom/${{ steps.tag.outputs.tag_name }} github://kubernetes-sigs/bom/"${GITHUB_RUN_ID}" --output bom.intoto.json --sign - name: Release - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v0.1.15 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v0.1.15 with: files: bom.intoto.json tag_name: "${{ steps.tag.outputs.tag_name }}" diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml index 4ca884e..a2a86e8 100644 --- a/.github/workflows/snapshot.yml +++ b/.github/workflows/snapshot.yml @@ -12,9 +12,9 @@ jobs: steps: - name: Check out code onto GOPATH - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: '1.22' check-latest: true diff --git a/.github/workflows/verify-spdx.yaml b/.github/workflows/verify-spdx.yaml index ddc8ea7..232c3cf 100644 --- a/.github/workflows/verify-spdx.yaml +++ b/.github/workflows/verify-spdx.yaml @@ -9,12 +9,12 @@ jobs: name: Check SPDX SBOMs runs-on: ubuntu-latest steps: - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v3.3.0 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v3.3.0 with: go-version: '1.22' check-latest: true - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - run: | go run ./cmd/bom/main.go generate -i registry.k8s.io/pause > example-image-pause.spdx go run ./cmd/bom/main.go generate --format=json -i registry.k8s.io/pause > example-image-pause.spdx.json @@ -35,7 +35,7 @@ jobs: spdx-tools-version: 1.1.0 sbom-path: example-image-pause.spdx.json - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if: ${{ always() }} with: name: Example SBOMs