From 592443ce0aa56195a820508dbcd6f376f71059b6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 23 Oct 2022 23:28:14 +0000 Subject: [PATCH] chore(deps): update github-actions --- .github/actions/generate-builder/action.yml | 2 +- .../actions/secure-builder-checkout/action.yaml | 2 +- .../actions/secure-download-artifact/action.yml | 2 +- .../secure-project-checkout-go/action.yml | 2 +- .../secure-project-checkout-node/action.yml | 2 +- .../actions/secure-project-checkout/action.yaml | 2 +- .../actions/secure-upload-artifact/action.yml | 2 +- .github/workflows/builder_go_slsa3.yml | 4 ++-- .github/workflows/builder_node_slsa3.yml | 4 ++-- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/generator_container_slsa3.yml | 2 +- .github/workflows/generator_generic_slsa3.yml | 10 +++++----- .github/workflows/pre-submit.actions.yml | 16 ++++++++-------- .github/workflows/pre-submit.base-images.yml | 4 ++-- .../workflows/pre-submit.e2e.generic.default.yml | 4 ++-- ...pre-submit.e2e.go.config-ldflags-main-dir.yml | 6 +++--- .github/workflows/pre-submit.lint.yml | 10 +++++----- .github/workflows/pre-submit.units.yml | 8 ++++---- .github/workflows/release.yml | 2 +- .github/workflows/scorecards.yml | 6 +++--- 20 files changed, 49 insertions(+), 49 deletions(-) diff --git a/.github/actions/generate-builder/action.yml b/.github/actions/generate-builder/action.yml index bb3a28a581..8a1a1cfdcf 100644 --- a/.github/actions/generate-builder/action.yml +++ b/.github/actions/generate-builder/action.yml @@ -41,7 +41,7 @@ runs: path: __BUILDER_CHECKOUT_DIR__ - name: Set up Go environment - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1 with: go-version: ${{ inputs.go-version }} diff --git a/.github/actions/secure-builder-checkout/action.yaml b/.github/actions/secure-builder-checkout/action.yaml index 6f47de815e..ca10e687f1 100644 --- a/.github/actions/secure-builder-checkout/action.yaml +++ b/.github/actions/secure-builder-checkout/action.yaml @@ -23,7 +23,7 @@ runs: # and has an associated release. This will require exceptions # for e2e tests. - name: Checkout the repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} diff --git a/.github/actions/secure-download-artifact/action.yml b/.github/actions/secure-download-artifact/action.yml index 7f75731e21..b4506da9a3 100644 --- a/.github/actions/secure-download-artifact/action.yml +++ b/.github/actions/secure-download-artifact/action.yml @@ -44,7 +44,7 @@ runs: fi - name: Download the artifact - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0 + uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1 with: name: "${{ inputs.name }}" diff --git a/.github/actions/secure-project-checkout-go/action.yml b/.github/actions/secure-project-checkout-go/action.yml index 7ade508f33..ab12ee0ab7 100644 --- a/.github/actions/secure-project-checkout-go/action.yml +++ b/.github/actions/secure-project-checkout-go/action.yml @@ -27,6 +27,6 @@ runs: path: ${{ inputs.path }} - name: Set up Go environment - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1 with: go-version: ${{ inputs.go-version }} diff --git a/.github/actions/secure-project-checkout-node/action.yml b/.github/actions/secure-project-checkout-node/action.yml index c7cfcb468c..4875bdeede 100644 --- a/.github/actions/secure-project-checkout-node/action.yml +++ b/.github/actions/secure-project-checkout-node/action.yml @@ -27,6 +27,6 @@ runs: path: ${{ inputs.path }} - name: Set up Node environment - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1 with: node-version: ${{ inputs.node-version }} diff --git a/.github/actions/secure-project-checkout/action.yaml b/.github/actions/secure-project-checkout/action.yaml index 4d881150d6..6736851199 100644 --- a/.github/actions/secure-project-checkout/action.yaml +++ b/.github/actions/secure-project-checkout/action.yaml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Checkout the repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 with: fetch-depth: 1 # Different from default actions/checkout which defaults to `true`. diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml index 899c598a6f..73e90e85e0 100644 --- a/.github/actions/secure-upload-artifact/action.yml +++ b/.github/actions/secure-upload-artifact/action.yml @@ -26,7 +26,7 @@ runs: path: "${{ inputs.path }}" - name: Upload the artifact - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: "${{ inputs.name }}" path: "${{ inputs.path }}" diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 13a482645e..1eefab19f9 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -123,7 +123,7 @@ jobs: directory: "${{ env.BUILDER_DIR }}" - name: Upload builder - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}" path: "${{ env.BUILDER_BINARY }}" @@ -310,7 +310,7 @@ jobs: --workingDir "$UNTRUSTED_WORKING_DIR" - name: Upload the signed provenance - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: "${{ steps.sign-prov.outputs.signed-provenance-name }}" path: "${{ steps.sign-prov.outputs.signed-provenance-name }}" diff --git a/.github/workflows/builder_node_slsa3.yml b/.github/workflows/builder_node_slsa3.yml index 1b53d0856e..efcfd38ca3 100644 --- a/.github/workflows/builder_node_slsa3.yml +++ b/.github/workflows/builder_node_slsa3.yml @@ -183,7 +183,7 @@ jobs: directory: "${{ env.BUILDER_DIR }}" - name: Upload builder - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: "${{ env.BUILDER_BINARY }}-${{ needs.rng.outputs.value }}" path: "${{ env.BUILDER_BINARY }}" @@ -342,7 +342,7 @@ jobs: --directory "$UNTRUSTED_DIR" - name: Upload the signed provenance - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: "${{ steps.sign-prov.outputs.signed-provenance-name }}" path: "${{ steps.sign-prov.outputs.signed-provenance-name }}" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index b1027956ac..8ca7d981af 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,11 +48,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b398f525a5587552e573b247ac661067fafa920b # tag=v2.1.22 + uses: github/codeql-action/init@cc7986c02bac29104a72998e67239bb5ee2ee110 # tag=v2.1.28 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b398f525a5587552e573b247ac661067fafa920b # tag=v2.1.22 + uses: github/codeql-action/autobuild@cc7986c02bac29104a72998e67239bb5ee2ee110 # tag=v2.1.28 # Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -78,7 +78,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b398f525a5587552e573b247ac661067fafa920b # tag=v2.1.22 + uses: github/codeql-action/analyze@cc7986c02bac29104a72998e67239bb5ee2ee110 # tag=v2.1.28 # NOTE: Checks that the matrix job above completes successfully. # This is necessary because the matrix strategy generates new jobs with diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml index 68a97f665f..ebaa4d5571 100644 --- a/.github/workflows/generator_container_slsa3.yml +++ b/.github/workflows/generator_container_slsa3.yml @@ -101,7 +101,7 @@ jobs: # NOTE: We are using the generic generator. directory: "${{ env.BUILDER_DIR }}" - - uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 # tag=v2.6.0 + - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1 - name: Login env: UNTRUSTED_IMAGE: "${{ inputs.image }}" diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml index 205653b1e1..a7d986ce92 100644 --- a/.github/workflows/generator_generic_slsa3.yml +++ b/.github/workflows/generator_generic_slsa3.yml @@ -68,7 +68,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check private repos - uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@a3c7a56c8749c2c423f01bbcfd063315efc07a22 + uses: slsa-framework/slsa-github-generator/.github/actions/privacy-check@d95a7201f8ba76272c9fd355560dfd8d1b8fbb44 with: error_message: "Repository is private. The workflow has halted in order to keep the repository name from being exposed in the public transparency log. Set 'private-repository' to override." override: ${{ inputs.private-repository }} @@ -85,7 +85,7 @@ jobs: steps: - name: Detect the generator ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@efb47d340c150ce456bf8bd554a131ac53b10ccd + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@d95a7201f8ba76272c9fd355560dfd8d1b8fbb44 # generator builds the generator binary and runs it to generate SLSA # provenance. @@ -108,7 +108,7 @@ jobs: actions: read # Needed to read workflow info. steps: - name: Generate builder - uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@923a5a249d2ea820614a80486c9ef0857ced5321 + uses: slsa-framework/slsa-github-generator/.github/actions/generate-builder@d95a7201f8ba76272c9fd355560dfd8d1b8fbb44 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" @@ -150,7 +150,7 @@ jobs: ./"$BUILDER_BINARY" attest --subjects "${UNTRUSTED_SUBJECTS}" -g "$untrusted_provenance_name" - name: Upload the signed provenance - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: "${{ steps.sign-prov.outputs.provenance-name }}" path: "${{ steps.sign-prov.outputs.provenance-name }}" @@ -169,7 +169,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/') && inputs.upload-assets == true steps: - name: Checkout builder repository - uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@923a5a249d2ea820614a80486c9ef0857ced5321 + uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@d95a7201f8ba76272c9fd355560dfd8d1b8fbb44 with: repository: "${{ needs.detect-env.outputs.repository }}" ref: "${{ needs.detect-env.outputs.ref }}" diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml index 37e383a61a..cc8f7cd975 100644 --- a/.github/workflows/pre-submit.actions.yml +++ b/.github/workflows/pre-submit.actions.yml @@ -12,7 +12,7 @@ jobs: name: verify no checkout in Actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - run: ./.github/workflows/scripts/pre-submit.actions/checkout.sh check-dist-matrix: @@ -21,10 +21,10 @@ jobs: matrix: action: [compute-sha256, privacy-check] steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: Set Node.js 16 - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 # tag=v3.4.1 + uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1 with: node-version: 16 @@ -44,7 +44,7 @@ jobs: fi # If index.js was different from expected, upload the expected version as an artifact - - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 + - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb if: ${{ failure() && steps.diff.conclusion == 'failure' }} with: name: dist @@ -66,7 +66,7 @@ jobs: compute-sha256: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - run: | echo "foo" > artifact - id: compute-sha256 @@ -81,7 +81,7 @@ jobs: rng: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - run: | echo "foo" > artifact - id: rng @@ -95,7 +95,7 @@ jobs: secure-project-checkout-go: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -108,7 +108,7 @@ jobs: secure-project-checkout-node: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 with: path: __BUILDER_CHECKOUT_DIR__ diff --git a/.github/workflows/pre-submit.base-images.yml b/.github/workflows/pre-submit.base-images.yml index 23bc4fa98c..dad9c0891c 100644 --- a/.github/workflows/pre-submit.base-images.yml +++ b/.github/workflows/pre-submit.base-images.yml @@ -13,8 +13,8 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: install cosign - uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 # tag=v2.6.0 + uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # tag=v2.8.1 - name: verify images run: ./.github/workflows/scripts/verify-base-images.sh diff --git a/.github/workflows/pre-submit.e2e.generic.default.yml b/.github/workflows/pre-submit.e2e.generic.default.yml index 82e28d87a8..612e0abd44 100644 --- a/.github/workflows/pre-submit.e2e.generic.default.yml +++ b/.github/workflows/pre-submit.e2e.generic.default.yml @@ -31,8 +31,8 @@ jobs: needs: [build] if: ${{ always() }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 - - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1 with: name: ${{ needs.build.outputs.provenance-name }} - env: diff --git a/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml b/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml index 1f7b5d961c..39ac443791 100644 --- a/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml +++ b/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml @@ -48,11 +48,11 @@ jobs: needs: [build] if: ${{ always() }} steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 - - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1 with: name: ${{ needs.build.outputs.go-binary-name }} - - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0 + - uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1 with: name: ${{ needs.build.outputs.go-binary-name }}.intoto.jsonl - env: diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index cd211739cb..198f7da91e 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -10,8 +10,8 @@ jobs: golangci-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 - - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1 with: go-version: "1.18" - env: @@ -34,7 +34,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - env: SHELLCHECK_VERSION: "0.8.0" run: | @@ -51,7 +51,7 @@ jobs: yamllint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - env: YAMLLINT_VERSION: "1.26.3" run: | @@ -66,7 +66,7 @@ jobs: eslint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - uses: actions/setup-node@v3 with: node-version: 16 diff --git a/.github/workflows/pre-submit.units.yml b/.github/workflows/pre-submit.units.yml index a0e7c9f136..2012840be7 100644 --- a/.github/workflows/pre-submit.units.yml +++ b/.github/workflows/pre-submit.units.yml @@ -20,9 +20,9 @@ jobs: if: ${{ always() }} steps: - name: Checkout - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: setup-go - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1 with: go-version: "1.18" @@ -37,12 +37,12 @@ jobs: if: ${{ always() }} steps: - name: Checkout - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # tag=v2.4.2 + uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # tag=v2.5.0 with: path: generator - name: Checkout - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e # tag=v2.4.2 + uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # tag=v2.5.0 with: path: verifier repository: slsa-framework/slsa-verifier diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6018966f0..7aed19f2d7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: name: pre release refs verification runs-on: ubuntu-latest steps: - - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: manual release ref env: RELEASE_TAG: "${{ inputs.release-tag }}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a6f350f33a..56bbd43fc1 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 with: persist-credentials: false @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b398f525a5587552e573b247ac661067fafa920b # tag=v2.1.22 + uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 # tag=v2.1.28 with: sarif_file: results.sarif