diff --git a/.github/actions/gke-login/action.yaml b/.github/actions/gke-login/action.yaml index 2d362d1d86..61089838ca 100644 --- a/.github/actions/gke-login/action.yaml +++ b/.github/actions/gke-login/action.yaml @@ -33,7 +33,7 @@ runs: with: credentials_json: '${{ inputs.credentials-json }}' - name: Get GKE credentials - uses: google-github-actions/get-gke-credentials@9025e8f90f2d8e0c3dafc3128cc705a26d992a6a # v2 + uses: google-github-actions/get-gke-credentials@64bc7249bbcf78056bb92f14d3cedc2da193946c # v2 with: cluster_name: ${{ inputs.cluster-name }} location: ${{ inputs.cluster-location }} diff --git a/.github/workflows/add-new-issue.yaml b/.github/workflows/add-new-issue.yaml index c71fd681ee..4bdd0d3641 100644 --- a/.github/workflows/add-new-issue.yaml +++ b/.github/workflows/add-new-issue.yaml @@ -31,7 +31,7 @@ jobs: github-token: '${{ steps.generate-github-token.outputs.token }}' - name: Update Created At field - uses: github/update-project-action@21f8a8478d7c5253e166ee62517d3a942b170fa4 # main + uses: github/update-project-action@855b6a7c34beb8568df7291e7c0e84650d66c934 # main id: update-created-at with: github_token: ${{ steps.generate-github-token.outputs.token }} diff --git a/.github/workflows/closed-issue.yaml b/.github/workflows/closed-issue.yaml index 34a5eb7aad..93b0593d24 100644 --- a/.github/workflows/closed-issue.yaml +++ b/.github/workflows/closed-issue.yaml @@ -18,13 +18,13 @@ jobs: - name: Generate GitHub token id: generate-github-token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a + uses: tibdex/github-app-token@a3da042061e3b5d09ad01f41d2328f429d8d1c62 with: app_id: ${{ secrets.GH_APP_ID_DISTRO_CI }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY_DISTRO_CI }} - name: Update Closed At field - uses: github/update-project-action@21f8a8478d7c5253e166ee62517d3a942b170fa4 # main + uses: github/update-project-action@855b6a7c34beb8568df7291e7c0e84650d66c934 # main id: update-closed-at with: github_token: ${{ steps.generate-github-token.outputs.token }} diff --git a/.github/workflows/sec-codeql.yaml b/.github/workflows/sec-codeql.yaml index 2a3eb9f532..e11ecd55ec 100644 --- a/.github/workflows/sec-codeql.yaml +++ b/.github/workflows/sec-codeql.yaml @@ -48,7 +48,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@5b49155c7f37b5ec074ffd26b428e6b64b1bf412 + uses: github/codeql-action/init@0df935330d52a7035f99c4a23e7f1990ce7d3e5f with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -62,7 +62,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@5b49155c7f37b5ec074ffd26b428e6b64b1bf412 + uses: github/codeql-action/autobuild@0df935330d52a7035f99c4a23e7f1990ce7d3e5f # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -75,6 +75,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5b49155c7f37b5ec074ffd26b428e6b64b1bf412 + uses: github/codeql-action/analyze@0df935330d52a7035f99c4a23e7f1990ce7d3e5f with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/sec-scorecard.yaml b/.github/workflows/sec-scorecard.yaml index f329b60fb8..3406e73ded 100644 --- a/.github/workflows/sec-scorecard.yaml +++ b/.github/workflows/sec-scorecard.yaml @@ -63,6 +63,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 + uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0 with: sarif_file: results.sarif