Skip to content

Commit 071692f

Browse files
hashicorp-tsccr[bot]hashicorp-tsccr[bot]
authored
chore(deps): pin trusted workflows based on HashiCorp TSCCR
1 parent 612c352 commit 071692f

10 files changed

+62
-62
lines changed

.github/workflows/build.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -34,14 +34,14 @@ jobs:
3434
echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT
3535
mkdir -p /usr/local/share/.cache/go
3636
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
37-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
37+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
3838
with:
3939
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
4040
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-build
4141
restore-keys: |
4242
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
4343
yarn-${{ runner.os }}-
44-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
44+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
4545
with:
4646
path: ${{ steps.global-cache-dir-path.outputs.go }}
4747
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-build

.github/workflows/docker.yml

+4-4
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,16 @@ jobs:
1818
steps:
1919
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2020
- name: Set up Docker Buildx
21-
uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0
21+
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
2222
- name: Cache Docker layers
23-
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
23+
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
2424
with:
2525
path: /tmp/.buildx-cache
2626
key: ${{ runner.os }}-buildx-${{ hashFiles('/Dockerfile', '.terraform.versions.json') }}
2727
restore-keys: |
2828
${{ runner.os }}-buildx-
2929
- name: Login to DockerHub
30-
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
30+
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
3131
with:
3232
username: ${{ secrets.DOCKERHUB_USERNAME }}
3333
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -46,7 +46,7 @@ jobs:
4646
GIT_SHA=$(git rev-parse HEAD)
4747
echo "git-sha=$GIT_SHA" >> $GITHUB_OUTPUT
4848
- name: Build and push
49-
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
49+
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
5050
with:
5151
pull: true
5252
push: true

.github/workflows/examples.yml

+3-3
Original file line numberDiff line numberDiff line change
@@ -59,20 +59,20 @@ jobs:
5959
echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT
6060
mkdir -p /usr/local/share/.cache/go
6161
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
62-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
62+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
6363
with:
6464
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
6565
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-examples
6666
restore-keys: |
6767
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
6868
yarn-${{ runner.os }}-
69-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
69+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
7070
with:
7171
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
7272
key: terraform-${{ runner.os }}-${{ matrix.terraform }}-examples
7373
restore-keys: |
7474
terraform-${{ runner.os }}-${{ matrix.terraform }}
75-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
75+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
7676
with:
7777
path: ${{ steps.global-cache-dir-path.outputs.go }}
7878
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-examples

.github/workflows/integration.yml

+15-15
Original file line numberDiff line numberDiff line change
@@ -40,14 +40,14 @@ jobs:
4040
echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT
4141
mkdir -p /usr/local/share/.cache/go
4242
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
43-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
43+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
4444
with:
4545
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
4646
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration
4747
restore-keys: |
4848
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
4949
yarn-${{ runner.os }}-
50-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
50+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
5151
with:
5252
path: ${{ steps.global-cache-dir-path.outputs.go }}
5353
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-integration
@@ -68,13 +68,13 @@ jobs:
6868
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
6969
GOCACHE: ${{ steps.global-cache-dir-path.outputs.go }}
7070
- name: Upload dist
71-
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
71+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
7272
if: ${{ !inputs.skip_setup }}
7373
with:
7474
name: dist
7575
path: dist
7676
- name: Upload edge-provider bindings
77-
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
77+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
7878
if: ${{ !inputs.skip_setup }}
7979
with:
8080
name: edge-provider-bindings
@@ -116,21 +116,21 @@ jobs:
116116
mkdir -p /usr/local/share/.cache/go
117117
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
118118
# only restore as an individual cache as per matrix explodes our cache usage
119-
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
119+
- uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
120120
with:
121121
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
122122
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration
123123
restore-keys: |
124124
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
125125
yarn-${{ runner.os }}-
126-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
126+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
127127
with:
128128
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
129129
# put matrix before integration to not restore caches from other sibling matrix jobs
130130
key: terraform-${{ runner.os }}-${{ matrix.terraform }}-matrix-integration-${{ matrix.target }}
131131
restore-keys: |
132132
terraform-${{ runner.os }}-${{ matrix.terraform }}-
133-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
133+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
134134
with:
135135
path: ${{ steps.global-cache-dir-path.outputs.go }}
136136
# put matrix before integration to not restore caches from other sibling matrix jobs
@@ -140,12 +140,12 @@ jobs:
140140
go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
141141
go-${{ runner.os }}-
142142
- name: Download dist
143-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
143+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
144144
with:
145145
name: dist
146146
path: dist
147147
- name: Download edge-provider bindings
148-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
148+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
149149
with:
150150
name: edge-provider-bindings
151151
path: test/edge-provider-bindings
@@ -188,21 +188,21 @@ jobs:
188188
mkdir -p /usr/local/share/.cache/go
189189
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
190190
# only restore as an individual cache as per matrix explodes our cache usage
191-
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
191+
- uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
192192
with:
193193
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
194194
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration
195195
restore-keys: |
196196
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
197197
yarn-${{ runner.os }}-
198-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
198+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
199199
with:
200200
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
201201
# put matrix before integration to not restore caches from other sibling matrix jobs
202202
key: terraform-${{ runner.os }}-${{ matrix.terraform }}-matrix-integration-${{ matrix.target }}
203203
restore-keys: |
204204
terraform-${{ runner.os }}-${{ matrix.terraform }}-
205-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
205+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
206206
with:
207207
path: ${{ steps.global-cache-dir-path.outputs.go }}
208208
# put matrix before integration to not restore caches from other sibling matrix jobs
@@ -219,17 +219,17 @@ jobs:
219219
- name: Install pipenv
220220
run: pip install pipenv
221221
- name: Install Go
222-
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
222+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
223223
with:
224224
go-version: 1.18.x
225225
cache: false # This is disabled because we don't have a go.sum file and setup-go expects it to use caching. Thus, caching is always broken anyways
226226
- name: Download dist
227-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
227+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
228228
with:
229229
name: dist
230230
path: dist
231231
- name: Download edge-provider bindings
232-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
232+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
233233
with:
234234
name: edge-provider-bindings
235235
path: test/edge-provider-bindings

.github/workflows/provider-integration.yml

+10-10
Original file line numberDiff line numberDiff line change
@@ -45,14 +45,14 @@ jobs:
4545
echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT
4646
mkdir -p /usr/local/share/.cache/go
4747
echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT
48-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
48+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
4949
with:
5050
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
5151
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration
5252
restore-keys: |
5353
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
5454
yarn-${{ runner.os }}-
55-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
55+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
5656
with:
5757
path: ${{ steps.global-cache-dir-path.outputs.go }}
5858
key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-provider-integration
@@ -73,7 +73,7 @@ jobs:
7373
cd test && yarn
7474
- name: Upload dist
7575
if: ${{ !inputs.skip_setup }}
76-
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
76+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
7777
with:
7878
name: dist
7979
path: dist
@@ -98,7 +98,7 @@ jobs:
9898
steps:
9999
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
100100
- name: Download dist
101-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
101+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
102102
with:
103103
name: dist
104104
path: dist
@@ -111,14 +111,14 @@ jobs:
111111
mkdir -p /usr/local/share/.cache/terraform
112112
echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT
113113
# Only restoring yarn caches as the dependencies are not indiviual to each matrix job
114-
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
114+
- uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
115115
with:
116116
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
117117
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration
118118
restore-keys: |
119119
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
120120
yarn-${{ runner.os }}-
121-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
121+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
122122
with:
123123
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
124124
# put matrix before provider-integration to not restore caches from other sibling matrix jobs
@@ -156,11 +156,11 @@ jobs:
156156
- name: Install pipenv
157157
run: pip install pipenv
158158
- name: Install Go
159-
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
159+
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
160160
with:
161161
go-version: 1.16.x
162162
- name: Download dist
163-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
163+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
164164
with:
165165
name: dist
166166
path: dist
@@ -172,14 +172,14 @@ jobs:
172172
mkdir -p /usr/local/share/.cache/terraform
173173
echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT
174174
# Only restoring yarn caches to save available cache storage size
175-
- uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
175+
- uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
176176
with:
177177
path: ${{ steps.global-cache-dir-path.outputs.yarn }}
178178
key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration
179179
restore-keys: |
180180
yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-
181181
yarn-${{ runner.os }}-
182-
- uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
182+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
183183
with:
184184
path: ${{ steps.global-cache-dir-path.outputs.terraform }}
185185
# put matrix before provider-integration to not restore caches from other sibling matrix jobs

.github/workflows/registry-docs-pr-based.yml

+2-2
Original file line numberDiff line numberDiff line change
@@ -117,7 +117,7 @@ jobs:
117117
token: ${{ secrets.GH_PR_TOKEN }}
118118

119119
- name: Setup Node.js
120-
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
120+
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
121121
with:
122122
node-version: "20.x"
123123

@@ -162,7 +162,7 @@ jobs:
162162
git config --global --add safe.directory $(pwd)
163163
164164
- name: Setup Node.js
165-
uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
165+
uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
166166
with:
167167
node-version: "20.x"
168168

.github/workflows/release.yml

+8-8
Original file line numberDiff line numberDiff line change
@@ -68,12 +68,12 @@ jobs:
6868
env:
6969
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }}
7070
- name: Upload artifact
71-
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
71+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
7272
with:
7373
name: dist
7474
path: dist
7575
- name: Upload edge-provider bindings
76-
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
76+
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
7777
if: ${{ !inputs.skip_setup }}
7878
with:
7979
name: edge-provider-bindings
@@ -160,7 +160,7 @@ jobs:
160160
run: |
161161
yarn install --frozen-lockfile
162162
- name: Download build artifacts
163-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
163+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
164164
with:
165165
name: dist
166166
- name: Release to github
@@ -181,7 +181,7 @@ jobs:
181181
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform
182182
steps:
183183
- name: Download build artifacts
184-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
184+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
185185
with:
186186
name: dist
187187
path: dist
@@ -205,7 +205,7 @@ jobs:
205205
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform
206206
steps:
207207
- name: Download build artifacts
208-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
208+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
209209
with:
210210
name: dist
211211
path: dist
@@ -241,7 +241,7 @@ jobs:
241241
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform
242242
steps:
243243
- name: Download build artifacts
244-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
244+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
245245
with:
246246
name: dist
247247
path: dist
@@ -271,7 +271,7 @@ jobs:
271271
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform
272272
steps:
273273
- name: Download dist
274-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
274+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
275275
with:
276276
name: dist
277277
path: dist
@@ -295,7 +295,7 @@ jobs:
295295
image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform
296296
steps:
297297
- name: Download dist
298-
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
298+
uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
299299
with:
300300
name: dist
301301
path: dist

0 commit comments

Comments
 (0)