diff --git a/.github/workflows/auto-merge-on-approval.yml b/.github/workflows/auto-merge-on-approval.yml index 5740ae1..28336ce 100644 --- a/.github/workflows/auto-merge-on-approval.yml +++ b/.github/workflows/auto-merge-on-approval.yml @@ -67,7 +67,7 @@ jobs: # Check out code to access env file # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/.env.shared diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0f1dc0f..015798c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # We must fetch at least the immediate parents so that if this is # a pull request, then we can check out the head. @@ -55,7 +55,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -66,7 +66,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3 + uses: github/codeql-action/autobuild@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -80,4 +80,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 16ac958..517aa06 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -65,7 +65,7 @@ jobs: # Check out code to access env file # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/.env.shared diff --git a/.github/workflows/fortress-benchmarks.yml b/.github/workflows/fortress-benchmarks.yml index 0608f66..8e49a75 100644 --- a/.github/workflows/fortress-benchmarks.yml +++ b/.github/workflows/fortress-benchmarks.yml @@ -70,7 +70,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 🔧 Set Go cache paths (cross-platform) run: | @@ -83,7 +83,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go module cache id: restore-gomod - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ matrix.os }}-gomod-${{ hashFiles('**/go.sum') }} @@ -95,7 +95,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go build cache id: restore-gobuild - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.cache/go-build diff --git a/.github/workflows/fortress-code-quality.yml b/.github/workflows/fortress-code-quality.yml index 5ca8b26..5fb3389 100644 --- a/.github/workflows/fortress-code-quality.yml +++ b/.github/workflows/fortress-code-quality.yml @@ -77,7 +77,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 🔧 Set Go cache paths (cross-platform) run: | @@ -91,7 +91,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go module cache id: restore-gomod - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ inputs.primary-runner }}-gomod-${{ hashFiles('**/go.sum') }} @@ -103,7 +103,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go build cache id: restore-gobuild - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.cache/go-build @@ -173,7 +173,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 🔧 Set Go cache paths (cross-platform) run: | @@ -201,7 +201,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go module cache id: restore-gomod - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ inputs.primary-runner }}-gomod-${{ hashFiles('**/go.sum') }} @@ -213,7 +213,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go build cache id: restore-gobuild - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.cache/go-build @@ -237,7 +237,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Cache golangci-lint analysis id: cache-golangci-lint - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ${{ env.GOLANGCI_LINT_CACHE }} key: ${{ inputs.primary-runner }}-golangci-lint-analysis-${{ hashFiles('.golangci.json', '**/go.sum') }}-${{ steps.golangci-lint-version.outputs.version }} @@ -314,7 +314,7 @@ jobs: # Checkout code with full history for proper ignore file handling # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 # Full history for prettier ignores files diff --git a/.github/workflows/fortress-performance-summary.yml b/.github/workflows/fortress-performance-summary.yml index 4c2caeb..a7e0d8e 100644 --- a/.github/workflows/fortress-performance-summary.yml +++ b/.github/workflows/fortress-performance-summary.yml @@ -97,7 +97,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 📥 Download performance artifacts if: always() - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: pattern: "*-stats-*" merge-multiple: true diff --git a/.github/workflows/fortress-release.yml b/.github/workflows/fortress-release.yml index 813e603..45b7c28 100644 --- a/.github/workflows/fortress-release.yml +++ b/.github/workflows/fortress-release.yml @@ -60,7 +60,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 # Required for changelog generation token: ${{ secrets.github-token }} @@ -117,7 +117,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go module cache id: restore-gomod - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ inputs.primary-runner }}-gomod-${{ hashFiles('**/go.sum') }} @@ -128,7 +128,7 @@ jobs: # Restore build cache from a warm-cache job # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go build cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.cache/go-build @@ -142,7 +142,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Cache golangci-lint analysis id: cache-golangci-lint - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ${{ env.GOLANGCI_LINT_CACHE }} key: ${{ inputs.primary-runner }}-golangci-lint-analysis-${{ hashFiles('.golangci.json', '**/go.sum') }}-${{ inputs.golangci-lint-version }} diff --git a/.github/workflows/fortress-security-scans.yml b/.github/workflows/fortress-security-scans.yml index e15391b..ae9811e 100644 --- a/.github/workflows/fortress-security-scans.yml +++ b/.github/workflows/fortress-security-scans.yml @@ -76,7 +76,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 🔧 Set Go cache paths (cross-platform) run: | @@ -158,7 +158,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 🔧 Set Go cache paths (cross-platform) run: | @@ -180,7 +180,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore govulncheck binary cache id: govuln-cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.cache/govulncheck-bin @@ -296,7 +296,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 # Fetch all history so Gitleaks can scan commits diff --git a/.github/workflows/fortress-setup-config.yml b/.github/workflows/fortress-setup-config.yml index 360a395..8827389 100644 --- a/.github/workflows/fortress-setup-config.yml +++ b/.github/workflows/fortress-setup-config.yml @@ -166,7 +166,7 @@ jobs: # Checkout code (sparse checkout) # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | Makefile diff --git a/.github/workflows/fortress-test-makefile.yml b/.github/workflows/fortress-test-makefile.yml index 23b57a5..ef0e28e 100644 --- a/.github/workflows/fortress-test-makefile.yml +++ b/.github/workflows/fortress-test-makefile.yml @@ -49,7 +49,7 @@ jobs: # Checkout code (sparse checkout) # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 # Required for sparse checkout sparse-checkout: | diff --git a/.github/workflows/fortress-test-suite.yml b/.github/workflows/fortress-test-suite.yml index 121cb7f..c9e8c76 100644 --- a/.github/workflows/fortress-test-suite.yml +++ b/.github/workflows/fortress-test-suite.yml @@ -85,7 +85,7 @@ jobs: # Checkout code and set up Go environment # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: 🔧 Set Go cache paths (cross-platform) run: | @@ -99,7 +99,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go module cache id: restore-gomod - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/go/pkg/mod key: ${{ matrix.os }}-gomod-${{ hashFiles('**/go.sum') }} @@ -111,7 +111,7 @@ jobs: # ———————————————————————————————————————————————————————————————— - name: 💾 Restore Go build cache id: restore-gobuild - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ~/.cache/go-build diff --git a/.github/workflows/fortress.yml b/.github/workflows/fortress.yml index 39bdde1..912bd80 100644 --- a/.github/workflows/fortress.yml +++ b/.github/workflows/fortress.yml @@ -68,7 +68,7 @@ jobs: # Check out code to access env file # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/.env.shared @@ -118,7 +118,7 @@ jobs: # Checkout code to access local action # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/actions/warm-cache diff --git a/.github/workflows/pull-request-management.yml b/.github/workflows/pull-request-management.yml index 758062e..3e1466c 100644 --- a/.github/workflows/pull-request-management.yml +++ b/.github/workflows/pull-request-management.yml @@ -63,7 +63,7 @@ jobs: # Check out code to access env file # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/.env.shared diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b71a62a..24cd8ea 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,7 +40,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -79,6 +79,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable the upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8 with: sarif_file: results.sarif diff --git a/.github/workflows/stale-check.yml b/.github/workflows/stale-check.yml index 9a89b61..bbdc885 100644 --- a/.github/workflows/stale-check.yml +++ b/.github/workflows/stale-check.yml @@ -54,7 +54,7 @@ jobs: # Check out code to access env file # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/.env.shared diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 4ce3566..d5776e2 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -59,7 +59,7 @@ jobs: # Check out code to access env file # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code (sparse) - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: sparse-checkout: | .github/.env.shared @@ -124,7 +124,7 @@ jobs: # Checkout repository # ———————————————————————————————————————————————————————————————— - name: 📥 Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # ———————————————————————————————————————————————————————————————— # Validate and parse labels file