diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0717543521..1dbbfdf16c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,9 +22,9 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v3.29.5 + uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5 with: languages: python - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v3.29.5 + uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3b5311db9a..07af1cb24a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -49,14 +49,14 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 with: cache-binary: false install: true version: latest - name: Build and Cache Image - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: push: false context: . @@ -104,14 +104,14 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 with: cache-binary: false install: true version: latest - name: Log in to the GitHub Container Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -153,7 +153,7 @@ jobs: - name: Setup Image Metadata id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: | ghcr.io/${{ steps.lower.outputs.owner }}/${{ matrix.image-name }} @@ -164,7 +164,7 @@ jobs: type=raw,value=latest,enable=${{ steps.check_latest.outputs.is_latest == 'true' }} - name: Publish Image to GHCR.io - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: push: true context: . diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c9933b058c..18e34f8fbc 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v3.29.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5 with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 78984d6739..090be67058 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -56,6 +56,6 @@ jobs: sed -i 's/"security-severity": "null"/"security-severity": "0"/g' snyk.sarif - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v3.29.5 + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.29.5 with: sarif_file: snyk.sarif diff --git a/.github/workflows/sonar-merge-main.yml b/.github/workflows/sonar-merge-main.yml index fc26629d54..58345bb0eb 100644 --- a/.github/workflows/sonar-merge-main.yml +++ b/.github/workflows/sonar-merge-main.yml @@ -23,7 +23,7 @@ jobs: os: "ubuntu-latest" is_pr: "false" - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # master + uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/sonar-pr.yml b/.github/workflows/sonar-pr.yml index bbad7076ca..03e719917c 100644 --- a/.github/workflows/sonar-pr.yml +++ b/.github/workflows/sonar-pr.yml @@ -56,7 +56,7 @@ jobs: git checkout -B temp-branch-for-scanning upstream/${{ fromJson(steps.get_pr_data.outputs.data).head.ref }} - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@59db25f34e16620e48ab4bb9e4a5dce155cb5432 # master + uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # master env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/tag-recreate-lts.yml b/.github/workflows/tag-recreate-lts.yml index b53fa2b57a..053864d2e5 100644 --- a/.github/workflows/tag-recreate-lts.yml +++ b/.github/workflows/tag-recreate-lts.yml @@ -237,7 +237,7 @@ jobs: steps: - name: Log in to the GitHub Container Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }}