diff --git a/.github/workflows/backfill.yaml b/.github/workflows/backfill.yaml index 553dacb77f4..d72e6e6c688 100644 --- a/.github/workflows/backfill.yaml +++ b/.github/workflows/backfill.yaml @@ -24,7 +24,7 @@ jobs: - uses: google-github-actions/setup-gcloud@6a7c903a70c8625ed6700fa299f5ddb4ca6022e9 # v2.1.5 with: project_id: "prod-images-c6e5" - - uses: chainguard-dev/setup-chainctl@f4ed65b781b048c44d4f033ae854c025c5531c19 # v0.3.2 + - uses: chainguard-dev/setup-chainctl@c125f765e82b09a42af3185f3214465314d75c5d # v0.5.0 with: # Managed here: # https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/wolfi-os-pusher.tf diff --git a/.github/workflows/delete-old-branches.yaml b/.github/workflows/delete-old-branches.yaml index 79b38145dde..5ab7f620a31 100644 --- a/.github/workflows/delete-old-branches.yaml +++ b/.github/workflows/delete-old-branches.yaml @@ -16,10 +16,10 @@ jobs: id-token: write # To gitsign and federate steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0 + - uses: octo-sts/action@f603d3be9d8dd9871a265776e625a27b00effe05 # v1.1.1 id: octo-sts with: scope: ${{ github.repository }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 9c504ac09dd..78d04e8102a 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -23,7 +23,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 diff --git a/.github/workflows/restore-packages.yaml b/.github/workflows/restore-packages.yaml index 0e4ae91326a..1829c17f111 100644 --- a/.github/workflows/restore-packages.yaml +++ b/.github/workflows/restore-packages.yaml @@ -24,12 +24,12 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # use public chainguard provider. - - uses: chainguard-dev/setup-chainctl@f4ed65b781b048c44d4f033ae854c025c5531c19 # v0.3.2 + - uses: chainguard-dev/setup-chainctl@c125f765e82b09a42af3185f3214465314d75c5d # v0.5.0 with: # Managed here: # https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/wolfi-os-pusher.tf diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 7fcf6224de6..3f07a9875e7 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -16,7 +16,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 diff --git a/.github/workflows/update-cache.yaml b/.github/workflows/update-cache.yaml index c257a1728b5..01badc510e0 100644 --- a/.github/workflows/update-cache.yaml +++ b/.github/workflows/update-cache.yaml @@ -23,11 +23,11 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: chainguard-dev/actions/setup-melange@df684a72f67ce7eecd78098365cb5057f16be3b1 # main + - uses: chainguard-dev/actions/setup-melange@fac81f8edade777ac0bedfa9f4a42591accab9c8 # main - uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12 with: workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha" diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml index 0a824820264..40e85093027 100644 --- a/.github/workflows/withdraw-packages.yaml +++ b/.github/workflows/withdraw-packages.yaml @@ -23,7 +23,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -82,7 +82,7 @@ jobs: all-withdrawn-packages.txt \ gs://wolfi-production-registry-destination/os/withdrawn-packages.txt # use public chainguard provider. - - uses: chainguard-dev/setup-chainctl@f4ed65b781b048c44d4f033ae854c025c5531c19 # v0.3.2 + - uses: chainguard-dev/setup-chainctl@c125f765e82b09a42af3185f3214465314d75c5d # v0.5.0 with: # Managed here: # https://github.com/chainguard-dev/mono/blob/main/env/chainguard-images/iac/wolfi-os-pusher.tf diff --git a/.github/workflows/wolfictl-lint.yaml b/.github/workflows/wolfictl-lint.yaml index 743161d43d8..d5c438473ef 100644 --- a/.github/workflows/wolfictl-lint.yaml +++ b/.github/workflows/wolfictl-lint.yaml @@ -20,7 +20,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 with: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2