diff --git a/.github/workflows/add_issue.yaml b/.github/workflows/add_issue.yaml index af5e74a2..b77fded5 100644 --- a/.github/workflows/add_issue.yaml +++ b/.github/workflows/add_issue.yaml @@ -13,13 +13,13 @@ jobs: name: Add issue to project runs-on: ubuntu-latest steps: - - uses: actions/create-github-app-token@v2 + - uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2 id: app-token with: app-id: ${{ secrets.ADD_ISSUE_APP_ID }} private-key: ${{ secrets.ADD_ISSUE_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - - uses: actions/add-to-project@v1.0.2 + - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 with: project-url: https://github.com/orgs/neuvector/projects/15 github-token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/bump-neuvector.yaml b/.github/workflows/bump-neuvector.yaml index 98d2bde4..107e53be 100644 --- a/.github/workflows/bump-neuvector.yaml +++ b/.github/workflows/bump-neuvector.yaml @@ -12,10 +12,10 @@ jobs: pull-requests: write # for updatecli to create a PR steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Install Updatecli in the runner - uses: updatecli/updatecli-action@57aa8966d4d775cb1420b90c270ba97a4b5abe47 # v2.93.0 + uses: updatecli/updatecli-action@4b17f4ea784de29f71f85f9bc4955402ba1ae53c # v2.100.0 - name: Update neuvector dependency env: diff --git a/.github/workflows/bump-sigstore.yaml b/.github/workflows/bump-sigstore.yaml index 11423638..905b42d3 100644 --- a/.github/workflows/bump-sigstore.yaml +++ b/.github/workflows/bump-sigstore.yaml @@ -12,10 +12,10 @@ jobs: pull-requests: write # for updatecli to create a PR steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Install Updatecli in the runner - uses: updatecli/updatecli-action@57aa8966d4d775cb1420b90c270ba97a4b5abe47 # v2.93.0 + uses: updatecli/updatecli-action@4b17f4ea784de29f71f85f9bc4955402ba1ae53c # v2.100.0 - name: Update sigstore-interface dependency env: diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 77e3b538..bb543916 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -15,7 +15,7 @@ jobs: timeout-minutes: 30 steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 # The FOSSA token is shared between all repos in NeuVector's GH org. It can # be used directly and there is no need to request specific access to EIO. diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index b2a38d04..181fafae 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: "go.mod" - name: golangci-lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a820c194..801c54f0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Load Secrets from Vault uses: rancher-eio/read-vault-secrets@main with: @@ -79,7 +79,7 @@ jobs: id-token: write steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Load Secrets from Vault uses: rancher-eio/read-vault-secrets@main with: @@ -103,7 +103,7 @@ jobs: fi - name: Login to registry if: env.UPDATE_MUTABLE_TAG == 'True' - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: docker.io username: ${{ env.DOCKER_USERNAME }} @@ -114,7 +114,7 @@ jobs: docker buildx imagetools create --tag docker.io/${{ github.repository_owner }}/scanner:6 docker.io/${{ github.repository_owner }}/scanner:${TAG} - name: Login to registry if: env.UPDATE_MUTABLE_TAG == 'True' - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: ${{ env.PRIME_REGISTRY }} username: ${{ env.PRIME_REGISTRY_USERNAME }} @@ -125,7 +125,7 @@ jobs: docker buildx imagetools create --tag ${PRIME_REGISTRY}/rancher/neuvector-scanner:6 ${PRIME_REGISTRY}/rancher/neuvector-scanner:${TAG} - name: Login to registry if: env.UPDATE_MUTABLE_TAG == 'True' - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3 with: registry: docker.io username: ${{ env.RANCHER_DOCKER_USERNAME }} diff --git a/.github/workflows/unitest.yaml b/.github/workflows/unitest.yaml index c8b10c98..95d6384b 100644 --- a/.github/workflows/unitest.yaml +++ b/.github/workflows/unitest.yaml @@ -8,8 +8,8 @@ jobs: unitest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version: '1.26.1' - run: |