diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7aa06d00a..95b6d6354 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: # Depth 2 covers normal single-commit pushes and pull request merge # parents; the script fetches the base commit for larger push ranges. # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: fetch-depth: 2 persist-credentials: false @@ -131,13 +131,13 @@ jobs: needs.detect-changes.outputs.automation_lint == 'true' steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false - name: Set up Go for actionlint # actions/setup-go v6.4.0 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 with: go-version: '1.25.x' cache: false @@ -186,7 +186,7 @@ jobs: needs.detect-changes.outputs.go_lint == 'true' steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -204,7 +204,7 @@ jobs: needs.detect-changes.outputs.js_lint == 'true' steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -226,7 +226,7 @@ jobs: needs.detect-changes.outputs.lua_lint == 'true' steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -242,7 +242,7 @@ jobs: needs.detect-changes.outputs.go_tests == 'true' steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2abe50908..7eebcd855 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,7 +37,7 @@ jobs: javascript_typescript: ${{ steps.detect.outputs.javascript_typescript }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: # Keep normal runs shallow; the detect step fetches older bases only # when a larger push range needs them. @@ -126,7 +126,7 @@ jobs: steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -166,7 +166,7 @@ jobs: steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false diff --git a/.github/workflows/docker-package.yml b/.github/workflows/docker-package.yml index 48c1d0058..de41548fa 100644 --- a/.github/workflows/docker-package.yml +++ b/.github/workflows/docker-package.yml @@ -32,7 +32,7 @@ jobs: id-token: write steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -96,7 +96,7 @@ jobs: - name: Generate artifact attestation # actions/attest-build-provenance v4.1.0 # yamllint disable-line rule:line-length - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} subject-digest: ${{ steps.push.outputs.digest }} diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml index 1f65f545f..593605f55 100644 --- a/.github/workflows/prerelease.yml +++ b/.github/workflows/prerelease.yml @@ -31,7 +31,7 @@ jobs: binary_version: ${{ steps.meta.outputs.binary_version }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -58,7 +58,7 @@ jobs: contents: read steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -98,7 +98,7 @@ jobs: RELEASE_TARGET_ASSET: ${{ matrix.asset }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -134,7 +134,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -169,7 +169,7 @@ jobs: - name: Attest release assets # actions/attest-build-provenance v4.1.0 # yamllint disable-line rule:line-length - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 with: subject-path: ${{ steps.release-assets.outputs.attestation_paths }} diff --git a/.github/workflows/stable-release.yml b/.github/workflows/stable-release.yml index 7e6302af0..4ce64d16d 100644 --- a/.github/workflows/stable-release.yml +++ b/.github/workflows/stable-release.yml @@ -36,7 +36,7 @@ jobs: binary_version: ${{ steps.meta.outputs.binary_version }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -91,7 +91,7 @@ jobs: contents: read steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -131,7 +131,7 @@ jobs: RELEASE_TARGET_ASSET: ${{ matrix.asset }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -169,7 +169,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -225,7 +225,7 @@ jobs: - name: Attest release assets # actions/attest-build-provenance v4.1.0 # yamllint disable-line rule:line-length - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 with: subject-path: ${{ steps.release-assets.outputs.attestation_paths }} diff --git a/.github/workflows/update-go-toolchain.yml b/.github/workflows/update-go-toolchain.yml index 62b1ca12b..13b0fc76e 100644 --- a/.github/workflows/update-go-toolchain.yml +++ b/.github/workflows/update-go-toolchain.yml @@ -24,7 +24,7 @@ jobs: PR_BRANCH: automation/update-go-toolchain steps: # actions/checkout v6.0.3 - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 with: persist-credentials: false @@ -86,7 +86,7 @@ jobs: - name: Set up Go if: steps.detect.outputs.changed == 'true' # actions/setup-go v6.4.0 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 with: go-version: ${{ steps.detect.outputs.version }} cache: true