diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml index 6db27e4bcf3..6950b721b9e 100644 --- a/.github/workflows/check-pr-title.yml +++ b/.github/workflows/check-pr-title.yml @@ -43,7 +43,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 + - uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4 # When the previous step fails, the workflow would stop. By adding this # condition you can continue the execution with the populated error message. if: always() && (steps.lint_pr_title.outputs.error_message != null) @@ -64,7 +64,7 @@ jobs: # Delete a previous comment when the issue has been resolved - if: steps.lint_pr_title.outputs.error_message == null - uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 + uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4 with: header: pr-title-lint-error delete: true diff --git a/.github/workflows/check-rendered-specs.yml b/.github/workflows/check-rendered-specs.yml index f62048a197c..e3e9453e98b 100644 --- a/.github/workflows/check-rendered-specs.yml +++ b/.github/workflows/check-rendered-specs.yml @@ -142,7 +142,7 @@ jobs: - name: Upload locks patch (unzipped, for browser download) id: upload-locks-patch if: hashFiles('locks-output/locks.patch') != '' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: locks-output/locks.patch archive: false @@ -150,14 +150,14 @@ jobs: # See: https://github.com/cli/cli/issues/13012 for why this is needed. - name: Upload locks patch (zipped, for gh run download) if: hashFiles('locks-output/locks.patch') != '' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: locks-patch path: locks-output/locks.patch - name: Upload update output if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: update-output path: locks-output/update-output.json @@ -208,12 +208,12 @@ jobs: persist-credentials: false - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" - name: Download update output - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: update-output path: update-output @@ -442,7 +442,7 @@ jobs: - name: Upload fix patch (unzipped, for browser download) id: upload-patch if: always() && hashFiles('render-output/rendered-specs.patch') != '' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: path: render-output/rendered-specs.patch archive: false @@ -450,14 +450,14 @@ jobs: # See: https://github.com/cli/cli/issues/13012 for why this is needed. - name: Upload fix patch (zipped, for gh run download) if: always() && hashFiles('render-output/rendered-specs.patch') != '' - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: rendered-specs-patch path: render-output/rendered-specs.patch - name: Upload render output if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: render-output path: | @@ -493,12 +493,12 @@ jobs: persist-credentials: false - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" - name: Download render report - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: render-output path: render-output diff --git a/.github/workflows/check-workflows.yml b/.github/workflows/check-workflows.yml index 7c6dc491b79..b7cd3d84295 100644 --- a/.github/workflows/check-workflows.yml +++ b/.github/workflows/check-workflows.yml @@ -34,7 +34,7 @@ jobs: run: rustup default stable - name: Enable cargo cache - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2 + uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1 - name: Install zizmor run: cargo install --locked zizmor diff --git a/.github/workflows/dependency-smoke.yml b/.github/workflows/dependency-smoke.yml index f376cb68897..a00c3c2931b 100644 --- a/.github/workflows/dependency-smoke.yml +++ b/.github/workflows/dependency-smoke.yml @@ -31,7 +31,7 @@ jobs: - scripts/mcps steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 42c9c864146..931d45040c7 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -19,12 +19,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: stable cache: false