diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml index c6d48ccd..8cdad5db 100644 --- a/.github/workflows/checkov.yml +++ b/.github/workflows/checkov.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run checkov - uses: bridgecrewio/checkov-action@5ae57a8860ce0657cb09591f5b8b8d9ead999a68 # v12.2920.0 + uses: bridgecrewio/checkov-action@d9688e5b7bef1943a56e5f2db120b1cb30037c1c # v12.2935.0 with: config_file: .checkov.yml output_format: cli,sarif @@ -26,7 +26,7 @@ jobs: skip_download: true # Do not download any data from Bridgecrew's servers - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 if: success() || failure() with: diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index d4d3a2e9..e1c67b99 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -32,6 +32,6 @@ jobs: platform_type: 'kubernetes' disable_secrets: true - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.26.8 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.26.8 with: sarif_file: report-dir/results.sarif diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 69748941..95156ffb 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -62,7 +62,7 @@ jobs: run: ct lint --config ct.yaml $TEST_ALL_CHARTS_ARG - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@ae94020eaf628e9b9b9f341a10cc0cdcf5c018fb # v1.11.0 if: steps.list-changed.outputs.changed == 'true' && env.PR_FROM_FORK == 'false' with: version: ${{ env.KIND_VERSION}} diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml index 6767bafc..c1aea9b4 100644 --- a/.github/workflows/pre-commit.yaml +++ b/.github/workflows/pre-commit.yaml @@ -17,20 +17,20 @@ jobs: contents: write steps: - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@5d6ac37a4cef8b8df67f482a8e384987766f0213 # v3.0.17 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@64418826697dcd77c93a8e4a1f7601a1942e57b5 # v3.0.18 with: allowlist: | Alfresco/alfresco-build-tools/ - name: Setup helm docs - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0 + uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 - name: Install kubeconform helm plugin run: | helm plugin install https://github.com/jtyr/kubeconform-helm --version v0.1.12 - name: Run pre-commit - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 with: # disable auto-commit for PRs from forks auto-commit: ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }} diff --git a/.github/workflows/updatecli.yaml b/.github/workflows/updatecli.yaml index 6e160ca6..8e4d93b8 100644 --- a/.github/workflows/updatecli.yaml +++ b/.github/workflows/updatecli.yaml @@ -27,7 +27,7 @@ jobs: token: ${{ secrets.BOT_GITHUB_TOKEN }} - uses: >- - Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.4.0 + Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.6.1 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -37,15 +37,15 @@ jobs: password: ${{ secrets.QUAY_PASSWORD }} - name: Install Updatecli - uses: updatecli/updatecli-action@cb631ef5547ed05db3db64bb2ad42a6cc36e3097 # v2.71.0 + uses: updatecli/updatecli-action@11d8c3e7c4dbb188d9534e599db759e418911828 # v2.73.0 - run: updatecli apply env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 - name: Regenerate helm docs if necessary - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 with: pre-commit-args: helm-docs || true skip_checkout: "true" @@ -71,7 +71,7 @@ jobs: token: ${{ secrets.BOT_GITHUB_TOKEN }} - uses: >- - Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.4.0 + Alfresco/alfresco-build-tools/.github/actions/get-branch-name@v8.6.1 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -81,7 +81,7 @@ jobs: password: ${{ secrets.QUAY_PASSWORD }} - name: Install Updatecli - uses: updatecli/updatecli-action@cb631ef5547ed05db3db64bb2ad42a6cc36e3097 # v2.71.0 + uses: updatecli/updatecli-action@11d8c3e7c4dbb188d9534e599db759e418911828 # v2.73.0 - name: Checkout updatecli configs uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -101,9 +101,9 @@ jobs: QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} UPDATECLI_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} - - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0 + - uses: Alfresco/alfresco-build-tools/.github/actions/setup-helm-docs@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 - name: Regenerate helm docs if necessary - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@a0837df06d10de2cae8a99319e8e101a6cbe9083 # v8.4.0 + uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@1713976b6d7dc48dfe74f441c9bf1ae9481cbb45 # v8.6.1 with: pre-commit-args: helm-docs || true skip_checkout: "true"