diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a4de4ab..ad92433 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -287,7 +287,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup go version - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} check-latest: ${{ inputs.go-version-latest }} @@ -328,7 +328,7 @@ jobs: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: Setup go version - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} check-latest: ${{ inputs.go-version-latest }} @@ -362,7 +362,7 @@ jobs: # upload report as artifact - name: Archive unit tests report if: inputs.upload-skip == false - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: report path: ${{ inputs.working-directory }}/report.json @@ -370,7 +370,7 @@ jobs: # upload coverage as artifact - name: Archive code coverage results if: inputs.upload-skip == false - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: coverage path: ${{ inputs.working-directory }}/coverage.txt @@ -429,7 +429,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup go version - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} check-latest: ${{ inputs.go-version-latest }} @@ -448,7 +448,7 @@ jobs: - name: Archive code style results if: inputs.upload-skip == false - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: fmt path: ${{ inputs.working-directory }}/fmt.patch @@ -464,7 +464,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} check-latest: ${{ inputs.go-version-latest }} @@ -514,7 +514,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: REUSE Compliance Check - uses: fsfe/reuse-action@a46482ca367aef4454a87620aa37c2be4b2f8106 # v3.0.0 + uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0 license: @@ -526,7 +526,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} check-latest: ${{ inputs.go-version-latest }} @@ -534,7 +534,7 @@ jobs: # setup ruby environment before running github/setup-licensed - name: Setup Ruby - uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1 + uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0 with: ruby-version: ruby @@ -583,7 +583,7 @@ jobs: - name: Archive license results if: always() && inputs.upload-skip == false - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: licensing path: | @@ -612,7 +612,7 @@ jobs: runs-on: [ ubuntu-latest ] steps: - name: Install syft for sbom generation - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0 + uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1 - name: Checkout the code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -623,7 +623,7 @@ jobs: run: git fetch --force --tags - name: Setup go version - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ inputs.go-version }} check-latest: ${{ inputs.go-version-latest }} diff --git a/.github/workflows/proj.yml b/.github/workflows/proj.yml index 4cdac37..dd64210 100644 --- a/.github/workflows/proj.yml +++ b/.github/workflows/proj.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: # Target the team project board. - - uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1 + - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 with: project-url: https://github.com/orgs/comcast-cl/projects/3 github-token: ${{ secrets.PROJECT_ISSUE_CREATION_TOKEN }}