From fbf73de1aef43dda56c2f3639e170719a432ce8e Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Mon, 3 Apr 2023 03:36:35 +0100 Subject: [PATCH] chore(deps): update github-actions (#1871) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v3.4.0` -> `v3.5.0` | | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v3.3.0` -> `v3.5.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | patch | `v2.2.7` -> `v2.2.9` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | patch | `v2.1.2` -> `v2.1.3` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes
actions/checkout ### [`v3.5.0`](https://togithub.com/actions/checkout/releases/tag/v3.5.0) [Compare Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0) ##### What's Changed - Add new public key for known_hosts by [@​cdb](https://togithub.com/cdb) in [https://github.com/actions/checkout/pull/1237](https://togithub.com/actions/checkout/pull/1237) ##### New Contributors - [@​cdb](https://togithub.com/cdb) made their first contribution in [https://github.com/actions/checkout/pull/1237](https://togithub.com/actions/checkout/pull/1237) **Full Changelog**: https://github.com/actions/checkout/compare/v3.4.0...v3.5.0
github/codeql-action ### [`v2.2.9`](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.8...v2.2.9) ### [`v2.2.8`](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.2.7...v2.2.8)
ossf/scorecard-action ### [`v2.1.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://togithub.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://togithub.com/ossf/scorecard-action/issues/1076), [#​1094](https://togithub.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://togithub.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://togithub.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: https://github.com/ossf/scorecard/compare/v4.10.2...v4.10.5 **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3
--- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/slsa-framework/slsa-github-generator). Signed-off-by: Renovate Bot --- .../secure-builder-checkout/action.yaml | 2 +- .../secure-project-checkout/action.yaml | 2 +- .../workflows/builder_docker-based_slsa3.yml | 4 +-- .github/workflows/codeql-analysis.yml | 8 ++--- ...create-docker_based-predicate.schedule.yml | 6 ++-- .../e2e.detect-workflow-js.schedule.yml | 6 ++-- .../e2e.sign-attestations.schedule.yml | 6 ++-- .../workflows/e2e.upload-folder.schedule.yml | 8 ++--- .../workflows/e2e.verify-token.schedule.yml | 8 ++--- .github/workflows/pre-submit.actions.yml | 34 +++++++++---------- .github/workflows/pre-submit.apis.yml | 2 +- .github/workflows/pre-submit.base-images.yml | 2 +- .../pre-submit.e2e.docker-based.default.yml | 2 +- .../pre-submit.e2e.generic.default.yml | 6 ++-- ...-submit.e2e.go.config-ldflags-main-dir.yml | 2 +- .github/workflows/pre-submit.lint.yml | 8 ++--- .github/workflows/pre-submit.markdown.yml | 2 +- .github/workflows/pre-submit.units.yml | 6 ++-- .github/workflows/release.yml | 4 +-- .github/workflows/scorecards.yml | 6 ++-- 20 files changed, 62 insertions(+), 62 deletions(-) diff --git a/.github/actions/secure-builder-checkout/action.yaml b/.github/actions/secure-builder-checkout/action.yaml index 8d21a5b6ad..cd5edb2310 100644 --- a/.github/actions/secure-builder-checkout/action.yaml +++ b/.github/actions/secure-builder-checkout/action.yaml @@ -23,7 +23,7 @@ runs: # and has an associated release. This will require exceptions # for e2e tests. - name: Checkout the repository - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} diff --git a/.github/actions/secure-project-checkout/action.yaml b/.github/actions/secure-project-checkout/action.yaml index 9277dcd886..d8cf74afc7 100644 --- a/.github/actions/secure-project-checkout/action.yaml +++ b/.github/actions/secure-project-checkout/action.yaml @@ -16,7 +16,7 @@ runs: using: "composite" steps: - name: Checkout the repository - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: fetch-depth: 1 # Different from default actions/checkout which defaults to `true`. diff --git a/.github/workflows/builder_docker-based_slsa3.yml b/.github/workflows/builder_docker-based_slsa3.yml index 28c17fbcea..5b0caac86a 100644 --- a/.github/workflows/builder_docker-based_slsa3.yml +++ b/.github/workflows/builder_docker-based_slsa3.yml @@ -211,7 +211,7 @@ jobs: runs-on: ubuntu-latest needs: [rng, detect-env, generate-builder] steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Checkout builder repository uses: slsa-framework/slsa-github-generator/.github/actions/secure-builder-checkout@main with: @@ -356,7 +356,7 @@ jobs: set-executable: true - name: Checkout the source repository - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0ae0064e61..cacb251b04 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -58,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 # Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -71,7 +71,7 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 # NOTE: Checks that the matrix job above completes successfully. # This is necessary because the matrix strategy generates new jobs with diff --git a/.github/workflows/e2e.create-docker_based-predicate.schedule.yml b/.github/workflows/e2e.create-docker_based-predicate.schedule.yml index 77118f793c..4eb367f930 100644 --- a/.github/workflows/e2e.create-docker_based-predicate.schedule.yml +++ b/.github/workflows/e2e.create-docker_based-predicate.schedule.yml @@ -25,7 +25,7 @@ jobs: permissions: id-token: write # Needed to detect the current reusable repository and ref. steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Detect the builder ref id: detect uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@main @@ -57,7 +57,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main @@ -71,7 +71,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/e2e.detect-workflow-js.schedule.yml b/.github/workflows/e2e.detect-workflow-js.schedule.yml index 2b86195c80..dd5e603ad5 100644 --- a/.github/workflows/e2e.detect-workflow-js.schedule.yml +++ b/.github/workflows/e2e.detect-workflow-js.schedule.yml @@ -19,7 +19,7 @@ jobs: id-token: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - id: detect uses: ./.github/actions/detect-workflow-js - id: verify @@ -55,7 +55,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main @@ -69,7 +69,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/e2e.sign-attestations.schedule.yml b/.github/workflows/e2e.sign-attestations.schedule.yml index 2598be7c5b..1913b9b00d 100644 --- a/.github/workflows/e2e.sign-attestations.schedule.yml +++ b/.github/workflows/e2e.sign-attestations.schedule.yml @@ -19,7 +19,7 @@ jobs: id-token: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - id: setup uses: ./.github/actions/sign-attestations with: @@ -48,7 +48,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main @@ -62,7 +62,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/e2e.upload-folder.schedule.yml b/.github/workflows/e2e.upload-folder.schedule.yml index fcb3b664da..4a02caf185 100644 --- a/.github/workflows/e2e.upload-folder.schedule.yml +++ b/.github/workflows/e2e.upload-folder.schedule.yml @@ -23,7 +23,7 @@ jobs: sha256: ${{ steps.upload.outputs.sha256 }} sha256-noroot: ${{ steps.upload-noroot.outputs.sha256 }} steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Create folder run: | set -euo pipefail @@ -86,7 +86,7 @@ jobs: needs: [secure-upload-folder] runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Download in new folder uses: ./.github/actions/secure-download-folder @@ -166,7 +166,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main @@ -180,7 +180,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/e2e.verify-token.schedule.yml b/.github/workflows/e2e.verify-token.schedule.yml index b54d92c308..e8cee4d37b 100644 --- a/.github/workflows/e2e.verify-token.schedule.yml +++ b/.github/workflows/e2e.verify-token.schedule.yml @@ -27,7 +27,7 @@ jobs: # "https://api.github.com/repos/$USERNAME/slsa-github-generator/actions/workflows/e2e.verify-token.schedule.yml/dispatches" \ # -d "{\"ref\":\"$BRANCH\"}" \ # -H "Authorization: token $GH_TOKEN" - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - id: setup uses: ./actions/delegator/setup-token with: @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-latest needs: [setup-token] steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - id: verify uses: ./.github/actions/verify-token with: @@ -120,7 +120,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main @@ -134,7 +134,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml index 2e393b992b..b22fc51fa6 100644 --- a/.github/workflows/pre-submit.actions.yml +++ b/.github/workflows/pre-submit.actions.yml @@ -13,13 +13,13 @@ jobs: name: verify no checkout in Actions runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - run: ./.github/workflows/scripts/pre-submit.actions/checkout.sh check-tscommon-tarball: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Untar the package tarball working-directory: .github/actions/tscommon @@ -51,7 +51,7 @@ jobs: - .github/actions/detect-workflow-js - .github/actions/tscommon steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Set Node.js 18 uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 @@ -97,7 +97,7 @@ jobs: compute-sha256: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - run: | echo "foo" > artifact - id: compute-sha256 @@ -112,7 +112,7 @@ jobs: rng: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - run: | echo "foo" > artifact - id: rng @@ -126,10 +126,10 @@ jobs: references: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __THIS_REPO__ - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main @@ -151,7 +151,7 @@ jobs: secure-project-checkout-go: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -164,7 +164,7 @@ jobs: secure-project-checkout-node: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -184,7 +184,7 @@ jobs: UPLOAD_FOLDER_NO_ROOT_NAME: "upload-root/upload-folder" DOWNLOAD_FOLDER_NO_ROOT_NAME: "download-root/download-folder" steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Create folder run: | set -euo pipefail @@ -321,7 +321,7 @@ jobs: secure-download-artifact: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -348,7 +348,7 @@ jobs: secure-download-artifact-builder-name: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -381,7 +381,7 @@ jobs: secure-download-artifact-builder-repo-folder: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -415,7 +415,7 @@ jobs: secure-download-artifact-builder-repo-file: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __BUILDER_CHECKOUT_DIR__ @@ -449,7 +449,7 @@ jobs: generate-builder-generic-compile: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: ./.github/actions/generate-builder with: repository: "slsa-framework/slsa-github-generator" @@ -463,7 +463,7 @@ jobs: generate-builder-generic-no-compile: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Detect the builder ref id: detect uses: ./.github/actions/detect-workflow @@ -481,7 +481,7 @@ jobs: generate-attestations: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Test generate attestations id: generate uses: ./.github/actions/generate-attestations diff --git a/.github/workflows/pre-submit.apis.yml b/.github/workflows/pre-submit.apis.yml index 087045abb8..468f6c9669 100644 --- a/.github/workflows/pre-submit.apis.yml +++ b/.github/workflows/pre-submit.apis.yml @@ -17,6 +17,6 @@ jobs: name: verify safe APIs runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: Check safe file systems APIs run: ./.github/workflows/scripts/pre-submit.apis/verify-safefs.sh diff --git a/.github/workflows/pre-submit.base-images.yml b/.github/workflows/pre-submit.base-images.yml index 8541e8a099..6d11c9e219 100644 --- a/.github/workflows/pre-submit.base-images.yml +++ b/.github/workflows/pre-submit.base-images.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: install cosign uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 - name: verify images diff --git a/.github/workflows/pre-submit.e2e.docker-based.default.yml b/.github/workflows/pre-submit.e2e.docker-based.default.yml index 8d14b792b4..f7efefd266 100644 --- a/.github/workflows/pre-submit.e2e.docker-based.default.yml +++ b/.github/workflows/pre-submit.e2e.docker-based.default.yml @@ -31,7 +31,7 @@ jobs: HEAD_SHA: ${{ github.event.pull_request.head.sha }} GITHUB_HEAD_REPOSITORY: ${{ github.event.pull_request.head.repo.full_name }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b with: name: ${{ needs.build-docker-based.outputs.build-outputs-name }} diff --git a/.github/workflows/pre-submit.e2e.generic.default.yml b/.github/workflows/pre-submit.e2e.generic.default.yml index ca94c56a2b..68086123ef 100644 --- a/.github/workflows/pre-submit.e2e.generic.default.yml +++ b/.github/workflows/pre-submit.e2e.generic.default.yml @@ -32,7 +32,7 @@ jobs: needs: [build] if: ${{ always() }} steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ needs.build.outputs.provenance-name }} @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-latest needs: [build-continue-no-error] steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ needs.build-continue-no-error.outputs.provenance-name }} @@ -91,7 +91,7 @@ jobs: runs-on: ubuntu-latest needs: [build-continue-invalid-subjects] steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ needs.build.outputs.provenance-name }} diff --git a/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml b/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml index 421c5ca135..79ca3e92cc 100644 --- a/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml +++ b/.github/workflows/pre-submit.e2e.go.config-ldflags-main-dir.yml @@ -49,7 +49,7 @@ jobs: needs: [build] if: ${{ always() }} steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: ${{ needs.build.outputs.go-binary-name }} diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index 1f798eb58f..4d5967b85e 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -17,7 +17,7 @@ jobs: golangci-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version: 1.19 @@ -41,7 +41,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - env: SHELLCHECK_VERSION: "0.8.0" SHELLCHECK_CHECKSUM: "ab6ee1b178f014d1b86d1e24da20d1139656c8b0ed34d2867fbb834dad02bf0a" @@ -64,7 +64,7 @@ jobs: yamllint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - env: YAMLLINT_VERSION: "1.26.3" run: | @@ -79,7 +79,7 @@ jobs: eslint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 with: node-version: 16 diff --git a/.github/workflows/pre-submit.markdown.yml b/.github/workflows/pre-submit.markdown.yml index 1b35e5f1e7..a754dcc1b5 100644 --- a/.github/workflows/pre-submit.markdown.yml +++ b/.github/workflows/pre-submit.markdown.yml @@ -23,6 +23,6 @@ jobs: node-version: 16 - name: Install markdown-toc run: npm install -g markdown-toc - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: markdown-toc run: ./.github/workflows/scripts/pre-submit.markdown/markdown-toc.sh diff --git a/.github/workflows/pre-submit.units.yml b/.github/workflows/pre-submit.units.yml index 9f59288685..efe21c73c5 100644 --- a/.github/workflows/pre-submit.units.yml +++ b/.github/workflows/pre-submit.units.yml @@ -21,7 +21,7 @@ jobs: if: ${{ always() }} steps: - name: Checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - name: setup-go uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: @@ -43,12 +43,12 @@ jobs: if: ${{ always() }} steps: - name: Checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: generator - name: Checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: verifier repository: slsa-framework/slsa-verifier diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d5ed617f24..e9bafc184c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,10 +20,10 @@ jobs: name: pre release refs verification runs-on: ubuntu-latest steps: - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: path: __THIS_REPO__ - - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3b55bbd557..c32b02f04b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,12 +25,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 with: results_file: results.sarif results_format: sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2.2.7 + uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9 with: sarif_file: results.sarif