diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 589c54fc..9d242546 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,10 +13,10 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version: '1.19' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a590bc92..5ab99cdf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,18 +22,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a with: languages: ${{ matrix.language }} - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version: '1.19' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a diff --git a/.github/workflows/fossology-check.yml b/.github/workflows/fossology-check.yml index a968c230..69412469 100644 --- a/.github/workflows/fossology-check.yml +++ b/.github/workflows/fossology-check.yml @@ -9,7 +9,7 @@ jobs: name: Check license, copyright, keyword runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - run: | docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \ -e GITHUB_TOKEN=${{ github.token }} \ @@ -21,12 +21,12 @@ jobs: -e GITHUB_ACTIONS=true \ fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo copyright keyword # Upload artifact - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: scan-fossology-report path: ./results # Artifact download - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: scan-fossology-report diff --git a/.github/workflows/go-fuzz-test.yml b/.github/workflows/go-fuzz-test.yml index ea8241ea..f2caf34a 100644 --- a/.github/workflows/go-fuzz-test.yml +++ b/.github/workflows/go-fuzz-test.yml @@ -13,10 +13,10 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version: '1.19' diff --git a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml index e04442e2..e3b82aaa 100644 --- a/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml +++ b/.github/workflows/lint-vet-gofmt-staticcheck-analysis.yml @@ -8,10 +8,10 @@ jobs: lintvetanalysis: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version: '1.19' diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7ad94329..916c7cca 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -12,15 +12,15 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Check out the repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version: '1.19' - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf - name: Extract metadata (tags, labels) for Docker id: meta @@ -31,10 +31,10 @@ jobs: type=semver,pattern={{version}} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db - name: Log in to Docker Hub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -45,7 +45,7 @@ jobs: cp configs/defdockerfiles/ubuntu_multistage Dockerfile - name: Build and push - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 with: context: . build-args: TARGETVERSION=v${{ steps.meta.outputs.version }} @@ -63,7 +63,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index ef8c1f46..054848b3 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -32,17 +32,17 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: SARIF file path: results.sarif @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/test-suite.yml b/.github/workflows/test-suite.yml index 6878c592..48c9a795 100644 --- a/.github/workflows/test-suite.yml +++ b/.github/workflows/test-suite.yml @@ -12,10 +12,10 @@ jobs: os: [ubuntu-20.04] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 with: go-version: '1.19'