diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1a101b3c..4a6f02e8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -80,7 +80,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 # if: ${{ github.event_name != 'pull_request' || (github.event_name == 'pull_request' && steps.changed-files.outputs.any_changed == 'true') }} with: config-file: ./.github/linters/.codeql.yml @@ -94,7 +94,7 @@ jobs: # queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 # if: ${{ github.event_name != 'pull_request' || (github.event_name == 'pull_request' && steps.changed-files.outputs.any_changed == 'true') }} with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/ghpages.yml b/.github/workflows/ghpages.yml index 54f01ac6..de8324e0 100644 --- a/.github/workflows/ghpages.yml +++ b/.github/workflows/ghpages.yml @@ -33,7 +33,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install the latest version of uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 - name: Setup Task uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 @@ -47,10 +47,10 @@ jobs: run: task site:build -- --strict - name: Configure GH Pages - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 + uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0 - name: Upload GH Pages artifact - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: "site/" @@ -65,4 +65,4 @@ jobs: steps: - name: Deploy to GH Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index ace252e7..4aa7ac9b 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -68,7 +68,7 @@ jobs: node-version: lts/* - name: Install the latest version of uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0 - name: Setup Task uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2.0.0 diff --git a/.github/workflows/prebuilt-devcontainer-base.yml b/.github/workflows/prebuilt-devcontainer-base.yml index a4be77d6..ace18e65 100644 --- a/.github/workflows/prebuilt-devcontainer-base.yml +++ b/.github/workflows/prebuilt-devcontainer-base.yml @@ -42,7 +42,7 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/prebuilt-devcontainer.yml b/.github/workflows/prebuilt-devcontainer.yml index 5e78a310..c3ea2bef 100644 --- a/.github/workflows/prebuilt-devcontainer.yml +++ b/.github/workflows/prebuilt-devcontainer.yml @@ -60,7 +60,7 @@ jobs: # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 #v4.1.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 #v4.1.1 with: cosign-release: "v2.2.4" @@ -73,7 +73,7 @@ jobs: # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -110,7 +110,7 @@ jobs: # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 with: context: . file: .github/docker/devcontainer.Dockerfile diff --git a/.github/workflows/test_terraform.yml b/.github/workflows/test_terraform.yml index 6d99427d..0a5a7644 100644 --- a/.github/workflows/test_terraform.yml +++ b/.github/workflows/test_terraform.yml @@ -58,7 +58,7 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Filter - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: base: ${{ github.event_name == 'workflow_dispatch' && github.ref || '' }} @@ -86,7 +86,7 @@ jobs: - name: Dirs id: dirs - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ github.token }} script: | @@ -152,7 +152,7 @@ jobs: - name: Create Issue on Test Failure (acceptance) if: steps.testacc.outputs.exitcode == 1 - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ github.token }} script: | @@ -177,7 +177,7 @@ jobs: - name: Create Issue on Test Failure (integration) if: steps.testint.outputs.exitcode == 1 - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 with: github-token: ${{ github.token }} script: | @@ -195,7 +195,7 @@ jobs: - name: Upload out if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: out-${{ matrix.src.name }}-${{ github.run_id }} path: | @@ -204,7 +204,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: tests-results-${{ matrix.src.name }}-${{ github.run_id }} path: | @@ -214,7 +214,7 @@ jobs: - name: Publish test results id: test_results if: always() - uses: dorny/test-reporter@3d76b34a4535afbd0600d347b09a6ee5deb3ed7f # v2.6.0 + uses: dorny/test-reporter@a43b3a5f7366b97d083190328d2c652e1a8b6aa2 # v3.0.0 with: working-directory: ${{ matrix.src.path }} name: Test results (${{ matrix.src.name }})