diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index 3a3a625..1038721 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -33,7 +33,7 @@ jobs: release-assets.githubusercontent.com:443 - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml index a19a452..01069ee 100644 --- a/.github/workflows/create-release.yaml +++ b/.github/workflows/create-release.yaml @@ -28,7 +28,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.merge_commit_sha }} persist-credentials: false @@ -80,7 +80,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.merge_commit_sha }} persist-credentials: false diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 0b03fd1..e944123 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -46,7 +46,7 @@ jobs: release-assets.githubusercontent.com:443 - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index 52efa32..8ac0462 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -40,7 +40,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: identity: prepare-release - name: Setup gitsign - uses: chainguard-dev/actions/setup-gitsign@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19 + uses: chainguard-dev/actions/setup-gitsign@05fbd381f7c158bd33c9bbf3a28f67852269fdf8 # v1.6.21 - name: Patch XCCDF version run: | diff --git a/.github/workflows/update-ca-cert.yaml b/.github/workflows/update-ca-cert.yaml index d12c6ef..b0edb4c 100644 --- a/.github/workflows/update-ca-cert.yaml +++ b/.github/workflows/update-ca-cert.yaml @@ -31,7 +31,7 @@ jobs: FIXTURES_GLOB: tests/e2e/fixtures/*/Dockerfile steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Harden Runner @@ -47,7 +47,7 @@ jobs: - name: Install cosign uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Setup crane - uses: imjasonh/setup-crane@6da1ae018866400525525ce74ff892880c099987 # v0.5 + uses: imjasonh/setup-crane@59c71e96a00b28651f10369ba3359a6d730740a0 # v0.6 - name: Pull and verify image id: image run: | @@ -211,7 +211,7 @@ jobs: fi - name: Setup gitsign if: steps.changed.outputs.changed == 'true' - uses: chainguard-dev/actions/setup-gitsign@c69a264ec2a5934c3186c618f368fc1c86f16cff # v1.6.19 + uses: chainguard-dev/actions/setup-gitsign@05fbd381f7c158bd33c9bbf3a28f67852269fdf8 # v1.6.21 - name: Create Pull Request if: steps.changed.outputs.changed == 'true' uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index d7cb060..e0fedc2 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -36,7 +36,7 @@ jobs: ghcr.io - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false