diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml
index d30876cb2..c537a2139 100644
--- a/.github/workflows/build-base-images.yml
+++ b/.github/workflows/build-base-images.yml
@@ -92,7 +92,7 @@ jobs:
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }}
- name: Build Base Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
@@ -157,7 +157,7 @@ jobs:
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }}
- name: Build Base Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
@@ -229,7 +229,7 @@ jobs:
type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }}
- name: Build Base Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml
index b3dc8fd3d..7fd68c8ac 100644
--- a/.github/workflows/build-oss.yml
+++ b/.github/workflows/build-oss.yml
@@ -123,7 +123,7 @@ jobs:
if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }}
- name: Build Base Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
@@ -155,7 +155,7 @@ jobs:
if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }}
- name: Build Docker image
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
id: build-push
with:
file: build/Dockerfile
diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml
index 83819253c..2ebabb68c 100644
--- a/.github/workflows/build-plus.yml
+++ b/.github/workflows/build-plus.yml
@@ -130,7 +130,7 @@ jobs:
if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }}
- name: Build Base Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
@@ -168,7 +168,7 @@ jobs:
if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }}
- name: Build Docker image
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
id: build-push
with:
file: build/Dockerfile
diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml
index e2cb91001..84d3ff12c 100644
--- a/.github/workflows/build-test-image.yml
+++ b/.github/workflows/build-test-image.yml
@@ -49,7 +49,7 @@ jobs:
password: ${{ steps.auth.outputs.access_token }}
- name: Build Test-Runner Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: tests/Dockerfile
context: "."
diff --git a/.github/workflows/build-ubi-dependency.yml b/.github/workflows/build-ubi-dependency.yml
index 1f50a5013..de1ed7552 100644
--- a/.github/workflows/build-ubi-dependency.yml
+++ b/.github/workflows/build-ubi-dependency.yml
@@ -118,7 +118,7 @@ jobs:
DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
- name: Build and push
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: ./build/dependencies/Dockerfile.ubi
context: "."
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e07513b31..7163bee20 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -233,7 +233,7 @@ jobs:
if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }}
- name: Upload coverage to Codecov
- uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./coverage.txt
token: ${{ secrets.CODECOV_TOKEN }} # required
@@ -449,7 +449,7 @@ jobs:
if: ${{ needs.checks.outputs.forked_workflow == 'true' && needs.checks.outputs.docs_only == 'false' }}
- name: Build Docker Image ${{ matrix.base-os }}
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
@@ -573,7 +573,7 @@ jobs:
if: ${{ needs.checks.outputs.forked_workflow == 'false' && needs.checks.outputs.docs_only == 'false' }}
- name: Build Test-Runner Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: tests/Dockerfile
context: "."
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index aab39740e..6c6c6da7d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -70,7 +70,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/init@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -89,7 +89,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
- uses: github/codeql-action/autobuild@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/autobuild@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
# âšī¸ Command-line programs to run using the OS shell.
# đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -102,6 +102,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/analyze@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml
index db0c5482a..bac8f5e73 100644
--- a/.github/workflows/image-promotion.yml
+++ b/.github/workflows/image-promotion.yml
@@ -143,7 +143,7 @@ jobs:
fi
- name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
if: steps.check-sarif.outputs.sarif_has_results == 'true'
with:
sarif_file: govulncheck.sarif
@@ -468,7 +468,7 @@ jobs:
overwrite: true
- name: Upload Scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: "${{ steps.directory.outputs.directory }}/"
@@ -557,7 +557,7 @@ jobs:
overwrite: true
- name: Upload Scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: "${{ steps.directory.outputs.directory }}/"
@@ -653,7 +653,7 @@ jobs:
overwrite: true
- name: Upload Scan results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: "${{ steps.directory.outputs.directory }}/"
continue-on-error: true
diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml
index 243234cea..93f81d463 100644
--- a/.github/workflows/lint-format.yml
+++ b/.github/workflows/lint-format.yml
@@ -84,7 +84,7 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: DavidAnson/markdownlint-cli2-action@05f32210e84442804257b2a6f20b273450ec8265 # v19.1.0
+ - uses: DavidAnson/markdownlint-cli2-action@992badcdf24e3b8eb7e87ff9287fe931bcb00c6e # v20.0.0
with:
config: .markdownlint-cli2.yaml
globs: "**/*.md"
diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml
index e4400d01e..7e4cc3078 100644
--- a/.github/workflows/oss-release.yml
+++ b/.github/workflows/oss-release.yml
@@ -137,7 +137,7 @@ jobs:
password: ${{ steps.gcr-auth.outputs.access_token }}
- name: Configure AWS Credentials
- uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
+ uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }}
diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml
index 84a60d3e3..58a21affa 100644
--- a/.github/workflows/patch-image.yml
+++ b/.github/workflows/patch-image.yml
@@ -70,7 +70,7 @@ jobs:
password: ${{ steps.auth.outputs.access_token }}
- name: Apply OS patches to Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml
index aef99c159..a38d0b202 100644
--- a/.github/workflows/plus-release.yml
+++ b/.github/workflows/plus-release.yml
@@ -231,7 +231,7 @@ jobs:
password: ${{ steps.gcr-auth.outputs.access_token }}
- name: Configure AWS Credentials
- uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
+ uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }}
diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml
index bc577db93..ccd37bf09 100644
--- a/.github/workflows/regression.yml
+++ b/.github/workflows/regression.yml
@@ -99,7 +99,7 @@ jobs:
run: make cover
- name: Upload coverage to Codecov
- uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
+ uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
with:
files: ./coverage.txt
token: ${{ secrets.CODECOV_TOKEN }} # required
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 37016128c..64cae910d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -398,7 +398,7 @@ jobs:
ref: ${{ inputs.release_branch }}
- name: Configure AWS Credentials
- uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
+ uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }}
@@ -441,7 +441,7 @@ jobs:
- name: Download Syft
id: syft
- uses: anchore/sbom-action/download-syft@9f7302141466aa6482940f15371237e9d9f4c34a # v0.19.0
+ uses: anchore/sbom-action/download-syft@e11c554f704a0b820cbf8c51673f6945e0731532 # v0.20.0
if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }}
- name: Install Cosign
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 70397931e..93f0d2ff4 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
+ uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
with:
sarif_file: results.sarif
diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml
index a1370db58..e9a42dfc1 100644
--- a/.github/workflows/setup-smoke.yml
+++ b/.github/workflows/setup-smoke.yml
@@ -114,7 +114,7 @@ jobs:
if: ${{ inputs.authenticated }}
- name: Build Test-Runner Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: tests/Dockerfile
context: "."
@@ -126,7 +126,7 @@ jobs:
if: ${{ ( !inputs.authenticated || steps.check-image.outcome == 'failure' ) }}
- name: Build ${{ inputs.image }} Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: build/Dockerfile
context: "."
diff --git a/.github/workflows/single-image-regression.yml b/.github/workflows/single-image-regression.yml
index 6e4f82e84..1ffff2efb 100644
--- a/.github/workflows/single-image-regression.yml
+++ b/.github/workflows/single-image-regression.yml
@@ -100,7 +100,7 @@ jobs:
continue-on-error: true
- name: Build Test-Runner Container
- uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+ uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
with:
file: tests/Dockerfile
context: "."