diff --git a/.github/workflows/__changes.yml b/.github/workflows/__changes.yml index c00a6cfed6..61ce628d0b 100644 --- a/.github/workflows/__changes.yml +++ b/.github/workflows/__changes.yml @@ -53,7 +53,7 @@ jobs: only_changed: ${{ steps.set-result.outputs.only_changed }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 3510c34c6f..4541de6939 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -105,7 +105,7 @@ jobs: steps: - name: Checkout if: needs.changes.outputs.only_changed != 'true' - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false @@ -153,7 +153,7 @@ jobs: - name: Login to GitHub Container Registry if: needs.changes.outputs.only_changed != 'true' - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -207,7 +207,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false @@ -228,7 +228,7 @@ jobs: cache: true - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -321,7 +321,7 @@ jobs: OCI_REPOSITORY: radius-project/helm-chart steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -364,7 +364,7 @@ jobs: id-token: write # Required for azure/login steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false @@ -431,7 +431,7 @@ jobs: contents: write # Required for creating releases steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8672355f84..f92796759d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,7 +33,7 @@ jobs: uses: raven-actions/debug@9dbdeb7eea607a7d73411895c65987e71d59a466 # v1.2.0 - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 persist-credentials: false @@ -89,7 +89,7 @@ jobs: matrix: ${{ fromJSON(needs.changes.outputs.matrix) }} steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false submodules: recursive @@ -109,7 +109,7 @@ jobs: - name: Initialize CodeQL if: ${{ !startsWith(matrix.language, 'custom-') }} - uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: config-file: .github/configs/.codeql.yml languages: ${{ matrix.language }} @@ -117,7 +117,7 @@ jobs: - name: Auto build if: matrix.build-mode == 'autobuild' - uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: working-directory: ${{ matrix.working-directory }} @@ -129,21 +129,21 @@ jobs: - name: Perform GoSec Analysis if: matrix.language == 'custom-gosec' - uses: securego/gosec@b579523bf6dbd3baf523a778c1a5d1f5c66e97fd + uses: securego/gosec@a631af86ec6d2557e40dac102293f15209794a75 with: args: -no-fail -fmt sarif -out gosec-results.sarif ./... continue-on-error: true - name: Upload GoSec result if: ${{ always() && matrix.language == 'custom-gosec' }} - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: sarif_file: gosec-results.sarif wait-for-processing: true - name: Perform CodeQL Analysis if: ${{ !startsWith(matrix.language, 'custom-') }} - uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 id: codeql-analyze with: category: /language:${{matrix.language}} @@ -152,7 +152,7 @@ jobs: - name: Upload CodeQL result if: ${{ always() && !startsWith(matrix.language, 'custom-') }} - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: sarif_file: ${{ format('{0}/{1}.sarif', steps.codeql-analyze.outputs.sarif-output, matrix.language) }} wait-for-processing: true diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4d78ec3c49..3f8640dcc2 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -27,7 +27,7 @@ jobs: checks: write steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/devcontainer-feature-release.yaml b/.github/workflows/devcontainer-feature-release.yaml index f1592c0671..d10f41c9fa 100644 --- a/.github/workflows/devcontainer-feature-release.yaml +++ b/.github/workflows/devcontainer-feature-release.yaml @@ -22,7 +22,7 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/devcontainer-feature-test.yaml b/.github/workflows/devcontainer-feature-test.yaml index ba3cfd9478..112a224b33 100644 --- a/.github/workflows/devcontainer-feature-test.yaml +++ b/.github/workflows/devcontainer-feature-test.yaml @@ -29,7 +29,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -46,7 +46,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/functional-test-cloud.yaml b/.github/workflows/functional-test-cloud.yaml index 7dfe97f8ba..e6e537577b 100644 --- a/.github/workflows/functional-test-cloud.yaml +++ b/.github/workflows/functional-test-cloud.yaml @@ -190,7 +190,7 @@ jobs: } >> "${GITHUB_ENV}" - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false @@ -275,7 +275,7 @@ jobs: permission-pull-requests: write - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ env.CHECKOUT_REPO }} ref: ${{ env.CHECKOUT_REF }} @@ -283,7 +283,7 @@ jobs: persist-credentials: false - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ env.CHECKOUT_REPO }} ref: ${{ env.CHECKOUT_REF }} @@ -338,7 +338,7 @@ jobs: ## Test Status - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -578,7 +578,7 @@ jobs: details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - name: Checkout Radius repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ env.CHECKOUT_REPO }} ref: ${{ env.CHECKOUT_REF }} @@ -586,7 +586,7 @@ jobs: persist-credentials: false - name: Checkout Samples repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: matrix.name == 'samples' with: repository: radius-project/samples @@ -703,7 +703,7 @@ jobs: helm install workload-identity-webhook azure-workload-identity/workload-identity-webhook --namespace radius-default --create-namespace --version ${{ env.AZURE_WORKLOAD_IDENTITY_WEBHOOK_VER }} --set azureTenantID=${{ secrets.AZURE_SP_TESTS_TENANTID }} - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/functional-test-noncloud.yaml b/.github/workflows/functional-test-noncloud.yaml index a4dd47d124..4e28a3125f 100644 --- a/.github/workflows/functional-test-noncloud.yaml +++ b/.github/workflows/functional-test-noncloud.yaml @@ -203,13 +203,13 @@ jobs: } >> "${GITHUB_ENV}" - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false - name: Checkout samples repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: matrix.name == 'samples-noncloud' with: repository: radius-project/samples diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 85a3252041..3bf588c2f3 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -53,7 +53,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false @@ -141,7 +141,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/long-running-azure.yaml b/.github/workflows/long-running-azure.yaml index 6b3a601819..c1c4d4fe42 100644 --- a/.github/workflows/long-running-azure.yaml +++ b/.github/workflows/long-running-azure.yaml @@ -131,13 +131,13 @@ jobs: permission-contents: read - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: recursive persist-credentials: false - name: Checkout samples repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/samples path: samples @@ -180,7 +180,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTIONID_TESTS }} - name: Login to GitHub Container Registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -207,7 +207,7 @@ jobs: - name: Restore skip-delete-resources-list if: always() - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: skip-delete-resources-list.txt key: skip-delete-resources-list-${{ steps.gen-id.outputs.UNIQUE_ID || github.run_id }} @@ -265,7 +265,7 @@ jobs: kubectl get resources.ucp.dev -n radius-system --no-headers -o custom-columns=":metadata.name" > skip-delete-resources-list.txt - name: Save list of resources not to be deleted - uses: actions/cache/save@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: skip-delete-resources-list.txt key: skip-delete-resources-list-${{ steps.gen-id.outputs.UNIQUE_ID || github.run_id }} @@ -433,7 +433,7 @@ jobs: - name: Restore skip-delete-resources-list if: always() - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: skip-delete-resources-list.txt key: skip-delete-resources-list-${{ steps.gen-id.outputs.UNIQUE_ID || github.run_id }} diff --git a/.github/workflows/nightly-rad-CLI-tests.yaml b/.github/workflows/nightly-rad-CLI-tests.yaml index 31a9d47ef3..5dab87df7d 100644 --- a/.github/workflows/nightly-rad-CLI-tests.yaml +++ b/.github/workflows/nightly-rad-CLI-tests.yaml @@ -45,7 +45,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/publish-de-image.yaml b/.github/workflows/publish-de-image.yaml index 9b39945dde..a3beb31b7d 100644 --- a/.github/workflows/publish-de-image.yaml +++ b/.github/workflows/publish-de-image.yaml @@ -39,7 +39,7 @@ jobs: contents: read id-token: write steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index bbe3ffeb87..c84dbd1534 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -45,7 +45,7 @@ jobs: pull-requests: write steps: - name: Checkout radius repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/radius path: radius @@ -69,7 +69,7 @@ jobs: fi - name: Checkout docs repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/docs path: docs diff --git a/.github/workflows/purge-aws-test-resources.yaml b/.github/workflows/purge-aws-test-resources.yaml index 6273594be7..5d371727c0 100644 --- a/.github/workflows/purge-aws-test-resources.yaml +++ b/.github/workflows/purge-aws-test-resources.yaml @@ -41,7 +41,7 @@ jobs: contents: read steps: - name: Checkout the repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/radius-bot.yaml b/.github/workflows/radius-bot.yaml index 19a20ade10..68737a2a86 100644 --- a/.github/workflows/radius-bot.yaml +++ b/.github/workflows/radius-bot.yaml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: sparse-checkout: | .github/scripts/radius-bot.js diff --git a/.github/workflows/release-verification.yaml b/.github/workflows/release-verification.yaml index 8a7b34df35..887533bb9f 100644 --- a/.github/workflows/release-verification.yaml +++ b/.github/workflows/release-verification.yaml @@ -37,7 +37,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 92e94d80a0..a027c0a785 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,7 +48,7 @@ jobs: RELNOTE_FOUND: false steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -145,14 +145,14 @@ jobs: contents: read # Required for actions/checkout id-token: write # Required for azure/login (copy-deployment-engine-image) steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/radius ref: main persist-credentials: false - name: Checkout radius-project/radius@main - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/radius ref: main @@ -161,7 +161,7 @@ jobs: persist-credentials: false - name: Checkout radius-project/recipes@main - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/recipes ref: main @@ -170,7 +170,7 @@ jobs: persist-credentials: false - name: Checkout radius-project/dashboard@main - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/dashboard ref: main @@ -179,7 +179,7 @@ jobs: persist-credentials: false - name: Checkout radius-project/bicep-types-aws@main - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: radius-project/bicep-types-aws ref: main diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index ac854e82cc..48fa49ab3f 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -43,7 +43,7 @@ jobs: id-token: write # Needed for GitHub OIDC token if publish_results is true steps: - name: Checkout code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10 + uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0 with: sarif_file: results.sarif diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index 973672ff9b..2b0d3a28cd 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -28,7 +28,7 @@ jobs: checks: write steps: - name: Checkout Radius repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.workflow_run.head_sha }} persist-credentials: false diff --git a/.github/workflows/validate-bicep.yaml b/.github/workflows/validate-bicep.yaml index ad37ce920a..9a26c807c0 100644 --- a/.github/workflows/validate-bicep.yaml +++ b/.github/workflows/validate-bicep.yaml @@ -59,7 +59,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true persist-credentials: false diff --git a/.github/workflows/validate-devcontainer-feature.yaml b/.github/workflows/validate-devcontainer-feature.yaml index 0634bdc3e1..952fb0640d 100644 --- a/.github/workflows/validate-devcontainer-feature.yaml +++ b/.github/workflows/validate-devcontainer-feature.yaml @@ -19,7 +19,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/validate-installers.yaml b/.github/workflows/validate-installers.yaml index 34b8a8bbeb..d9ae20c581 100644 --- a/.github/workflows/validate-installers.yaml +++ b/.github/workflows/validate-installers.yaml @@ -37,7 +37,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false