diff --git a/.github/workflows/add_issue_to_project.yaml b/.github/workflows/add_issue_to_project.yaml index e8f51f8b..5324ed3b 100644 --- a/.github/workflows/add_issue_to_project.yaml +++ b/.github/workflows/add_issue_to_project.yaml @@ -9,7 +9,7 @@ jobs: name: Add issue to Updatecli project runs-on: ubuntu-24.04 steps: - - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 + - uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0 with: project-url: https://github.com/orgs/updatecli/projects/2 github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index 49cfa269..dee80298 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -35,14 +35,14 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 + uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 with: # Required: the version of golangci-lint is required # and must be specified without patch version: # we always use the latest patch version. version: v2.11.3 - name: Install GoReleaser - uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: install-only: true - name: Show GoReleaser version diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 3351a394..07a3a78e 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -10,7 +10,7 @@ jobs: update_release_draft: runs-on: ubuntu-24.04 steps: - - uses: release-drafter/release-drafter@139054aeaa9adc52ab36ddf67437541f039b88e2 # v7.1.1 + - uses: release-drafter/release-drafter@693d20e7c1ce1a81d3a41962f85914253b518449 # v7.3.1 with: config-name: release-drafter.yaml env: diff --git a/.github/workflows/release-sandbox.yaml b/.github/workflows/release-sandbox.yaml index c71525c6..a28b20e2 100644 --- a/.github/workflows/release-sandbox.yaml +++ b/.github/workflows/release-sandbox.yaml @@ -26,9 +26,9 @@ jobs: with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 # https://github.com/actions/setup-go - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 @@ -36,7 +36,7 @@ jobs: go-version: 1.26.1 id: go - name: Install GoReleaser - uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: install-only: true - name: Show GoReleaser version diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a8de1771..2167a6f5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -26,9 +26,9 @@ jobs: with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 # https://github.com/actions/setup-go - name: Set up Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 @@ -36,18 +36,18 @@ jobs: go-version: 1.26.1 id: go - name: Install GoReleaser - uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7.2.2 with: install-only: true - name: Show GoReleaser version run: goreleaser --version - name: Login to DockerHub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Login to GitHub Docker Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/typos.yaml b/.github/workflows/typos.yaml index ae2254a7..eaf09a3a 100644 --- a/.github/workflows/typos.yaml +++ b/.github/workflows/typos.yaml @@ -11,4 +11,4 @@ jobs: - name: Checkout Actions Repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check spelling of file.txt - uses: crate-ci/typos@631208b7aac2daa8b707f55e7331f9112b0e062d # v1.44.0 + uses: crate-ci/typos@f8a58b6b53f2279f71eb605f03a4ae4d10608f45 # v1.47.0 diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index e5f64886..f2b636a7 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -1,13 +1,10 @@ -name: GitHub Actions Security Analysis with zizmor 🌈 - +name: "GitHub Actions Security Analysis with zizmor \U0001F308" on: push: branches: ["main"] pull_request: branches: ["**"] - permissions: {} - jobs: zizmor: runs-on: ubuntu-latest @@ -18,9 +15,8 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + - name: "Run zizmor \U0001F308" + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: # intentionally not scanning the entire repository, inputs: ./.github/