diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 5b2a6ac..71a59d3 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -36,7 +36,7 @@ jobs: run: printf '%s\n' '${{ inputs.image }}' > '${{ runner.temp }}/image.txt' - name: Upload image artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: docker-image-${{ inputs.image }} path: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 28cf302..1630bdb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,7 +41,7 @@ jobs: images: ${{ steps.collect.outputs.images }} steps: - name: Download lint markers - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: lint-passed-* path: ${{ runner.temp }}/lint-markers @@ -92,7 +92,7 @@ jobs: images: ${{ steps.collect.outputs.images }} steps: - name: Download build artifacts - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: docker-image-* path: ${{ runner.temp }}/build-artifacts @@ -143,7 +143,7 @@ jobs: images: ${{ steps.collect.outputs.images }} steps: - name: Download scan markers - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: scan-passed-* path: ${{ runner.temp }}/scan-markers diff --git a/.github/workflows/lint-image.yml b/.github/workflows/lint-image.yml index 9a542ba..7e77af9 100644 --- a/.github/workflows/lint-image.yml +++ b/.github/workflows/lint-image.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -31,7 +31,7 @@ jobs: - name: Upload lint passed marker if: success() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: lint-passed-${{ inputs.image }} path: ${{ runner.temp }}/image.txt diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml index 1694b0a..024b4cb 100644 --- a/.github/workflows/publish-image.yml +++ b/.github/workflows/publish-image.yml @@ -17,7 +17,7 @@ jobs: packages: write steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -28,7 +28,7 @@ jobs: echo "image_ref=ghcr.io/trly/${{ inputs.image }}:$version" >> "$GITHUB_OUTPUT" - name: Download image artifact - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: docker-image-${{ inputs.image }} path: ${{ runner.temp }}/image @@ -37,7 +37,7 @@ jobs: run: gunzip -c "${{ runner.temp }}/image/image.tar.gz" | docker load - name: Log in to GHCR - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml index bb2315f..833ca95 100644 --- a/.github/workflows/scan-image.yml +++ b/.github/workflows/scan-image.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -27,7 +27,7 @@ jobs: echo "image_ref=ghcr.io/trly/${{ inputs.image }}:$version" >> "$GITHUB_OUTPUT" - name: Download image artifact - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: docker-image-${{ inputs.image }} path: ${{ runner.temp }}/image @@ -36,7 +36,7 @@ jobs: run: gunzip -c "${{ runner.temp }}/image/image.tar.gz" | docker load - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: image-ref: ${{ steps.meta.outputs.image_ref }} format: table @@ -52,7 +52,7 @@ jobs: - name: Upload scan passed marker if: success() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: scan-passed-${{ inputs.image }} path: ${{ runner.temp }}/image.txt diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index c5aeab9..c19af82 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -27,7 +27,7 @@ jobs: images: ${{ steps.find.outputs.images }} steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 ref: ${{ github.sha }}