diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b85efb6..cb1392e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,12 +18,12 @@ jobs: test-folders: ["library-tests", "queries-tests"] steps: - name: "Checkout" - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 with: submodules: true - name: "Check for changes" - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: extractor-changes with: filters: | @@ -83,18 +83,18 @@ jobs: # steps: # - name: "Checkout" - # uses: actions/checkout@v6 + # uses: actions/checkout@v6.0.3 # with: # submodules: true # - name: "Checkout" - # uses: actions/checkout@v6 + # uses: actions/checkout@v6.0.3 # with: # repository: ${{ matrix.project }} # path: project # - name: "Check for changes" - # uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + # uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 # id: extractor-changes # with: # filters: | @@ -151,8 +151,8 @@ jobs: docs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + - uses: actions/checkout@v6.0.3 + - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes with: filters: | diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml index 89609f8..15696e6 100644 --- a/.github/workflows/copilot-setup-steps.yml +++ b/.github/workflows/copilot-setup-steps.yml @@ -31,7 +31,7 @@ jobs: # starts. If you do not check out your code, Copilot will do this for you. steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 with: submodules: true diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index c8f25b0..636da2b 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -13,7 +13,7 @@ jobs: actions: write steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.3 - name: "Run Coverage Report" if: github.ref == 'refs/heads/main' @@ -22,7 +22,7 @@ jobs: ./scripts/create-coverage.py report --markdown > $GITHUB_STEP_SUMMARY - name: "Upload Coverage Report" - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: coverage-report path: coverage.csv diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 3678570..6d765cc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,7 +16,7 @@ jobs: release: ${{ steps.get_version.outputs.release }} version: ${{ steps.get_version.outputs.version }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.3 - name: "Check release version" id: get_version @@ -53,7 +53,7 @@ jobs: if: ${{ needs.release-check.outputs.release == 'true' }} steps: - name: "Checkout" - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 with: submodules: true @@ -68,7 +68,7 @@ jobs: run: ./scripts/create-extractor-pack.sh - name: "Upload bundle artifact" - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: "extractor-bundle-${{ matrix.os }}" path: "./extractor-pack" @@ -81,12 +81,12 @@ jobs: steps: - name: "Checkout" - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 with: submodules: true - name: "Download all artifacts" - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: path: "./extractor-pack" merge-multiple: true @@ -115,7 +115,7 @@ jobs: steps: - name: "Checkout" - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: "Check and Publish CodeQL Packs" env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d62d8b7..afe641b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,10 +20,10 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout" - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: "Patch Release Me" - uses: 42ByteLabs/patch-release-me@ef44b04c04fde87280adf14548664bfbcebba04d # 0.6.4 + uses: 42ByteLabs/patch-release-me@04ea0a696abfc3cfbdfadb279bd9c9dd0b1652a2 # 0.6.6 with: mode: ${{ github.event.inputs.bump }} @@ -42,7 +42,7 @@ jobs: echo "release=true" >> "$GITHUB_ENV" - name: "Create Release" - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: token: ${{ github.token }} commit-message: "[chore]: Create release for ${{ steps.get_version.outcome.version }}" diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 22d3074..adfea13 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -16,11 +16,11 @@ jobs: steps: - name: "Checkout" - uses: actions/checkout@v6 + uses: actions/checkout@v6.0.3 - name: Get Token id: get_workflow_token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 with: app-id: ${{ secrets.CODEQL_FIELD_BOT_ID }} private-key: ${{ secrets.CODEQL_FIELD_BOT_KEY }} @@ -34,7 +34,7 @@ jobs: --bump "${{ github.event.inputs.bump }}" - name: Create Pull Request - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0 + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 with: title: "[Bot] Version Bump - ${{ github.event.inputs.repository }}" body: "This PR was automatically generated to bump the version of IaC library and queries."