From 7943a5e9909445f002885d1d5322f50316f1340f Mon Sep 17 00:00:00 2001 From: Automated Date: Fri, 5 Jun 2026 15:30:20 +0000 Subject: [PATCH 1/3] Update GitHub Actions to latest vetted versions | Action | SHA | Version | Vetted in | |--------|-----|---------|-----------| | `actions/checkout` | `de0fac2e` | v6.0.2 | | | `actions/setup-go` | `4a360112` | v6.4.0 | | | `crazy-max/ghaction-import-gpg` | `2dc316de` | v7.0.0 | | | `golangci/golangci-lint-action` | `82606bf2` | v9.2.1 | | --- .github/workflows/e2e.yml | 8 ++++---- .github/workflows/golangci-lint.yml | 6 +++--- .github/workflows/govulncheck.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/release.yml | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index a23a50832..78d0b95bc 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -9,10 +9,10 @@ jobs: name: Run E2E (Testscript) Tests / Without API runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: "go.mod" @@ -36,10 +36,10 @@ jobs: - suite: dbaas run: TestScriptsAPIDBaaS steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: "go.mod" diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index b605b6034..61ee50951 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -8,9 +8,9 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 - - uses: golangci/golangci-lint-action@v7 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 with: version: latest args: --timeout 4m diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index e80054ee1..30b435772 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -7,8 +7,8 @@ jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' cache-dependency-path: 'go.sum' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index eb283e377..78e3a199a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ jobs: name: Build + Run Unit Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0e3bdf45f..e83fa2b03 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: linux_amd64_checksum: ${{ steps.get-linux-amd64-checksum.outputs.linux_amd64_checksum }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 @@ -31,7 +31,7 @@ jobs: # To be on the safer side, we should always pin to the commit SHA. # It's not a perfect mitigation, but we should always do some due diligence before upgrading. # The author seems trustworthy, as the author is part of the docker and goreleaser organizations on GitHub. - uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.GPG_PASSPHRASE }} From 62964ae4b86bbf4b6a7e9e80597d8121a42da820 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20Reni=C3=A9?= Date: Mon, 8 Jun 2026 13:44:07 +0200 Subject: [PATCH 2/3] fixup! Update GitHub Actions to latest vetted versions --- .github/actions/build/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build/action.yaml b/.github/actions/build/action.yaml index fd031a1d3..3f69e7d1d 100644 --- a/.github/actions/build/action.yaml +++ b/.github/actions/build/action.yaml @@ -2,7 +2,7 @@ name: "Build" runs: using: "composite" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 From 31b44c3bfcfb716bcc1f276029c319060fa6113e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20Reni=C3=A9?= Date: Mon, 8 Jun 2026 13:48:59 +0200 Subject: [PATCH 3/3] fixup! fixup! Update GitHub Actions to latest vetted versions --- .github/workflows/golangci-lint.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 61ee50951..ae95108aa 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -10,6 +10,8 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + with: + go-version: '1.26' - uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1 with: version: latest