diff --git a/.github/actions/ai-pr-review/action.yml b/.github/actions/ai-pr-review/action.yml index 4bb0fbf..ebf8275 100644 --- a/.github/actions/ai-pr-review/action.yml +++ b/.github/actions/ai-pr-review/action.yml @@ -72,7 +72,7 @@ runs: # (script 2>/dev/null || rm -f CLAUDE.md) on every run. - name: Checkout PR head if: steps.cfg.outputs.proceed == 'true' && inputs.provider == 'anthropic' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 @@ -95,7 +95,7 @@ runs: - name: Claude PR review if: steps.cfg.outputs.proceed == 'true' && inputs.provider == 'anthropic' - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1.0.121 + uses: anthropics/claude-code-action@e90deca47693f9457b72f2b53c17d7c445a87342 # v1.0.171 with: anthropic_api_key: ${{ inputs.anthropic-api-key }} # zizmor: ignore[secrets-outside-env] -- API key passed via composite input, not a repo secret github_token: ${{ inputs.github-token }} @@ -131,7 +131,7 @@ runs: # root, and clobbering it breaks GitHub's late-stage action resolution. - name: Checkout PR head (openai) if: steps.cfg.outputs.proceed == 'true' && inputs.provider == 'openai' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 @@ -144,7 +144,7 @@ runs: - name: Codex PR review id: codex if: steps.cfg.outputs.proceed == 'true' && inputs.provider == 'openai' - uses: openai/codex-action@e0fdf01220eb9a88167c4898839d273e3f2609d1 # v1.8 + uses: openai/codex-action@52fe01ec70a42f454c9d2ebd47598f9fd6893d56 # v1.11 with: openai-api-key: ${{ inputs.openai-api-key }} # zizmor: ignore[secrets-outside-env] -- API key passed via composite input, not a repo secret model: ${{ steps.cfg.outputs.model }} diff --git a/.github/actions/ci-notify-nightly-tests/action.yml b/.github/actions/ci-notify-nightly-tests/action.yml index cbfa7bf..10eabd3 100644 --- a/.github/actions/ci-notify-nightly-tests/action.yml +++ b/.github/actions/ci-notify-nightly-tests/action.yml @@ -31,7 +31,7 @@ runs: using: "composite" steps: - name: Post E2E test results notification - uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 + uses: slackapi/slack-github-action@0d95c9a7becc1e6e297d76df9bc735c44f4cbcbc # v3.0.5 with: errors: true webhook-type: incoming-webhook diff --git a/.github/actions/ci-test-notify/action.yml b/.github/actions/ci-test-notify/action.yml index 4f40dd6..c138d40 100644 --- a/.github/actions/ci-test-notify/action.yml +++ b/.github/actions/ci-test-notify/action.yml @@ -44,7 +44,7 @@ runs: - name: Send Slack notification if: steps.gate.outputs.notify == 'true' - uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 + uses: slackapi/slack-github-action@0d95c9a7becc1e6e297d76df9bc735c44f4cbcbc # v3.0.5 with: errors: true webhook-type: incoming-webhook diff --git a/.github/actions/go-licenses/action.yml b/.github/actions/go-licenses/action.yml index aacc85d..0815186 100644 --- a/.github/actions/go-licenses/action.yml +++ b/.github/actions/go-licenses/action.yml @@ -90,7 +90,7 @@ runs: run: git config --global "url.https://${GH_ACCESS_TOKEN}@github.com/.insteadOf" https://github.com/ - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: ${{ inputs.go-version-file }} diff --git a/.github/actions/govulncheck/action.yml b/.github/actions/govulncheck/action.yml index 8186ca4..98ce931 100644 --- a/.github/actions/govulncheck/action.yml +++ b/.github/actions/govulncheck/action.yml @@ -63,7 +63,7 @@ runs: git config --global url."https://${GH_ACCESS_TOKEN}@github.com/".insteadOf "https://github.com/" - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: ${{ inputs.go-version-file }} @@ -88,7 +88,7 @@ runs: steps.govulncheck.conclusion == 'failure' && inputs.notify == 'true' && github.event_name == 'schedule' - uses: loft-sh/github-actions/.github/actions/ci-test-notify@85d7023c5749421d369f59430c7849f2d00ad694 # ci-test-notify/v1 + uses: loft-sh/github-actions/.github/actions/ci-test-notify@b5a50da8a53ca1021b783290630061078bdb12cf # ci-test-notify/v1 with: test-name: ${{ inputs.test-name }} status: failure diff --git a/.github/actions/linear-pr-commenter/action.yml b/.github/actions/linear-pr-commenter/action.yml index 1f91bca..5e101c9 100644 --- a/.github/actions/linear-pr-commenter/action.yml +++ b/.github/actions/linear-pr-commenter/action.yml @@ -22,12 +22,12 @@ runs: using: 'composite' steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: ${{ github.action_path }}/src/go.mod diff --git a/.github/actions/link-backport-prs/action.yml b/.github/actions/link-backport-prs/action.yml index 1137bde..aa46ef1 100644 --- a/.github/actions/link-backport-prs/action.yml +++ b/.github/actions/link-backport-prs/action.yml @@ -31,7 +31,7 @@ runs: using: 'composite' steps: - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: ${{ github.action_path }}/src/go.mod diff --git a/.github/actions/prerelease-setup/action.yml b/.github/actions/prerelease-setup/action.yml index 9b960c8..0ec4c72 100644 --- a/.github/actions/prerelease-setup/action.yml +++ b/.github/actions/prerelease-setup/action.yml @@ -48,7 +48,7 @@ runs: tool-cache: false - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: # The test code only reads from the working tree (go build, ginkgo # discovery). No subsequent push/fetch needs the embedded token, so @@ -56,7 +56,7 @@ runs: persist-credentials: false - name: Setup Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: go.mod cache: true @@ -65,10 +65,10 @@ runs: uses: azure/setup-kubectl@829323503d1be3d00ca8346e5391ca0b07a9ab0d # v5.1.0 - name: Setup helm - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1 - name: AWS Login - uses: aws-actions/configure-aws-credentials@99214aa6889fcddfa57764031d71add364327e59 # v6.1.3 + uses: aws-actions/configure-aws-credentials@517a711dbcd0e402f90c77e7e2f81e849156e31d # v6.2.2 with: role-to-assume: arn:aws:iam::084374023943:role/e2e-test-executor role-session-name: ${{ inputs.role-session-name }} diff --git a/.github/actions/publish-helm-chart/action.yml b/.github/actions/publish-helm-chart/action.yml index 19165e1..18909d0 100644 --- a/.github/actions/publish-helm-chart/action.yml +++ b/.github/actions/publish-helm-chart/action.yml @@ -51,7 +51,7 @@ runs: using: "composite" steps: - name: Set up Helm - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1 with: version: ${{ inputs.helm-version }} diff --git a/.github/actions/release-notification/action.yml b/.github/actions/release-notification/action.yml index e073edd..2d6c055 100644 --- a/.github/actions/release-notification/action.yml +++ b/.github/actions/release-notification/action.yml @@ -64,7 +64,7 @@ runs: echo "base_branch=$BRANCH" >> "$GITHUB_OUTPUT" - name: Post release notification if: inputs.status == 'success' - uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 + uses: slackapi/slack-github-action@0d95c9a7becc1e6e297d76df9bc735c44f4cbcbc # v3.0.5 with: errors: true webhook-type: incoming-webhook @@ -113,7 +113,7 @@ runs: esac - name: Post release failure notification if: inputs.status != 'success' - uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 + uses: slackapi/slack-github-action@0d95c9a7becc1e6e297d76df9bc735c44f4cbcbc # v3.0.5 with: errors: true webhook-type: incoming-webhook diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml index ec4f7b9..37cac50 100644 --- a/.github/workflows/actionlint.yaml +++ b/.github/workflows/actionlint.yaml @@ -20,13 +20,13 @@ jobs: pull-requests: write steps: - name: Checkout # zizmor: ignore[artipacked] -- reviewdog needs git credentials for local diff fallback on large PRs - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 - name: Get changed workflow files id: changed-files - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 + uses: dorny/paths-filter@7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2 with: filters: | workflows: diff --git a/.github/workflows/ai-pr-review.yaml b/.github/workflows/ai-pr-review.yaml index 0234c4a..369e59d 100644 --- a/.github/workflows/ai-pr-review.yaml +++ b/.github/workflows/ai-pr-review.yaml @@ -51,7 +51,7 @@ jobs: issues: write id-token: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: loft-sh/github-actions ref: main diff --git a/.github/workflows/auto-approve-bot-prs.yaml b/.github/workflows/auto-approve-bot-prs.yaml index 7c087c7..0292d02 100644 --- a/.github/workflows/auto-approve-bot-prs.yaml +++ b/.github/workflows/auto-approve-bot-prs.yaml @@ -33,7 +33,7 @@ jobs: # reporting a hard red check on caller CI. continue-on-error: true steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: loft-sh/github-actions ref: main diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index fe8ece6..1eeb08c 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -27,7 +27,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 persist-credentials: false diff --git a/.github/workflows/check-docs.yaml b/.github/workflows/check-docs.yaml index 79dda4a..c33459c 100644 --- a/.github/workflows/check-docs.yaml +++ b/.github/workflows/check-docs.yaml @@ -20,7 +20,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - run: make check-docs diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ab65c90..0897cc6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,12 +13,12 @@ jobs: permissions: contents: read pull-requests: read - uses: loft-sh/github-actions/.github/workflows/validate-renovate.yaml@53686d2452bc48398252887a37ad248c38a7f1eb # validate-renovate/v1 + uses: loft-sh/github-actions/.github/workflows/validate-renovate.yaml@b52efbd927586ea78282073f79d2423e552c9f62 # validate-renovate/v1 actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: rhysd/actionlint@914e7df21a07ef503a81201c76d2b11c789d3fca # v1.7.12 @@ -26,7 +26,7 @@ jobs: zizmor: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - run: pip install zizmor==1.24.1 && zizmor .github/ diff --git a/.github/workflows/claude-code-review.yaml b/.github/workflows/claude-code-review.yaml index d76b64e..74e2800 100644 --- a/.github/workflows/claude-code-review.yaml +++ b/.github/workflows/claude-code-review.yaml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 1 @@ -51,7 +51,7 @@ jobs: git checkout -B "${PR_HEAD_REF}" "origin/${PR_HEAD_REF}" - name: Claude Code Review - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 + uses: anthropics/claude-code-action@e90deca47693f9457b72f2b53c17d7c445a87342 # v1 with: anthropic_api_key: ${{ secrets.anthropic-api-key }} # zizmor: ignore[secrets-outside-env] -- API key passed via workflow_call, not a repo secret github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/claude.yaml b/.github/workflows/claude.yaml index a19dbcb..38aa5b6 100644 --- a/.github/workflows/claude.yaml +++ b/.github/workflows/claude.yaml @@ -20,13 +20,13 @@ jobs: actions: read steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 persist-credentials: false - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 + uses: anthropics/claude-code-action@e90deca47693f9457b72f2b53c17d7c445a87342 # v1 with: anthropic_api_key: ${{ secrets.anthropic-api-key }} # zizmor: ignore[secrets-outside-env] -- API key passed via workflow_call, not a repo secret diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 790362f..af7461e 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -26,14 +26,14 @@ jobs: actions: read # Required for Claude to read CI results on PRs steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 1 persist-credentials: false - name: Run Claude Code id: claude - uses: anthropics/claude-code-action@f4fb5c6cdccc1ee7af63692f5d08d56efaa64cc8 # v1 + uses: anthropics/claude-code-action@e90deca47693f9457b72f2b53c17d7c445a87342 # v1 with: claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} # zizmor: ignore[secrets-outside-env] -- OAuth token for Claude, no dedicated environment needed diff --git a/.github/workflows/cleanup-head-charts.yaml b/.github/workflows/cleanup-head-charts.yaml index 7484c70..26a1bb8 100644 --- a/.github/workflows/cleanup-head-charts.yaml +++ b/.github/workflows/cleanup-head-charts.yaml @@ -46,7 +46,7 @@ jobs: # checkout against loft-sh/github-actions fails with `upload-pack: # not our ref`. Parse workflow_ref (owner/repo/path@ref) instead. echo "ref=${WORKFLOW_REF##*@}" >> "${GITHUB_OUTPUT}" - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: loft-sh/github-actions ref: ${{ steps.wref.outputs.ref }} diff --git a/.github/workflows/conflict-check.yaml b/.github/workflows/conflict-check.yaml index 2fbe10d..7e90658 100644 --- a/.github/workflows/conflict-check.yaml +++ b/.github/workflows/conflict-check.yaml @@ -21,7 +21,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/detect-changes.yaml b/.github/workflows/detect-changes.yaml index a236d13..c5eba90 100644 --- a/.github/workflows/detect-changes.yaml +++ b/.github/workflows/detect-changes.yaml @@ -22,13 +22,13 @@ jobs: has_changed: ${{ steps.set-output.outputs.has_changed }} steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: true # paths-filter needs credentials to fetch the base commit on push events - name: Filter paths id: filter - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 + uses: dorny/paths-filter@7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2 with: base: ${{ github.event_name == 'push' && github.event.before || '' }} filters: | diff --git a/.github/workflows/notify-release.yaml b/.github/workflows/notify-release.yaml index cb74cd4..d1e3112 100644 --- a/.github/workflows/notify-release.yaml +++ b/.github/workflows/notify-release.yaml @@ -72,7 +72,7 @@ jobs: echo "All required inputs are valid" - name: Checkout repository if: ${{ !inputs.dry-run && inputs.status == 'success' }} - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: repository: ${{ inputs.target_repo }} ref: ${{ inputs.ref || github.ref }} diff --git a/.github/workflows/release-linear-release-sync.yaml b/.github/workflows/release-linear-release-sync.yaml index 55b12a6..39bb118 100644 --- a/.github/workflows/release-linear-release-sync.yaml +++ b/.github/workflows/release-linear-release-sync.yaml @@ -17,11 +17,11 @@ jobs: release: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: .github/actions/linear-release-sync/src/go.mod cache: false diff --git a/.github/workflows/test-ai-pr-review.yaml b/.github/workflows/test-ai-pr-review.yaml index 9caf053..12eafa5 100644 --- a/.github/workflows/test-ai-pr-review.yaml +++ b/.github/workflows/test-ai-pr-review.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-ai-step.yaml b/.github/workflows/test-ai-step.yaml index be4ad33..ac228ac 100644 --- a/.github/workflows/test-ai-step.yaml +++ b/.github/workflows/test-ai-step.yaml @@ -26,7 +26,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 @@ -43,7 +43,7 @@ jobs: name: Live smoke (${{ inputs.provider }}, ${{ inputs.effort }}) runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/test-auto-approve-bot-prs.yaml b/.github/workflows/test-auto-approve-bot-prs.yaml index 6c94ad6..27f2d08 100644 --- a/.github/workflows/test-auto-approve-bot-prs.yaml +++ b/.github/workflows/test-auto-approve-bot-prs.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 @@ -31,7 +31,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: ./.github/actions/auto-approve-bot-prs diff --git a/.github/workflows/test-aws-test-infra.yaml b/.github/workflows/test-aws-test-infra.yaml index 3a73932..b146326 100644 --- a/.github/workflows/test-aws-test-infra.yaml +++ b/.github/workflows/test-aws-test-infra.yaml @@ -15,10 +15,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: .github/actions/aws-test-infra/src/go.mod - name: Run tests diff --git a/.github/workflows/test-ci-test-notify.yaml b/.github/workflows/test-ci-test-notify.yaml index b7cb654..b4b9034 100644 --- a/.github/workflows/test-ci-test-notify.yaml +++ b/.github/workflows/test-ci-test-notify.yaml @@ -12,7 +12,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-cleanup-head-charts.yaml b/.github/workflows/test-cleanup-head-charts.yaml index c533d83..8a70fe2 100644 --- a/.github/workflows/test-cleanup-head-charts.yaml +++ b/.github/workflows/test-cleanup-head-charts.yaml @@ -13,7 +13,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-go-licenses.yaml b/.github/workflows/test-go-licenses.yaml index dd65dc7..9d88fdd 100644 --- a/.github/workflows/test-go-licenses.yaml +++ b/.github/workflows/test-go-licenses.yaml @@ -13,7 +13,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-govulncheck.yaml b/.github/workflows/test-govulncheck.yaml index 828ae5c..171cf66 100644 --- a/.github/workflows/test-govulncheck.yaml +++ b/.github/workflows/test-govulncheck.yaml @@ -13,7 +13,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-linear-pr-commenter.yaml b/.github/workflows/test-linear-pr-commenter.yaml index f84e16c..80aa10f 100644 --- a/.github/workflows/test-linear-pr-commenter.yaml +++ b/.github/workflows/test-linear-pr-commenter.yaml @@ -15,10 +15,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: .github/actions/linear-pr-commenter/src/go.mod - run: go test ./... diff --git a/.github/workflows/test-linear-release-sync.yaml b/.github/workflows/test-linear-release-sync.yaml index ad20948..cc3d3ce 100644 --- a/.github/workflows/test-linear-release-sync.yaml +++ b/.github/workflows/test-linear-release-sync.yaml @@ -15,10 +15,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: .github/actions/linear-release-sync/src/go.mod - name: Run tests diff --git a/.github/workflows/test-link-backport-prs.yaml b/.github/workflows/test-link-backport-prs.yaml index 689dae1..b8b928e 100644 --- a/.github/workflows/test-link-backport-prs.yaml +++ b/.github/workflows/test-link-backport-prs.yaml @@ -18,10 +18,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version-file: .github/actions/link-backport-prs/src/go.mod - run: go test ./... diff --git a/.github/workflows/test-parse-label-filter.yaml b/.github/workflows/test-parse-label-filter.yaml index 443acbc..fb6bbf3 100644 --- a/.github/workflows/test-parse-label-filter.yaml +++ b/.github/workflows/test-parse-label-filter.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 @@ -25,7 +25,7 @@ jobs: name: Composite smoke (parse + skip decision) runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/test-publish-helm-chart.yaml b/.github/workflows/test-publish-helm-chart.yaml index 811ddf2..a0533fb 100644 --- a/.github/workflows/test-publish-helm-chart.yaml +++ b/.github/workflows/test-publish-helm-chart.yaml @@ -13,7 +13,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1 diff --git a/.github/workflows/test-release-branch-freeze.yaml b/.github/workflows/test-release-branch-freeze.yaml index 81c3774..f80cd80 100644 --- a/.github/workflows/test-release-branch-freeze.yaml +++ b/.github/workflows/test-release-branch-freeze.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-release-notification.yaml b/.github/workflows/test-release-notification.yaml index 1f468f2..c450aee 100644 --- a/.github/workflows/test-release-notification.yaml +++ b/.github/workflows/test-release-notification.yaml @@ -14,7 +14,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-repository-dispatch.yaml b/.github/workflows/test-repository-dispatch.yaml index 625b6b6..1ce3fed 100644 --- a/.github/workflows/test-repository-dispatch.yaml +++ b/.github/workflows/test-repository-dispatch.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-run-ginkgo.yaml b/.github/workflows/test-run-ginkgo.yaml index 1c8140c..8bca076 100644 --- a/.github/workflows/test-run-ginkgo.yaml +++ b/.github/workflows/test-run-ginkgo.yaml @@ -12,7 +12,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-semver-validation.yaml b/.github/workflows/test-semver-validation.yaml index 93ad14a..d6512f1 100644 --- a/.github/workflows/test-semver-validation.yaml +++ b/.github/workflows/test-semver-validation.yaml @@ -15,7 +15,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 diff --git a/.github/workflows/test-sticky-pr-comment.yaml b/.github/workflows/test-sticky-pr-comment.yaml index ecb35cf..74a1716 100644 --- a/.github/workflows/test-sticky-pr-comment.yaml +++ b/.github/workflows/test-sticky-pr-comment.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 @@ -28,7 +28,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false diff --git a/.github/workflows/test-subtree-mirror.yaml b/.github/workflows/test-subtree-mirror.yaml index 1518c29..d846809 100644 --- a/.github/workflows/test-subtree-mirror.yaml +++ b/.github/workflows/test-subtree-mirror.yaml @@ -13,7 +13,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/test-vcluster-release.yaml b/.github/workflows/test-vcluster-release.yaml index 66259cd..80e458d 100644 --- a/.github/workflows/test-vcluster-release.yaml +++ b/.github/workflows/test-vcluster-release.yaml @@ -14,7 +14,7 @@ jobs: name: Run bats tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - uses: bats-core/bats-action@77d6fb60505b4d0d1d73e48bd035b55074bbfb43 # 4.0.0 diff --git a/.github/workflows/validate-renovate.yaml b/.github/workflows/validate-renovate.yaml index 2133496..378ec3e 100644 --- a/.github/workflows/validate-renovate.yaml +++ b/.github/workflows/validate-renovate.yaml @@ -12,13 +12,13 @@ jobs: pull-requests: read steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - name: Get changed Renovate config files id: changed-files - uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 + uses: dorny/paths-filter@7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2 with: filters: | renovate: