diff --git a/.github/workflows/add-milestone-to-pull-requests.yaml b/.github/workflows/add-milestone-to-pull-requests.yaml index 096a67938f1..b0e166a2907 100644 --- a/.github/workflows/add-milestone-to-pull-requests.yaml +++ b/.github/workflows/add-milestone-to-pull-requests.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Add milestone to merged pull requests - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0 with: retries: 3 retry-exempt-status-codes: 400,401 diff --git a/.github/workflows/analyze-changes.yaml b/.github/workflows/analyze-changes.yaml index f6db550780b..e2c376007d4 100644 --- a/.github/workflows/analyze-changes.yaml +++ b/.github/workflows/analyze-changes.yaml @@ -35,7 +35,7 @@ jobs: ${{ runner.os }}-gradle- - name: Initialize CodeQL - uses: github/codeql-action/init@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5 + uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 with: languages: 'java' build-mode: 'manual' @@ -52,7 +52,7 @@ jobs: --build-cache --parallel --stacktrace --no-daemon --max-workers=4 - name: Perform CodeQL Analysis and upload results to GitHub Security tab - uses: github/codeql-action/analyze@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5 + uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 trivy: name: Analyze changes with Trivy @@ -102,7 +102,7 @@ jobs: ls -laR "./workspace/.trivy" - name: Run Trivy security scanner - uses: aquasecurity/trivy-action@f9424c10c36e288d5fa79bd3dfd1aeb2d6eae808 # v0.33.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 with: scan-type: rootfs scan-ref: './workspace/.trivy/' @@ -115,7 +115,7 @@ jobs: TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.29.5 + uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.29.5 if: always() with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/check-pull-requests.yaml b/.github/workflows/check-pull-requests.yaml index 88c48651ec3..803900f2bc6 100644 --- a/.github/workflows/check-pull-requests.yaml +++ b/.github/workflows/check-pull-requests.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check pull requests - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/comment-on-submodule-update.yaml b/.github/workflows/comment-on-submodule-update.yaml index c4402d65411..336e15f9b05 100644 --- a/.github/workflows/comment-on-submodule-update.yaml +++ b/.github/workflows/comment-on-submodule-update.yaml @@ -17,7 +17,7 @@ jobs: steps: - name: Post comment on submodule update - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/draft-release-notes-on-tag.yaml b/.github/workflows/draft-release-notes-on-tag.yaml index 001db880ac7..f0dec1a1ae9 100644 --- a/.github/workflows/draft-release-notes-on-tag.yaml +++ b/.github/workflows/draft-release-notes-on-tag.yaml @@ -13,7 +13,7 @@ jobs: steps: - name: Get milestone title id: milestoneTitle - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0 with: result-encoding: string script: | diff --git a/.github/workflows/increment-milestone-on-tag.yaml b/.github/workflows/increment-milestone-on-tag.yaml index 40a32b577b3..8be620e0612 100644 --- a/.github/workflows/increment-milestone-on-tag.yaml +++ b/.github/workflows/increment-milestone-on-tag.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Close current milestone id: close-milestone - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0 with: script: | // Get the milestone title ("X.Y.Z") from tag name ("vX.Y.Z") diff --git a/.github/workflows/prune-old-pull-requests.yaml b/.github/workflows/prune-old-pull-requests.yaml index b854cde3aa0..ca3751c3c8f 100644 --- a/.github/workflows/prune-old-pull-requests.yaml +++ b/.github/workflows/prune-old-pull-requests.yaml @@ -13,7 +13,7 @@ jobs: pull-requests: write steps: - name: Prune old pull requests - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 + uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0 with: days-before-stale: -1 # Disable general stale bot days-before-pr-stale: 90 # Only enable stale bot for PRs with no activity for 90 days diff --git a/.github/workflows/update-issues-on-release.yaml b/.github/workflows/update-issues-on-release.yaml index 0ab48b9aa5e..348a6a3a0ad 100644 --- a/.github/workflows/update-issues-on-release.yaml +++ b/.github/workflows/update-issues-on-release.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Get milestone for release - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # 7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # 8.0.0 with: github-token: ${{secrets.GITHUB_TOKEN}} script: |