diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bf0acb5..2404ff2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: raw.githubusercontent.com:443 - name: Checkout repo - uses: actions/checkout@6b42224f41ee5dfe5395e27c8b2746f1f9955030 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 with: fetch-depth: 0 - name: Setup Go @@ -34,7 +34,7 @@ jobs: # Linting - name: Linting - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 + uses: golangci/golangci-lint-action@3d4174dbf50df14928520a1fe4462fa98338d311 with: version: latest args: --config=./.github/.golangci.yml ./... @@ -59,7 +59,7 @@ jobs: sum.golang.org:443 - name: Checkout repo - uses: actions/checkout@6b42224f41ee5dfe5395e27c8b2746f1f9955030 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 with: fetch-depth: 0 - name: Setup Go @@ -92,7 +92,7 @@ jobs: storage.googleapis.com:443 - name: Checkout repo - uses: actions/checkout@6b42224f41ee5dfe5395e27c8b2746f1f9955030 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 with: fetch-depth: 0 - name: Setup Go @@ -106,7 +106,7 @@ jobs: # Codecov - name: Codecov - uses: codecov/codecov-action@68708a9f7a6b6b5fe33673f782f93725c5eff3c6 + uses: codecov/codecov-action@1f30f8b7576840249fdd6164afd42b97cb1af0ab env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: @@ -114,7 +114,7 @@ jobs: # Sonar - name: SonarCloud Scan - uses: SonarSource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 + uses: SonarSource/sonarcloud-github-action@9f9bba2c7aaf7a55eac26abbac906c3021d211b2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 874b01c..d8d751b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,16 +31,16 @@ jobs: api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443 - name: Checkout repository - uses: actions/checkout@6b42224f41ee5dfe5395e27c8b2746f1f9955030 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@7cf65a5b2e089b7207c678633bc4a42884847231 + uses: github/codeql-action/init@ea2cd92c21b192add69983116b8b3222b09da33b with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@7cf65a5b2e089b7207c678633bc4a42884847231 + uses: github/codeql-action/autobuild@ea2cd92c21b192add69983116b8b3222b09da33b - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7cf65a5b2e089b7207c678633bc4a42884847231 + uses: github/codeql-action/analyze@ea2cd92c21b192add69983116b8b3222b09da33b diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6cf1f2d..218e9c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -38,7 +38,7 @@ jobs: www.bestpractices.dev:443 - name: "Checkout code" - uses: actions/checkout@6b42224f41ee5dfe5395e27c8b2746f1f9955030 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 with: persist-credentials: false @@ -61,7 +61,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3eadd8b791cabf7cd572f194da82158c24125bd8 + uses: actions/upload-artifact@184d73b71b93c222403b2e7f1ffebe4508014249 with: name: SARIF file path: results.sarif @@ -69,6 +69,6 @@ jobs: # required for Code scanning alerts - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@7cf65a5b2e089b7207c678633bc4a42884847231 + uses: github/codeql-action/upload-sarif@ea2cd92c21b192add69983116b8b3222b09da33b with: sarif_file: results.sarif