diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 26a6f16..0291dd0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: name: Lint runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd + - uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8 with: disable-sudo: true egress-policy: block @@ -34,7 +34,7 @@ jobs: # Linting - name: Linting - uses: golangci/golangci-lint-action@d09fb0808ae08b4310fe3140992ba2475deac1c0 + uses: golangci/golangci-lint-action@9f3ba2c3a8aadb9f3c42d252c4c227a6b0d98539 with: version: latest args: --config=./.github/.golangci.yml ./... @@ -48,7 +48,7 @@ jobs: matrix: go: [ '1.22', '1.21' ] steps: - - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd + - uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8 with: disable-sudo: true egress-policy: block @@ -75,7 +75,7 @@ jobs: name: Analyze runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd + - uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8 with: disable-sudo: true egress-policy: block @@ -106,7 +106,7 @@ jobs: # Codecov - name: Codecov - uses: codecov/codecov-action@e1b169f2838f7e502ad9f222fbc6ed3e2594e003 + uses: codecov/codecov-action@cdaae0e2435e46624586ebce3148ef71c76c886e env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 703a615..f06392a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,7 +23,7 @@ jobs: fail-fast: false steps: - - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd + - uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8 with: disable-sudo: true egress-policy: block @@ -35,12 +35,12 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c2585eca08d6e40bf455acae5248e197cdd25de1 + uses: github/codeql-action/init@44534b787f11b377674fc4c09b1985db5366d9fb with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@c2585eca08d6e40bf455acae5248e197cdd25de1 + uses: github/codeql-action/autobuild@44534b787f11b377674fc4c09b1985db5366d9fb - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c2585eca08d6e40bf455acae5248e197cdd25de1 + uses: github/codeql-action/analyze@44534b787f11b377674fc4c09b1985db5366d9fb diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 24dadbf..f78b581 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -22,7 +22,7 @@ jobs: id-token: write steps: - - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd + - uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8 with: disable-sudo: true egress-policy: block @@ -43,7 +43,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@873d5fdf63bc863d140f57ed481e6a297324030b + uses: ossf/scorecard-action@a46b90b4caca61e2298cc4a9bd4c90d3dfe7f09d with: results_file: results.sarif results_format: sarif @@ -69,6 +69,6 @@ jobs: # required for Code scanning alerts - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@c2585eca08d6e40bf455acae5248e197cdd25de1 + uses: github/codeql-action/upload-sarif@44534b787f11b377674fc4c09b1985db5366d9fb with: sarif_file: results.sarif