diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml index b3ab6775..4b17536b 100644 --- a/.github/workflows/build-docs.yaml +++ b/.github/workflows/build-docs.yaml @@ -18,7 +18,7 @@ jobs: pages: write steps: - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + - uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0 with: python-version: 3.x - run: pip install mkdocs-material==9.* diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c9ee094f..24ab30a3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -81,7 +81,7 @@ jobs: MODULE_NAME=${{ inputs.module-name }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # 0.13.1 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} severity: "CRITICAL" @@ -90,7 +90,7 @@ jobs: timeout: 15m - name: Save Trivy vulnerability attestation - uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # 0.13.1 + uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} exit-code: "0" @@ -167,7 +167,7 @@ jobs: path: /tmp - name: Install Cosign - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 + uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 - name: Sign image run: | diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index 211ac2fb..e5dcb09b 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -18,7 +18,7 @@ jobs: - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 + uses: lycheeverse/lychee-action@c3089c702fbb949e3f7a8122be0c33c017904f9b # v1.9.1 with: args: "--config=.lychee.toml ." env: @@ -26,7 +26,7 @@ jobs: - name: Look for an existing issue id: last-issue - uses: micalevisk/last-issue-action@305829d9728f47beb0029417167a0af890edfd6e # v2.1.0 + uses: micalevisk/last-issue-action@0d40124cc99ac8601c2516007f0c98ef3d27537b # v2.3.0 with: state: open labels: link-check diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index d5e84ce1..0f56d324 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -10,7 +10,7 @@ permissions: read-all jobs: lint: runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143 + container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64 steps: - name: Add workspace as safe directory run: | diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml index e017434e..bc83b2ba 100644 --- a/.github/workflows/lint-pr-title.yaml +++ b/.github/workflows/lint-pr-title.yaml @@ -14,7 +14,7 @@ jobs: name: Validate PR title runs-on: ubuntu-22.04 steps: - - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 264c374d..fec2232e 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -40,7 +40,7 @@ jobs: id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://oxsecurity.github.io/megalinter/flavors/ - uses: oxsecurity/megalinter@b48455a119cc28045eee8f1e9d0a542a85e71f4f # v7.5.0 + uses: oxsecurity/megalinter@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0 env: # All available variables are described in documentation # https://oxsecurity.github.io/megalinter/configuration/ diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 10665d64..380fbd8b 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -14,7 +14,7 @@ jobs: contents: write pull-requests: write steps: - - uses: google-github-actions/release-please-action@4c5670f886fe259db4d11222f7dff41c1382304d # v3.7.12 + - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3.7.13 with: token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} release-type: simple diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c5e4a1f9..6e659f8d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 + uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 - name: Add helm repos and update deps run: | @@ -101,7 +101,7 @@ jobs: publish-kyverno-policies: name: publish kyverno policies runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143 + container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64 continue-on-error: true steps: - name: Checkout diff --git a/.github/workflows/reset-chart-changelog-annotations.yaml b/.github/workflows/reset-chart-changelog-annotations.yaml index 48f7aa1d..592b7a3a 100644 --- a/.github/workflows/reset-chart-changelog-annotations.yaml +++ b/.github/workflows/reset-chart-changelog-annotations.yaml @@ -16,7 +16,7 @@ jobs: reset-commit-and-push: name: reset changelog annotations, commit, and push runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143 + container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64 permissions: contents: write steps: diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 31a476f5..49afbbfb 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 + uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0 with: sarif_file: results.sarif diff --git a/.github/workflows/validate-fhir-resources.yaml b/.github/workflows/validate-fhir-resources.yaml index b116e8d1..92de2ae9 100644 --- a/.github/workflows/validate-fhir-resources.yaml +++ b/.github/workflows/validate-fhir-resources.yaml @@ -12,7 +12,7 @@ jobs: validate-fhir-resource: name: Validate FHIR resources runs-on: ubuntu-22.04 - container: ghcr.io/miracum/ig-build-tools:v2.0.9@sha256:da4a32b4a33a7de616a5066e4ce249045a739ea53cb9ac9feb6fa0a97634cd0c + container: ghcr.io/miracum/ig-build-tools:v2.0.16@sha256:a0bf140a7a7e2698b78eef2e9e186e7196fc725ee019182ca1275113c4b547f9 steps: - name: Checkout code uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml index 45c9e1b3..43814487 100644 --- a/.github/workflows/yamllint.yaml +++ b/.github/workflows/yamllint.yaml @@ -18,7 +18,7 @@ jobs: yamllint: runs-on: ubuntu-22.04 # contains yamllint - container: ghcr.io/chgl/kube-powertools:v2.2.16@sha256:035b8890d3ab4a81be5d5734c53e06cb32cbdecef2a732a9f0da379df391b143 + container: ghcr.io/chgl/kube-powertools:v2.2.30@sha256:f191b2e955d2b63995ee67d054b70699bee876024cff831fb6de163078e61e64 steps: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0