diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 6284ef51a..8e8810d61 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -40,7 +40,7 @@ jobs: go-version: '~1.20' - name: ⬇️ Check out code into the Go module directory - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - name: 🏗️ Compile run: make compile diff --git a/.github/workflows/conventional_commit.yml b/.github/workflows/conventional_commit.yml index 7348c535e..6f0f3512c 100644 --- a/.github/workflows/conventional_commit.yml +++ b/.github/workflows/conventional_commit.yml @@ -14,7 +14,7 @@ jobs: contents: read checks: write steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 with: fetch-depth: 0 - name: Commitsar check diff --git a/.github/workflows/dependencies-and-licenses.yml b/.github/workflows/dependencies-and-licenses.yml index 32c76f038..b9278f542 100644 --- a/.github/workflows/dependencies-and-licenses.yml +++ b/.github/workflows/dependencies-and-licenses.yml @@ -13,7 +13,7 @@ jobs: contents: write steps: - name: Checkout Core Repo - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - name: Set up Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe #v4.1.0 with: diff --git a/.github/workflows/end-to-end-test.yml b/.github/workflows/end-to-end-test.yml index 027da5ed4..261b477d1 100644 --- a/.github/workflows/end-to-end-test.yml +++ b/.github/workflows/end-to-end-test.yml @@ -38,14 +38,14 @@ jobs: - name: Check out base repo if: github.event.action != 'labeled' - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 # If a PR was reviewed and deemed safe to run in the context of our repo and it's secrets, we label it to trigger E2E tests. # In that case this Action is triggered in pull_request_target context and checks out the HEAD of the PR branch. # This is a semi-secure manually reviewed way to ensure we only run code we're fine accessing our secrets - name: Check out PR # nosemgrep:yaml.github-actions.security.pull-request-target-code-checkout.pull-request-target-code-checkout if: github.event.action == 'labeled' && github.event.label.name == env.E2E_TEST_LABEL - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/pr-static-code-analysis.yml b/.github/workflows/pr-static-code-analysis.yml index 9c82d303a..48ef27008 100644 --- a/.github/workflows/pr-static-code-analysis.yml +++ b/.github/workflows/pr-static-code-analysis.yml @@ -24,7 +24,7 @@ jobs: go-version: '~1.20' - name: ⬇️ Check out code into the Go module directory - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 - name: ✍️ Check format run: make lint diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 802930d75..b8b6c9ba6 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -26,7 +26,7 @@ jobs: steps: # Fetch project source with GitHub Actions Checkout. - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 #v4.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 # Run the "semgrep ci" command on the command line of the docker image. - run: semgrep ci env: