github: Use/update SHA1 pinning

Signed-off-by: hamistao <[email protected]>
canonical · Nov 13, 2024 · 7aba286 · 7aba286
1 parent 555cfdf
commit 7aba286
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -23,7 +23,7 @@ jobs:
     if: ${{ github.ref_name == 'main' }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: main
 
@@ -37,7 +37,7 @@ jobs:
 
       - name: Use previous downloaded database
         if: ${{ steps.db_download.outcome == 'failure' }}
-        uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: /home/runner/vuln-cache
           key: trivy-latest-cache
@@ -53,13 +53,13 @@ jobs:
 
       - name: Cache Trivy vulnerability database
         if: ${{ steps.db_download.outcome == 'success' }}
-        uses: actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: /home/runner/vuln-cache
           key: trivy-latest-cache
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           sarif_file: "trivy-microcloud-repo-scan-results.sarif"
           sha: ${{ github.sha }}
@@ -76,15 +76,15 @@ jobs:
           - "latest"
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ (matrix.version == 'latest' && 'main') || format('stable-{0}', matrix.version) }}
 
       - name: Install Trivy
         uses: canonical/lxd/.github/actions/install-trivy@main
 
       - name: Restore cached Trivy vulnerability database
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: /home/runner/vuln-cache
           key: trivy-latest-cache
@@ -109,7 +109,7 @@ jobs:
           mv tmp.json ${{ matrix.version }}-stable.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           sarif_file: "${{ matrix.version }}-stable.sarif"
           sha: ${{ github.sha }}