diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 76f201d48..66eeb4771 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -53,7 +53,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: languages: ${{ matrix.language }} tools: latest @@ -65,7 +65,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/autobuild@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -79,4 +79,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 diff --git a/.github/workflows/parser-update.yaml b/.github/workflows/parser-update.yaml index 3a5e7c1f7..366cb88a7 100644 --- a/.github/workflows/parser-update.yaml +++ b/.github/workflows/parser-update.yaml @@ -97,7 +97,7 @@ jobs: - name: Create PR if: steps.versions.outputs.should_update == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update parser to ${{ steps.versions.outputs.latest }}" diff --git a/.github/workflows/pre-main.yaml b/.github/workflows/pre-main.yaml index 8c6765836..b69dff7b8 100644 --- a/.github/workflows/pre-main.yaml +++ b/.github/workflows/pre-main.yaml @@ -67,10 +67,10 @@ jobs: chmod +x $CM_BIN - name: Install Shfmt - uses: mfinelli/setup-shfmt@4f96029d5d3b7e1d2fd0ac5916f01a8d732e71d0 # v4.0.0 + uses: mfinelli/setup-shfmt@a25fda4c1fe115aec0f85e04126610841bc3141d # v4.0.1 - name: Golangci-lint - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 + uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0 with: args: --timeout 10m0s @@ -78,7 +78,7 @@ jobs: run: checkmake --config=.checkmake Makefile - name: Hadolint - uses: hadolint/hadolint-action@3fc49fb50d59c6ab7917a2e4195dba633e515b29 # v3.2.0 + uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 with: dockerfile: Dockerfile recursive: true diff --git a/.github/workflows/probe-update.yaml b/.github/workflows/probe-update.yaml index 5abfceee4..c33c35e1f 100644 --- a/.github/workflows/probe-update.yaml +++ b/.github/workflows/probe-update.yaml @@ -104,7 +104,7 @@ jobs: - name: Create PR if: steps.versions.outputs.should_update == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update certsuite-probe to ${{ steps.versions.outputs.latest }}" diff --git a/.github/workflows/qe-ocp-418-intrusive.yaml b/.github/workflows/qe-ocp-418-intrusive.yaml index 3004fb0fb..99f223662 100644 --- a/.github/workflows/qe-ocp-418-intrusive.yaml +++ b/.github/workflows/qe-ocp-418-intrusive.yaml @@ -99,7 +99,7 @@ jobs: exit 1 - name: Deploy the OCP Cluster - uses: palmsoftware/quick-ocp@v0.0.18 + uses: palmsoftware/quick-ocp@v0.0.23 with: ocpPullSecret: $OCP_PULL_SECRET bundleCache: true diff --git a/.github/workflows/qe-ocp-418.yaml b/.github/workflows/qe-ocp-418.yaml index 2731f97cb..b55542eec 100644 --- a/.github/workflows/qe-ocp-418.yaml +++ b/.github/workflows/qe-ocp-418.yaml @@ -98,7 +98,7 @@ jobs: exit 1 - name: Deploy the OCP Cluster - uses: palmsoftware/quick-ocp@v0.0.18 + uses: palmsoftware/quick-ocp@v0.0.23 with: ocpPullSecret: $OCP_PULL_SECRET bundleCache: true diff --git a/.github/workflows/qe-ocp-419-intrusive.yaml b/.github/workflows/qe-ocp-419-intrusive.yaml index 93e94e45f..a8d320ccc 100644 --- a/.github/workflows/qe-ocp-419-intrusive.yaml +++ b/.github/workflows/qe-ocp-419-intrusive.yaml @@ -99,7 +99,7 @@ jobs: exit 1 - name: Deploy the OCP Cluster - uses: palmsoftware/quick-ocp@v0.0.18 + uses: palmsoftware/quick-ocp@v0.0.23 with: ocpPullSecret: $OCP_PULL_SECRET bundleCache: true diff --git a/.github/workflows/qe-ocp-419.yaml b/.github/workflows/qe-ocp-419.yaml index e0b6e4e9e..bb7379f44 100644 --- a/.github/workflows/qe-ocp-419.yaml +++ b/.github/workflows/qe-ocp-419.yaml @@ -98,7 +98,7 @@ jobs: exit 1 - name: Deploy the OCP Cluster - uses: palmsoftware/quick-ocp@v0.0.18 + uses: palmsoftware/quick-ocp@v0.0.23 with: ocpPullSecret: $OCP_PULL_SECRET bundleCache: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3076718de..ad6776afc 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -38,7 +38,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif @@ -69,6 +69,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 with: sarif_file: results.sarif diff --git a/.github/workflows/update-rhcos-mapping.yml b/.github/workflows/update-rhcos-mapping.yml index 4bb944e61..e599a7334 100644 --- a/.github/workflows/update-rhcos-mapping.yml +++ b/.github/workflows/update-rhcos-mapping.yml @@ -55,7 +55,7 @@ jobs: run: make test - name: Create PR - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 env: GITHUB_TOKEN: ${{ secrets.UPDATE_CERTIFIED_DB_TOKEN }} with: