diff --git a/.github/workflows/_e2e.yaml b/.github/workflows/_e2e.yaml index 5ebe68c41233..55b80177afa9 100644 --- a/.github/workflows/_e2e.yaml +++ b/.github/workflows/_e2e.yaml @@ -57,7 +57,7 @@ jobs: make build - run: | make -j build/distributions - - uses: nick-fields/retry@v3 + - uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 id: retry with: max_attempts: 3 diff --git a/.github/workflows/ci-stability.yaml b/.github/workflows/ci-stability.yaml index 55b148cc1f31..d1b82d9650d3 100644 --- a/.github/workflows/ci-stability.yaml +++ b/.github/workflows/ci-stability.yaml @@ -27,7 +27,7 @@ jobs: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 token: ${{ steps.github-app-token.outputs.token }} diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 0c362f8e5f3e..234edeb13705 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -2,7 +2,7 @@ name: "CodeQL" on: workflow_dispatch: {} schedule: - - cron: '35 3 * * *' + - cron: '35 3 * * *' # Runs daily at 3:35 AM UTC permissions: contents: read jobs: @@ -12,7 +12,6 @@ jobs: runs-on: ubuntu-24.04 permissions: actions: read - contents: read security-events: write strategy: fail-fast: false diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a3e06d6725f9..ee61b4eaf0f6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -7,7 +7,7 @@ on: # To guarantee Maintained check is occasionally updated. See # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: '35 3 * * *' + - cron: '35 3 * * *' # Runs daily at 3:35 AM UTC # Declare default permissions as read only. permissions: read-all jobs: diff --git a/mk/dependencies/deps.lock b/mk/dependencies/deps.lock index 0eefc2d5a75b..dc70a74e6bcc 100644 --- a/mk/dependencies/deps.lock +++ b/mk/dependencies/deps.lock @@ -1 +1 @@ -650221a6ce7da324ec2e7f61246f2ac54129d9eb +7480f69e6cbb63f27535ac9fa36463436b11c130 diff --git a/mk/dependencies/golangci-lint.sh b/mk/dependencies/golangci-lint.sh index 18f7625fefa9..4dafbf35ea05 100755 --- a/mk/dependencies/golangci-lint.sh +++ b/mk/dependencies/golangci-lint.sh @@ -14,4 +14,4 @@ if [ -e "${golangcilint}" ] && [ "v$(${golangcilint} version --format short)" == echo "golangci-lint ${VERSION} is already installed at ${OUTPUT_BIN_DIR}" exit fi -curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${OUTPUT_BIN_DIR}" "${VERSION}" +curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/e68d278319b6d0a68680e3389bc0576ef39ec02b/install.sh | sh -s -- -b "${OUTPUT_BIN_DIR}" "${VERSION}" diff --git a/mk/dependencies/helm.sh b/mk/dependencies/helm.sh index 09ff2a724178..f20b76529d5c 100755 --- a/mk/dependencies/helm.sh +++ b/mk/dependencies/helm.sh @@ -5,7 +5,7 @@ set -e OUTPUT_DIR=$1/bin VERSION="3.8.2" export PATH="$OUTPUT_DIR:$PATH" # install script checks if helm is in your path -curl --fail --location -s https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | \ +curl --fail --location -s https://raw.githubusercontent.com/helm/helm/ad9768402951f48f61e1ecbea0c1894456d63a2a/scripts/get-helm-3 | \ HELM_INSTALL_DIR=${OUTPUT_DIR} DESIRED_VERSION=v${VERSION} USE_SUDO=false bash CR_VERSION="1.3.0" diff --git a/mk/dependencies/k3d.sh b/mk/dependencies/k3d.sh index 0fec1e1bc576..0005a637b8ca 100755 --- a/mk/dependencies/k3d.sh +++ b/mk/dependencies/k3d.sh @@ -8,7 +8,6 @@ VERSION="5.7.4" if [[ $2 == "get-version" ]]; then echo ${VERSION} else - # see https://raw.githubusercontent.com/rancher/k3d/main/install.sh - curl --fail --location -s https://raw.githubusercontent.com/rancher/k3d/main/install.sh | \ + curl --fail --location -s https://raw.githubusercontent.com/rancher/k3d/4709d6adb24b23721f471e667e7301fa673b5efc/install.sh | \ PATH=${OUTPUT_DIR}:${PATH} TAG=v${VERSION} USE_SUDO="false" K3D_INSTALL_DIR="${OUTPUT_DIR}" bash fi