diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml index 2afb0fe461e..ad556955241 100644 --- a/.github/workflows/benchmark.yaml +++ b/.github/workflows/benchmark.yaml @@ -35,7 +35,7 @@ jobs: [Running benchmark here...](${{ github.server.url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) - name: Check out base code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 with: ref: ${{ github.base_ref }} @@ -43,7 +43,7 @@ jobs: run: make benchmark-test BENCHMARK_FILE_NAME="../base_benchmarks.txt" - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 - name: Run benchmark with incoming changes run: make benchmark-test BENCHMARK_FILE_NAME="pr_benchmarks.txt" diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 07ba9e05ab8..f62cdf2c656 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -22,15 +22,15 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Initialize CodeQL - uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 + uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 + uses: github/codeql-action/autobuild@ddccb873888234080b77e9bc2d4764d5ccaaccf9 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 + uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 diff --git a/.github/workflows/dapr-pubsub.yaml b/.github/workflows/dapr-pubsub.yaml index 03e5e3fc2e3..f3b08335271 100644 --- a/.github/workflows/dapr-pubsub.yaml +++ b/.github/workflows/dapr-pubsub.yaml @@ -20,7 +20,7 @@ jobs: DAPR_VERSION: ["1.10"] steps: - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Set up Go 1.20 uses: actions/setup-go@v4 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3624e8c745c..ec2b06f1278 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,6 +22,6 @@ jobs: egress-policy: audit - name: 'Checkout Repository' - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8 + uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0 diff --git a/.github/workflows/license-lint.yaml b/.github/workflows/license-lint.yaml index a5d4f2b2278..77bb2192e62 100644 --- a/.github/workflows/license-lint.yaml +++ b/.github/workflows/license-lint.yaml @@ -33,7 +33,7 @@ jobs: go-version: "1.20" - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 - name: license-lint run: | diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index 92bd45f1b55..5bce6c558f9 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -24,7 +24,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Publish development run: | diff --git a/.github/workflows/release-pr.yaml b/.github/workflows/release-pr.yaml index 3ca2db4ef54..e2228c1c1ff 100644 --- a/.github/workflows/release-pr.yaml +++ b/.github/workflows/release-pr.yaml @@ -59,7 +59,7 @@ jobs: echo "TARGET_BRANCH=master" >> ${GITHUB_ENV} fi - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 with: fetch-depth: 0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4eeda1501cf..8b634ff5fa5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -27,7 +27,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Set up Go 1.20 uses: actions/setup-go@v4 # v4.0.1 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2a7152ef414..f37881f91c4 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -36,7 +36,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 with: persist-credentials: false @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 + uses: github/codeql-action/upload-sarif@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9 with: sarif_file: results.sarif diff --git a/.github/workflows/upgrade.yaml b/.github/workflows/upgrade.yaml index 8c172942ca7..8d35cd50316 100644 --- a/.github/workflows/upgrade.yaml +++ b/.github/workflows/upgrade.yaml @@ -30,7 +30,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Bootstrap e2e run: | diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml index e0f5ad72d01..47d165a2cf0 100644 --- a/.github/workflows/website.yaml +++ b/.github/workflows/website.yaml @@ -29,7 +29,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Setup Node uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 @@ -41,7 +41,7 @@ jobs: run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT - name: Cache dependencies - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ${{ steps.yarn-cache.outputs.dir }} key: ${{ runner.os }}-website-${{ hashFiles('**/yarn.lock') }} diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 1aeb46393e9..5553861d8e4 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -42,7 +42,7 @@ jobs: go-version: "1.20" - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # source: https://github.com/golangci/golangci-lint-action - name: golangci-lint @@ -67,7 +67,7 @@ jobs: go-version: "1.20" - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Unit test run: make native-test @@ -90,7 +90,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.2 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 - name: Set up Go 1.20 uses: actions/setup-go@v4 # v4.0.1 with: @@ -119,7 +119,7 @@ jobs: go-version: "1.20" - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Download e2e dependencies run: | @@ -144,7 +144,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Set up Go 1.20 uses: actions/setup-go@v4 # v4.0.1 @@ -202,7 +202,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Bootstrap e2e run: | @@ -264,7 +264,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Set up Go 1.20 uses: actions/setup-go@v4 # v4.0.1 @@ -322,7 +322,7 @@ jobs: egress-policy: audit - name: Check out code into the Go module directory - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 - name: Download trivy run: |