diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a3d1c59..e8cbfa4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,13 +22,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - # Initializes the CodeQL tools for scanning. name: Initialize CodeQL - uses: github/codeql-action/init@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: languages: ${{ matrix.language }} - name: Analyze ${{ matrix.language }} - uses: github/codeql-action/analyze@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 79a7047..bd51a8b 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -16,10 +16,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Identify all-time contributors to this repository - uses: github/contributors@8b7586939baa0af4e801dbd22c88adf6e0db8915 # v1.7.5 + uses: github/contributors@abf36819e840f6e8056dcd40d33003ce7c4bc8dd # v1.7.6 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} REPOSITORY: ${{ github.repository }} @@ -32,7 +32,7 @@ jobs: - name: Create a PR id: create-pull-request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 with: commit-message: "doc: updated contributors file" branch: doc/contributors-bot diff --git a/.github/workflows/doc-update.yml b/.github/workflows/doc-update.yml index e343a4d..dc02584 100644 --- a/.github/workflows/doc-update.yml +++ b/.github/workflows/doc-update.yml @@ -57,7 +57,7 @@ jobs: steps: - name: Originating repo checkout (e.g. public fork) - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.sha }} - @@ -85,12 +85,12 @@ jobs: steps: - name: Originating repo checkout (e.g. public fork) - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout markdown config - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: go-openapi/ci-workflows ref: master # TODO: retrieve workflow ref @@ -156,12 +156,12 @@ jobs: report: ${{ steps.report-exists.outputs.report }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.sha }} - name: Checkout spellcheck config - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: go-openapi/ci-workflows ref: master # TODO: retrieve workflow ref @@ -178,7 +178,7 @@ jobs: cp ci-tools/${{ env.spellcheck_dict }} ${{ env.spellcheck_dict }} - name: Spellcheck - uses: rojopolis/spellcheck-github-actions@0.51.0 + uses: rojopolis/spellcheck-github-actions@0.55.0 continue-on-error: true id: spellcheck with: @@ -261,7 +261,7 @@ jobs: echo "reactions=hooray" >> "$GITHUB_OUTPUT" - name: Upload comment as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.markdown_artifact }} name: ${{ env.markdown_artifact }} @@ -330,7 +330,7 @@ jobs: echo "> ℹ️ INFO: we use [avtodev/markdown-lint action](https://github.com/avto-dev/markdown-lint)" >> $GITHUB_STEP_SUMMARY - name: Upload comment as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.markdown_artifact }} name: ${{ env.markdown_artifact }} @@ -398,7 +398,7 @@ jobs: echo "reactions=hooray" >> "$GITHUB_OUTPUT" - name: Upload comment as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.spellcheck_artifact }} name: ${{ env.spellcheck_artifact }} @@ -491,7 +491,7 @@ jobs: # description: | # Calls a trusted shared workflow that temporarily elevates the caller's privileges # to write a comment in the PR. - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: path: ${{ env.artifacts_dir }}/${{ env.spellcheck_artifact }} name: ${{ env.spellcheck_artifact }} diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 5dddca1..6c0bf0c 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -17,16 +17,16 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: stable check-latest: true cache: true - name: golangci-lint - uses: golangci/golangci-lint-action@0a35821d5c230e903fcfe077583637dea1b27b47 # v9.0.0 + uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0 with: version: latest only-new-issues: true @@ -44,9 +44,9 @@ jobs: steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: '${{ matrix.go }}' check-latest: true @@ -96,9 +96,9 @@ jobs: CORPUS_MAX_SIZE_MB: 100 steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: stable check-latest: true @@ -172,7 +172,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -207,7 +207,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version: stable check-latest: true diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml index 5509847..d9b03a2 100644 --- a/.github/workflows/pr-comment.yml +++ b/.github/workflows/pr-comment.yml @@ -101,7 +101,7 @@ jobs: - name: Download message artifact if: ${{ steps.check_pr.outputs.proceed == 'true'}} id: download - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: run-id: "${{ inputs.run_id }}" repository: "${{ env.TARGET }}" @@ -125,7 +125,7 @@ jobs: - name: Find previous PR comment if: ${{ steps.check_pr.outputs.proceed == 'true'}} - uses: peter-evans/find-comment@v3 + uses: peter-evans/find-comment@v4 id: find_comment with: repository: ${{ inputs.target_repo }} @@ -136,7 +136,7 @@ jobs: - name: Create or update PR comment if: ${{ steps.check_pr.outputs.proceed == 'true'}} - uses: peter-evans/create-or-update-comment@v4 + uses: peter-evans/create-or-update-comment@v5 with: issue-number: ${{ inputs.pr_number }} comment-id: ${{ steps.find_comment.outputs.comment-id }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e79ad9..ff9a106 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 - diff --git a/.github/workflows/scanner.yml b/.github/workflows/scanner.yml index 2f34e48..ae5c5ae 100644 --- a/.github/workflows/scanner.yml +++ b/.github/workflows/scanner.yml @@ -24,7 +24,7 @@ jobs: security-events: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - @@ -39,7 +39,7 @@ jobs: exit-code: 0 - name: Upload trivy findings to code scanning dashboard - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: category: trivy sarif_file: trivy-code-report.sarif @@ -59,7 +59,7 @@ jobs: output-file: govulnscan-report.sarif - name: Upload govulnscan findings to code scanning dashboard - uses: github/codeql-action/upload-sarif@014f16e7ab1402f30e7c3329d33797e7948572db # v4.31.3 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: category: govulnscan sarif_file: govulnscan-report.sarif