diff --git a/.github/workflows/bump-go-toolchain.yml b/.github/workflows/bump-go-toolchain.yml index 080a15e5f9..79e6479fcb 100644 --- a/.github/workflows/bump-go-toolchain.yml +++ b/.github/workflows/bump-go-toolchain.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Determine current toolchain version id: current diff --git a/.github/workflows/bump-vuln-deps.yml b/.github/workflows/bump-vuln-deps.yml index 27bbce2042..150c03764b 100644 --- a/.github/workflows/bump-vuln-deps.yml +++ b/.github/workflows/bump-vuln-deps.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup JFrog uses: ./.github/actions/setup-jfrog diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 350fed7256..0a717d613b 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: diff --git a/.github/workflows/conftest.yml b/.github/workflows/conftest.yml index 0f5deda45c..1fc410e079 100644 --- a/.github/workflows/conftest.yml +++ b/.github/workflows/conftest.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install conftest run: |- diff --git a/.github/workflows/external-message.yml b/.github/workflows/external-message.yml index 9a6d12d520..e9ef0ce13d 100644 --- a/.github/workflows/external-message.yml +++ b/.github/workflows/external-message.yml @@ -25,7 +25,7 @@ jobs: if: "${{ github.event.pull_request.head.repo.fork }}" steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Delete old comments env: diff --git a/.github/workflows/maintainer-approval.yml b/.github/workflows/maintainer-approval.yml index 12b5659ef0..9af75f2e28 100644 --- a/.github/workflows/maintainer-approval.yml +++ b/.github/workflows/maintainer-approval.yml @@ -56,7 +56,7 @@ jobs: checks: write contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.event.pull_request.base.sha }} persist-credentials: false diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index f80cfba7ad..2e89a51544 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -37,7 +37,7 @@ jobs: targets: ${{ steps.mask1.outputs.targets || steps.mask2.outputs.targets || steps.mask3.outputs.targets }} steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 @@ -130,7 +130,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup build environment uses: ./.github/actions/setup-build-environment @@ -203,7 +203,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup build environment uses: ./.github/actions/setup-build-environment @@ -255,7 +255,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup build environment uses: ./.github/actions/setup-build-environment @@ -307,7 +307,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup build environment uses: ./.github/actions/setup-build-environment @@ -359,7 +359,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup build environment uses: ./.github/actions/setup-build-environment @@ -410,7 +410,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # Dedicated cache-key so this job's Go cache doesn't evict the primary # test caches from the 10 GB GHA quota. diff --git a/.github/workflows/python_push.yml b/.github/workflows/python_push.yml index be62bcd22b..e5f99c4fd0 100644 --- a/.github/workflows/python_push.yml +++ b/.github/workflows/python_push.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 @@ -73,7 +73,7 @@ jobs: steps: - name: Checkout repository and submodules - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index d262fe0857..270e1d34a3 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 fetch-tags: true @@ -45,7 +45,7 @@ jobs: # composite actions (e.g. setup-jfrog) and the goreleaser config are # available even when the built ref is an older tag that predates them. - name: Checkout workflow ref for local actions - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} path: .workflow-actions @@ -148,7 +148,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 fetch-tags: true @@ -158,7 +158,7 @@ jobs: # composite actions (e.g. setup-jfrog) and the goreleaser config are # available even when the built ref is an older tag that predates them. - name: Checkout workflow ref for local actions - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.sha }} path: .workflow-actions diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml index 7436622410..361d881f53 100644 --- a/.github/workflows/release-docker.yml +++ b/.github/workflows/release-docker.yml @@ -37,7 +37,7 @@ jobs: steps: - name: Checkout repository at release tag - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.tag }} diff --git a/.github/workflows/test-owners-scripts.yml b/.github/workflows/test-owners-scripts.yml index 9538eb5178..b80c6fdc26 100644 --- a/.github/workflows/test-owners-scripts.yml +++ b/.github/workflows/test-owners-scripts.yml @@ -19,7 +19,7 @@ jobs: steps: # Full checkout (no sparse-checkout): `owners.js validate` verifies that # every OWNERS path exists in the tree, so it needs the whole repo. - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Run OWNERS script tests run: node --test .github/scripts/owners.test.js .github/workflows/maintainer-approval.test.js - name: Validate OWNERS and OWNERTEAMS diff --git a/.github/workflows/update-schema-docs.yml b/.github/workflows/update-schema-docs.yml index a3e67fff28..e057d60131 100644 --- a/.github/workflows/update-schema-docs.yml +++ b/.github/workflows/update-schema-docs.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout main - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Regen runs against `main`. fetch-depth: 0 + fetch-tags: true ensure # since_version.go can resolve `git show :bundle/schema/jsonschema.json`