diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1ffba74b..e29b6ca5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 9aff0755..27ae96ae 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -23,6 +23,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v3.6.0 # v3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 # v2 + uses: actions/dependency-review-action@f6fff72a3217f580d5afd49a46826795305b63c7 # v3.0.8 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 64b880ea..34ddc129 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -27,6 +27,6 @@ jobs: - uses: actions/setup-go@v4 with: go-version: 1.20.6 - - uses: actions/checkout@v3.6.0 + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: golangci-lint - uses: golangci/golangci-lint-action@v3.7.0 + uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 6a5733da..b82555d7 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -25,11 +25,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.20.6 - name: checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Install addlicense run: go install github.com/google/addlicense@latest - name: Check license headers diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index ca92eb88..0bc3ec88 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -25,14 +25,14 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go: [ '1.18.x', '1.19.x', '1.20.6' ] + go: [ '1.19.x', '1.20.x', '1.21.0' ] name: Go ${{ matrix.go }} build steps: - name: checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@v3 + - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: # In order: # * Module download cache @@ -45,7 +45,7 @@ jobs: ${{ runner.os }}-go- - name: Setup go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ matrix.go }} @@ -62,6 +62,6 @@ jobs: run: go test -v -race -coverprofile=coverage.txt -covermode=atomic ./... - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: file: ./coverage.txt diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6375202..65b55a71 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,10 +24,10 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v3.6.0 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: install go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: 1.20.6 diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml index c845c8fb..58b43f31 100644 --- a/.github/workflows/reuse.yml +++ b/.github/workflows/reuse.yml @@ -43,20 +43,20 @@ jobs: steps: - name: Checkout release if: ${{ inputs.tag == 'release'}} - uses: actions/checkout@v3.6.0 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: fetch-depth: 0 - name: Checkout image if: ${{ inputs.tag == 'image'}} - uses: actions/checkout@v3.6.0 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Unshallow if: ${{ inputs.tag == 'image'}} run: git fetch --prune --unshallow --tags - name: Set up Go - uses: actions/setup-go@v4 # v2.1.5 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ~1.20.6 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index affc85a8..60888f27 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -24,7 +24,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@v3.6.0 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: persist-credentials: false @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif