diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 431fd5cf..17a18101 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -47,7 +47,7 @@ jobs: working-directory: build - name: Restore rq cache id: cache-rq - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/go/bin/rq key: ${{ runner.os }}-${{ runner.arch }}-go-rq-${{ env.RQ_VERSION }} @@ -55,7 +55,7 @@ jobs: if: steps.cache-rq.outputs.cache-hit != 'true' - name: Cache rq binary if: steps.cache-rq.outputs.cache-hit != 'true' - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/go/bin/rq key: ${{ runner.os }}-${{ runner.arch }}-go-rq-${{ env.RQ_VERSION }} @@ -64,7 +64,7 @@ jobs: if: matrix.os.name == 'linux' with: version: v1.64.5 - - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: regal-${{ matrix.os.name }} path: regal diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6cdbae1b..cd46cc9c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,14 +27,14 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 470f16ce..7e20050f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,20 +25,20 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 + uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: sarif_file: results.sarif diff --git a/.github/workflows/update-caps.yml b/.github/workflows/update-caps.yml index 01268b99..76081b6d 100644 --- a/.github/workflows/update-caps.yml +++ b/.github/workflows/update-caps.yml @@ -23,7 +23,7 @@ jobs: go-version-file: go.mod - name: Restore rq cache id: cache-rq - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/go/bin/rq key: ${{ runner.os }}-${{ runner.arch }}-go-rq-${{ env.RQ_VERSION }} @@ -31,13 +31,13 @@ jobs: if: steps.cache-rq.outputs.cache-hit != 'true' - name: Cache rq binary if: steps.cache-rq.outputs.cache-hit != 'true' - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/go/bin/rq key: ${{ runner.os }}-${{ runner.arch }}-go-rq-${{ env.RQ_VERSION }} - run: build/do.rq fetch - name: Create Pull Request - uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 + uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7 with: title: "automated: update capabilities" branch: create-pull-request/caps diff --git a/.github/workflows/update-example-index.yaml b/.github/workflows/update-example-index.yaml index 05520d66..e7c94bec 100644 --- a/.github/workflows/update-example-index.yaml +++ b/.github/workflows/update-example-index.yaml @@ -36,7 +36,7 @@ jobs: static: true - name: Restore rq cache id: cache-rq - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/go/bin/rq key: ${{ runner.os }}-${{ runner.arch }}-go-rq-${{ env.RQ_VERSION }} @@ -44,7 +44,7 @@ jobs: if: steps.cache-rq.outputs.cache-hit != 'true' - name: Cache rq binary if: steps.cache-rq.outputs.cache-hit != 'true' - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1 with: path: ~/go/bin/rq key: ${{ runner.os }}-${{ runner.arch }}-go-rq-${{ env.RQ_VERSION }} @@ -66,7 +66,7 @@ jobs: tee internal/lsp/examples/index.json - name: Open a pull request - uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 + uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 # v7.0.7 with: title: "lsp: Update rego-by-examples index" commit-message: "lsp: Update rego-by-examples index"