diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml index e9476141624..a9d7777a576 100644 --- a/.github/workflows/alert-update-flags.yaml +++ b/.github/workflows/alert-update-flags.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 2 - name: Execute diff and send email diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml index bcef86d4099..4cad82779ae 100644 --- a/.github/workflows/alert-update-terraform-modules.yaml +++ b/.github/workflows/alert-update-terraform-modules.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Execute diff and send email @@ -25,7 +25,7 @@ jobs: -c assets/libraries/common.json \ -u https://registry.terraform.io/v1/modules - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "feat(queries): update terraform registry data on commons.json" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/cesar.yaml b/.github/workflows/cesar.yaml index 3a78e0d2dbb..1e9770b61ac 100644 --- a/.github/workflows/cesar.yaml +++ b/.github/workflows/cesar.yaml @@ -15,12 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: refs/pull/${{ github.event.pull_request.number }}/merge path: kics - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: kics/go.mod cache-dependency-path: kics/go.sum @@ -62,14 +62,14 @@ jobs: zip -qr kics.zip kics/ - name: Save kics - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kics path: ${{ github.workspace }}/kics.zip retention-days: 1 - name: Pr parameters - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Metadata path: ${{ github.workspace }}/pr-metadata.json diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml index 2fb3474e74a..15f80a5e739 100644 --- a/.github/workflows/check-apache-license.yaml +++ b/.github/workflows/check-apache-license.yaml @@ -12,7 +12,7 @@ jobs: USERNAME: ${{ github.event.pull_request.user.login }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false sparse-checkout: | diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml index 97c10395615..b50441d3b7c 100644 --- a/.github/workflows/check-go-coverage.yaml +++ b/.github/workflows/check-go-coverage.yaml @@ -13,11 +13,11 @@ jobs: color: ${{ steps.testcov.outputs.color }} steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Run test metrics script diff --git a/.github/workflows/ci-projects.yaml b/.github/workflows/ci-projects.yaml index 54f791f118e..65b6bb6312f 100644 --- a/.github/workflows/ci-projects.yaml +++ b/.github/workflows/ci-projects.yaml @@ -16,12 +16,12 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.merge_commit_sha }} path: kics - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: kics/go.mod cache-dependency-path: kics/go.sum @@ -59,14 +59,14 @@ jobs: zip -qr kics.zip kics/ - name: Save kics - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: kics path: ${{ github.workspace }}/kics.zip retention-days: 1 - name: Pr parameters - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Metadata path: ${{ github.workspace }}/pr-metadata.json diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml index 50e7ff3f7fc..2ff90aa2526 100644 --- a/.github/workflows/go-ci-coverage.yaml +++ b/.github/workflows/go-ci-coverage.yaml @@ -14,11 +14,11 @@ jobs: color: ${{ steps.testcov.outputs.color }} steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Run test metrics script @@ -33,11 +33,11 @@ jobs: curl -L \ https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg cat coverage.svg - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ runner.os }}-badge-latest path: coverage.svg - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ runner.os }}-coverage-latest path: coverage.html @@ -47,7 +47,7 @@ jobs: needs: coverage steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages - name: Configure git commit author @@ -55,12 +55,12 @@ jobs: git config --global user.name "KICSBot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Download Coverage Report - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v8.0.1 with: name: ${{ runner.os }}-coverage-latest path: latest-coverage - name: Download Badge svg - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v8.0.1 with: name: ${{ runner.os }}-badge-latest path: latest-coverage diff --git a/.github/workflows/go-ci-integration.yml b/.github/workflows/go-ci-integration.yml index 293626b9f6d..5e263fb5e53 100644 --- a/.github/workflows/go-ci-integration.yml +++ b/.github/workflows/go-ci-integration.yml @@ -15,14 +15,14 @@ jobs: cancel_others: false paths_ignore: '["docs/**", "**/**.md", "examples"]' - name: Check out code into the Go module directory - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Cache Docker layers - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.ref }} @@ -32,7 +32,7 @@ jobs: run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV - name: Build id: docker_build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: load: true context: ./ @@ -59,7 +59,7 @@ jobs: -p "/path" \ -o "/path/" - name: Archive test logs - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: integration-logs-${{ github.event.pull_request.head.sha }} @@ -68,7 +68,7 @@ jobs: run: | cat ${PWD}/assets/queries/results.json - name: Archive test results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: integration-results-${{ github.event.pull_request.head.sha }} path: assets/queries/results.json diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml index ea3c60be89d..ae7d235652c 100644 --- a/.github/workflows/go-ci-metrics.yaml +++ b/.github/workflows/go-ci-metrics.yaml @@ -12,8 +12,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run test metrics script @@ -26,7 +26,7 @@ jobs: curl -L \ https://img.shields.io/badge/Queries-${{ steps.metrics.outputs.total_queries }}-blue.svg > queries.svg cat queries.svg - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ runner.os }}-queries-badge-latest path: queries.svg @@ -36,7 +36,7 @@ jobs: needs: metrics steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages - name: Configure git commit author @@ -44,7 +44,7 @@ jobs: git config --global user.name "KICSBot" git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - name: Download Queries Badge SVG - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v8.0.1 with: name: ${{ runner.os }}-queries-badge-latest path: latest-metrics diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index e9029c36282..92c8914c3da 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -9,9 +9,9 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod cache: false @@ -25,12 +25,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Generate mocks and marshall/unmarshall code @@ -44,11 +44,11 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Check out code into the Go module directory - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get cache paths @@ -56,7 +56,7 @@ jobs: shell: bash run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT - name: Cache dependencies - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ steps.go-cache-paths.outputs.GO_BUILD }} key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -69,7 +69,7 @@ jobs: go mod vendor - name: Set Windows Page size if: matrix.os == 'windows-2022' - uses: al-cheb/configure-pagefile-action@a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708 # v1.4 + uses: al-cheb/configure-pagefile-action@9b6da52fb72a3c6147c1aad2df22d8d905681adc # v1.5 with: minimum-size: 32GB maximum-size: 32GB @@ -86,7 +86,7 @@ jobs: go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log - name: Archive test logs if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log path: unit-test.log @@ -97,9 +97,9 @@ jobs: GO111MODULE: on steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Gosec Security Scanner - uses: securego/gosec@d2d3ae66bd8d340b78b5142b6fe610691783c2fe # v2.22.5 + uses: securego/gosec@bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c # v2.24.7 with: args: "-no-fail -fmt sarif -out results.sarif ./..." - name: Show results diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml index beb10b18c45..3ea21ba7341 100644 --- a/.github/workflows/go-e2e-debian.yaml +++ b/.github/workflows/go-e2e-debian.yaml @@ -15,15 +15,15 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 + uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1 with: access_token: ${{ github.token }} - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Print go env @@ -31,7 +31,7 @@ jobs: - name: Get Modules run: go mod vendor - name: Set up Node v14 - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "20" - name: Install mock server @@ -42,9 +42,9 @@ jobs: working-directory: .github/scripts/server-mock - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Cache Docker layers - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.ref }} @@ -57,7 +57,7 @@ jobs: run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV - name: Build id: docker_build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: load: true context: ./ @@ -100,7 +100,7 @@ jobs: DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/') - name: Archive test report if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: e2e-tests-report-dockerfile-$DOCKER_NAME path: e2e-report.html diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml index 9f9813ae8e2..d858b3192da 100644 --- a/.github/workflows/go-e2e.yaml +++ b/.github/workflows/go-e2e.yaml @@ -16,15 +16,15 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 + uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1 with: access_token: ${{ github.token }} - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Print go env @@ -32,7 +32,7 @@ jobs: - name: Get Modules run: go mod vendor - name: Set up Node v14 - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: "20" - name: Install mock server @@ -43,9 +43,9 @@ jobs: working-directory: .github/scripts/server-mock - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Cache Docker layers - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.ref }} @@ -55,7 +55,7 @@ jobs: run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV - name: Build id: docker_build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: load: true context: ./ @@ -100,7 +100,7 @@ jobs: echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV - name: Archive test report if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: e2e-tests-report-${{ env.DOCKER_NAME }} path: e2e-report.html diff --git a/.github/workflows/go-generate-antlr-parser.yaml b/.github/workflows/go-generate-antlr-parser.yaml index 6e543d9ebd3..e21d916a9bc 100644 --- a/.github/workflows/go-generate-antlr-parser.yaml +++ b/.github/workflows/go-generate-antlr-parser.yaml @@ -12,11 +12,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Build ANTLR image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 id: build_antlr_image with: context: . @@ -26,7 +26,7 @@ jobs: run: | docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter:/work -it antlr4-generator:dev - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "chore(parser): updating AWS jsonfilter ANTLR generated parser" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/go-test-race.yml b/.github/workflows/go-test-race.yml index d50a87652cf..ffd0b153ada 100644 --- a/.github/workflows/go-test-race.yml +++ b/.github/workflows/go-test-race.yml @@ -10,15 +10,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Check out code into the Go module directory - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get cache paths @@ -27,7 +27,7 @@ jobs: echo "::set-output name=go-build::$(go env GOCACHE)" echo "::set-output name=go-mod::$(go env GOMODCACHE)" - name: Cache dependencies - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} @@ -45,7 +45,7 @@ jobs: exit $result_code - name: Archive test logs if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log path: unit-test.log diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml index 6b6364e88e7..16f77cacbab 100644 --- a/.github/workflows/kics-gh-action.yaml +++ b/.github/workflows/kics-gh-action.yaml @@ -9,9 +9,9 @@ jobs: kics-scan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run KICS Scan - uses: checkmarx/kics-github-action@63fca4ca72e56edbb5a599ee756e6af1fdb1e785 # v2.1.18 + uses: checkmarx/kics-github-action@05aa5eb70eede1355220f4ca5238d96b397e30a6 # v2.1.20 with: token: ${{ secrets.GITHUB_TOKEN }} path: "./Dockerfile" @@ -21,7 +21,7 @@ jobs: output_formats: json,html type: dockerfile exclude_queries: 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae # Ignore Last User Is 'root' - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: results path: ./results diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 38cd8e8e116..efdc6876e11 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -11,7 +11,7 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 @@ -28,7 +28,7 @@ jobs: value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}" - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: 3.x - name: Install dependencies diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml index e1af7bab05c..30e9e5ad27e 100644 --- a/.github/workflows/prepare-release.yaml +++ b/.github/workflows/prepare-release.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get current date @@ -27,7 +27,7 @@ jobs: sed -E -i "s/()[0-9]{4}\.[0-9]{2}\.[0-9]{2}

/\1${{ steps.cdate.outputs.date }}

/" docs/index.md sed -E -i "s/()/\1v${{ github.event.inputs.version }}\2${{ github.event.inputs.version }}\3/g" docs/index.md - name: Create pull request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml index e485fab5c45..db096fb12bf 100644 --- a/.github/workflows/release-commits.yaml +++ b/.github/workflows/release-commits.yaml @@ -11,12 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run get release commits script diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml index 892b0ed28fb..5e26431b021 100644 --- a/.github/workflows/release-dkr-image.yml +++ b/.github/workflows/release-dkr-image.yml @@ -14,7 +14,7 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get Release version @@ -36,14 +36,14 @@ jobs: - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v2 with: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to DockerHub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -51,7 +51,7 @@ jobs: run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV - name: Docker meta id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: "checkmarx/kics" labels: | @@ -67,7 +67,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.created=${{ env.CREATED_AT }} - name: Push main to Docker Hub - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 id: build_main with: context: . @@ -82,7 +82,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push alpine to Docker Hub id: build_alpine - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . file: ./docker/Dockerfile.alpine @@ -97,7 +97,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push debian to Docker Hub id: build_debian - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . file: ./docker/Dockerfile.debian @@ -112,7 +112,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push ubi8 to Docker Hub id: build_ubi8 - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . file: ./docker/Dockerfile.ubi8 diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml index 49291d67528..04153b2755e 100644 --- a/.github/workflows/release-docker-github-actions.yaml +++ b/.github/workflows/release-docker-github-actions.yaml @@ -13,22 +13,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Check out the tag - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.inputs.version }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v2 with: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to DockerHub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -36,7 +36,7 @@ jobs: run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV - name: Docker meta id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: "checkmarx/kics" labels: | @@ -52,7 +52,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.created=${{ env.CREATED_AT }} - name: Push Github Action Image to Docker Hub - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 id: build_gh_action with: context: . @@ -66,11 +66,11 @@ jobs: DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} labels: ${{ steps.meta.outputs.labels }} - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "docs(kicsbot): update images digest" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml index 88bbcc19fe1..04478736443 100644 --- a/.github/workflows/release-extract-info.yaml +++ b/.github/workflows/release-extract-info.yaml @@ -9,8 +9,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run test statistics script @@ -19,7 +19,7 @@ jobs: pip3 install -r .github/scripts/extract-kics-info/requirements.txt python3 .github/scripts/extract-kics-info/extract-info.py - name: Upload binaries to release - uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2 + uses: svenstaro/upload-release-action@29e53e917877a24fad85510ded594ab3c9ca12de # v2.11.5 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: .github/scripts/extract-kics-info/extracted-info.zip diff --git a/.github/workflows/release-kics-cxone.yaml b/.github/workflows/release-kics-cxone.yaml index 9312ac69497..3bd49204cc7 100644 --- a/.github/workflows/release-kics-cxone.yaml +++ b/.github/workflows/release-kics-cxone.yaml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Git credentials run: | diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 732bc4c1eb3..f07873245e9 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -13,7 +13,7 @@ jobs: sha8: ${{ steps.shorthash.outputs.sha8 }} steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Check if there are new commits since last nightly @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 @@ -49,11 +49,11 @@ jobs: - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: 1.25.x - name: Run GoReleaser - uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 + uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 with: version: v0.160.0 args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml" @@ -128,7 +128,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2 if: always() with: @@ -147,14 +147,14 @@ jobs: - name: View HEAD Commit value: https://github.com/Checkmarx/kics/commit/${{ github.sha }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v2 with: image: tonistiigi/binfmt:latest platforms: linux/amd64,linux/arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to DockerHub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -162,7 +162,7 @@ jobs: run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV - name: Docker meta id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: "checkmarx/kics" labels: | @@ -179,7 +179,7 @@ jobs: org.opencontainers.image.created=${{ env.CREATED_AT }} - name: Push main to Docker Hub id: build_main - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . push: true @@ -192,7 +192,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push alpine to Docker Hub id: build_alpine - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . file: ./docker/Dockerfile.alpine @@ -206,7 +206,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push debian to Docker Hub id: build_debian - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . file: ./docker/Dockerfile.debian @@ -220,7 +220,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Build and push ubi8 to Docker Hub id: build_ubi8 - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: context: . file: ./docker/Dockerfile.ubi8 @@ -233,7 +233,7 @@ jobs: DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }} labels: ${{ steps.meta.outputs.labels }} - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "docs(kicsbot): update images digest" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/run-projects.yaml b/.github/workflows/run-projects.yaml index 99416f9d503..23938b1cf01 100644 --- a/.github/workflows/run-projects.yaml +++ b/.github/workflows/run-projects.yaml @@ -39,20 +39,20 @@ jobs: machine: ${{ fromJSON(needs.setup.outputs.machines) }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ secrets.CES_EXECUTOR_REPO }} token: ${{ secrets.CX_CEBOT_GITHUB_TOKEN_CHECKMARX }} path: cli ref: master - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version-file: cli/go.mod cache: false - name: Download kics - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v8.0.1 with: name: kics path: . @@ -62,7 +62,7 @@ jobs: unzip -q kics.zip - name: Download Json - uses: actions/download-artifact@v4.1.3 + uses: actions/download-artifact@v8.0.1 with: name: Metadata path: . diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml index 0200b464a77..0098068ef9a 100644 --- a/.github/workflows/sec-checks.yaml +++ b/.github/workflows/sec-checks.yaml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 #v0.34.2 + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 #v0.35.0 with: scan-type: 'fs' ignore-unfixed: true @@ -27,7 +27,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: trivy-fs-scan-results path: ./results.txt @@ -40,12 +40,12 @@ jobs: kics-docker: [ "Dockerfile" ] steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Build id: docker_build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: load: true context: ./ @@ -59,7 +59,7 @@ jobs: cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 #v0.34.2 + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 #v0.35.0 with: image-ref: kics:sec-trivy-tests-${{ github.sha }} ignore-unfixed: true @@ -75,7 +75,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: trivy-docker-image-scan-results path: ./results.txt @@ -84,10 +84,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Grype vulnerability scanner in repo mode id: grype-fs-scan - uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # 7.2.2 + uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # 7.3.2 with: path: "." only-fixed: true @@ -103,14 +103,14 @@ jobs: kics-docker: [ "Dockerfile" ] steps: - name: Check out code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Build id: docker_build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: load: true context: ./ @@ -125,7 +125,7 @@ jobs: cache-to: type=local,dest=/tmp/.buildx-cache - name: Scan image id: grype-image-scan - uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # 7.2.2 + uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # 7.3.2 with: image: kics:sec-tests-${{ github.sha }} only-fixed: true @@ -137,8 +137,8 @@ jobs: name: govulncheck fs scan steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@v6 with: go-version: 'stable' - name: Install govulncheck @@ -152,7 +152,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: govulncheck-fs-scan-results path: ./results.txt @@ -161,8 +161,8 @@ jobs: name: govulncheck binary scan steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@v6 with: go-version: 'stable' - name: Build kics @@ -178,7 +178,7 @@ jobs: run: cat ./results.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: govulncheck-binary-scan-results path: ./results.txt @@ -189,7 +189,7 @@ jobs: cat binary_dependencies.txt - name: Upload artifact if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: binary-dependencies path: ./binary_dependencies.txt diff --git a/.github/workflows/sonarcloud-scan-branch.yml b/.github/workflows/sonarcloud-scan-branch.yml index 6306c2679d8..da2a21eec52 100644 --- a/.github/workflows/sonarcloud-scan-branch.yml +++ b/.github/workflows/sonarcloud-scan-branch.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.inputs.branch }} - name: SonarCloud Scan diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 4561a64ad12..99710d597dc 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'Checkmarx/kics' steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: SonarCloud Scan diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml index 6cd139801f9..10d917a391b 100644 --- a/.github/workflows/statistics.yaml +++ b/.github/workflows/statistics.yaml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Source - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod - name: Run test metrics script @@ -28,7 +28,7 @@ jobs: sudo apt-get install cloc GO_LOC=$(cloc . | grep Go | grep -Eo '[0-9]+$') echo "::set-output name=goloc::${GO_LOC}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run test statistics script diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml index 2f28ccb1f68..d810d6eff24 100644 --- a/.github/workflows/update-docs-queries.yaml +++ b/.github/workflows/update-docs-queries.yaml @@ -15,13 +15,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 + uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1 with: access_token: ${{ github.token }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Update docs @@ -39,7 +39,7 @@ jobs: --t .github/scripts/docs-generator/query-page-generator/templates/query-page-template.md \ --df - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "docs(queries): update queries catalog" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml index afa075e4dfe..004ac32e6e5 100644 --- a/.github/workflows/update-docs-release.yaml +++ b/.github/workflows/update-docs-release.yaml @@ -12,11 +12,11 @@ jobs: if: "!github.event.release.prerelease" steps: - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 + uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1 with: access_token: ${{ github.token }} - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get release version @@ -32,7 +32,7 @@ jobs: echo "curr tag ${{ steps.version.outputs.ctag }}" echo "prev ver ${{ steps.version.outputs.pversion }}" echo "curr ver ${{ steps.version.outputs.cversion }}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: 3.x - name: Install dependencies diff --git a/.github/workflows/update-infra-version.yaml b/.github/workflows/update-infra-version.yaml index d5a2dd69083..23a62743215 100644 --- a/.github/workflows/update-infra-version.yaml +++ b/.github/workflows/update-infra-version.yaml @@ -12,17 +12,17 @@ jobs: if: "!github.event.release.prerelease" steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Update Terraform Cloud Integration - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ secrets.KICS_BOT_PAT }} repository: ${{ secrets.TFC_REPO_PATH }} event-type: new-release - name: Update Infra - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 with: token: ${{ secrets.KICS_BOT_PAT }} repository: ${{ secrets.INFRA_REPO }} diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml index 30a8e40f1bb..6108e3ecc0a 100644 --- a/.github/workflows/update-install-script.yaml +++ b/.github/workflows/update-install-script.yaml @@ -9,11 +9,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Cancel Previous Runs - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 + uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1 with: access_token: ${{ github.token }} - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Get Godownloader @@ -30,7 +30,7 @@ jobs: && chmod +x godownloader \ && rm -vf $(basename "${FULL_URL}") \ && cd "${PROJDIR}" - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies @@ -50,7 +50,7 @@ jobs: - name: Update install.sh run: ./.bin/godownloader --repo Checkmarx/kics <(echo ${{ steps.outputs.filter.goreleaser }}) > install.sh - name: Create Pull Request - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "chore(install): update install script" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/update_software_versions.yml b/.github/workflows/update_software_versions.yml index 56af42fa0c2..840895de170 100644 --- a/.github/workflows/update_software_versions.yml +++ b/.github/workflows/update_software_versions.yml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.x" - name: Run update_versions script @@ -25,7 +25,7 @@ jobs: *.json - name: Create pull request if: steps.verify-changed-files.outputs.files_changed == 'true' - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v6 with: title: "build(deps): updating software versions" token: ${{ secrets.KICS_BOT_PAT }} diff --git a/.github/workflows/validate-ansible-samples.yml b/.github/workflows/validate-ansible-samples.yml index 039abd9942d..cfa98f1dc49 100644 --- a/.github/workflows/validate-ansible-samples.yml +++ b/.github/workflows/validate-ansible-samples.yml @@ -11,7 +11,7 @@ jobs: lint-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: yaml-lint diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml index b97cc29ad0e..05dbee34d41 100644 --- a/.github/workflows/validate-arm-samples.yaml +++ b/.github/workflows/validate-arm-samples.yaml @@ -9,10 +9,10 @@ jobs: lint-json-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: "20" - name: Installing jsonlint diff --git a/.github/workflows/validate-cfn-samples.yml b/.github/workflows/validate-cfn-samples.yml index 0a57f76a190..6783282ca90 100644 --- a/.github/workflows/validate-cfn-samples.yml +++ b/.github/workflows/validate-cfn-samples.yml @@ -11,10 +11,10 @@ jobs: validate-cfn-syntax: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.x' - name: Get commit changed files diff --git a/.github/workflows/validate-dkr-samples.yml b/.github/workflows/validate-dkr-samples.yml index fe233ce9578..d146c70ebd9 100644 --- a/.github/workflows/validate-dkr-samples.yml +++ b/.github/workflows/validate-dkr-samples.yml @@ -9,7 +9,7 @@ jobs: validate-dockerfile-syntax: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get Hadolint diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml index 976f03c4f50..ee3eb087907 100644 --- a/.github/workflows/validate-issues.yaml +++ b/.github/workflows/validate-issues.yaml @@ -10,7 +10,7 @@ jobs: TITLE: ${{ github.event.issue.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false sparse-checkout: | @@ -18,7 +18,7 @@ jobs: .github/scripts/pr-issue-info/get_title_types.py .github/issue-title-types.yaml - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies @@ -69,7 +69,7 @@ jobs: TITLE: ${{ github.event.issue.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false sparse-checkout: | @@ -138,7 +138,7 @@ jobs: fi fi - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/validate-k8s-samples.yml b/.github/workflows/validate-k8s-samples.yml index 68901309a7c..f0116fe9bcc 100644 --- a/.github/workflows/validate-k8s-samples.yml +++ b/.github/workflows/validate-k8s-samples.yml @@ -10,7 +10,7 @@ jobs: validate-k8s-manifests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get Kubeval diff --git a/.github/workflows/validate-openapi-samples.yaml b/.github/workflows/validate-openapi-samples.yaml index e6c68a0d0d8..847e4c043f2 100644 --- a/.github/workflows/validate-openapi-samples.yaml +++ b/.github/workflows/validate-openapi-samples.yaml @@ -10,7 +10,7 @@ jobs: lint-yaml-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: yaml-lint @@ -22,10 +22,10 @@ jobs: lint-json-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v6 with: node-version: '20' - name: Installing jsonlint diff --git a/.github/workflows/validate-prs.yaml b/.github/workflows/validate-prs.yaml index 6eb7c990000..d8850518a90 100644 --- a/.github/workflows/validate-prs.yaml +++ b/.github/workflows/validate-prs.yaml @@ -12,7 +12,7 @@ jobs: TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false sparse-checkout: | @@ -22,7 +22,7 @@ jobs: - name: Print PR Title run: echo "$TITLE" - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies @@ -73,7 +73,7 @@ jobs: TITLE: ${{ github.event.pull_request.title }} steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false sparse-checkout: | @@ -153,7 +153,7 @@ jobs: fi fi - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.x" - name: Install dependencies diff --git a/.github/workflows/validate-queries-metadata.yml b/.github/workflows/validate-queries-metadata.yml index 9326728de38..2a4fa51354f 100644 --- a/.github/workflows/validate-queries-metadata.yml +++ b/.github/workflows/validate-queries-metadata.yml @@ -9,7 +9,7 @@ jobs: validate-metadata: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Run queries metadata validation script diff --git a/.github/workflows/validate-tf-samples.yml b/.github/workflows/validate-tf-samples.yml index f5d6119a575..1bdb24cf9a3 100644 --- a/.github/workflows/validate-tf-samples.yml +++ b/.github/workflows/validate-tf-samples.yml @@ -9,7 +9,7 @@ jobs: lint-samples: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: Get tflint