diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e6cbbfb..97b2fcd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: raw.githubusercontent.com:443 - name: Checkout repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 with: fetch-depth: 0 - name: Setup Go @@ -34,7 +34,7 @@ jobs: # Linting - name: Linting - uses: golangci/golangci-lint-action@82fb3f49c21caa9527bf0335d412acbf02388f95 + uses: golangci/golangci-lint-action@363026db346476e64026d11fad940c24c2bef93f with: version: latest args: --config=./.github/.golangci.yml ./... @@ -59,7 +59,7 @@ jobs: sum.golang.org:443 - name: Checkout repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 with: fetch-depth: 0 - name: Setup Go @@ -92,7 +92,7 @@ jobs: storage.googleapis.com:443 - name: Checkout repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 with: fetch-depth: 0 - name: Setup Go @@ -106,7 +106,7 @@ jobs: # Codecov - name: Codecov - uses: codecov/codecov-action@e43f28e103e52bb26d252b5a97fcdfa06175321e + uses: codecov/codecov-action@1d6059880cab9176d33e31e0f1ab076b20495f5e env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 52d5208..f9b85c9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,16 +31,16 @@ jobs: api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443 - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@cbe18979603527f12c7871a6eb04833ecf1548c7 + uses: github/codeql-action/init@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@cbe18979603527f12c7871a6eb04833ecf1548c7 + uses: github/codeql-action/autobuild@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cbe18979603527f12c7871a6eb04833ecf1548c7 + uses: github/codeql-action/analyze@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index b4d630c..e45c843 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -38,12 +38,12 @@ jobs: www.bestpractices.dev:443 - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@72803a12483ed6f4f7c34f804818169f50162e37 + uses: ossf/scorecard-action@08f935069d990d2675a557ebcecc774477e7c55c with: results_file: results.sarif results_format: sarif @@ -69,6 +69,6 @@ jobs: # required for Code scanning alerts - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@cbe18979603527f12c7871a6eb04833ecf1548c7 + uses: github/codeql-action/upload-sarif@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 with: sarif_file: results.sarif