diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 97b2fcd..020d736 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: raw.githubusercontent.com:443 - name: Checkout repo - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 + uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb with: fetch-depth: 0 - name: Setup Go @@ -34,7 +34,7 @@ jobs: # Linting - name: Linting - uses: golangci/golangci-lint-action@363026db346476e64026d11fad940c24c2bef93f + uses: golangci/golangci-lint-action@02ee5067dca7bfdce7a74e00ec4acac190dead4e with: version: latest args: --config=./.github/.golangci.yml ./... @@ -59,7 +59,7 @@ jobs: sum.golang.org:443 - name: Checkout repo - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 + uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb with: fetch-depth: 0 - name: Setup Go @@ -92,7 +92,7 @@ jobs: storage.googleapis.com:443 - name: Checkout repo - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 + uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb with: fetch-depth: 0 - name: Setup Go @@ -106,7 +106,7 @@ jobs: # Codecov - name: Codecov - uses: codecov/codecov-action@1d6059880cab9176d33e31e0f1ab076b20495f5e + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f9b85c9..0643f93 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,16 +31,16 @@ jobs: api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443 - name: Checkout repository - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 + uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 + uses: github/codeql-action/init@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 + uses: github/codeql-action/autobuild@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 + uses: github/codeql-action/analyze@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e45c843..a34d7d0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -38,12 +38,12 @@ jobs: www.bestpractices.dev:443 - name: "Checkout code" - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 + uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08f935069d990d2675a557ebcecc774477e7c55c + uses: ossf/scorecard-action@6622d322b30ed8cdd77455e4af0bddb2b735325c with: results_file: results.sarif results_format: sarif @@ -69,6 +69,6 @@ jobs: # required for Code scanning alerts - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@acb9cb18eec7e3a113ef83cff0be91e75cfd9526 + uses: github/codeql-action/upload-sarif@a1695c562bbfa68dc5ab58c9b5e9f616b52bf5be with: sarif_file: results.sarif