diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 70148c9..c2c136a 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -109,7 +109,7 @@ jobs: owner: FerrLabs - name: Checkout config - uses: actions/checkout@v6 + uses: actions/checkout@v7 - name: Probe GHCR npm read access (informational) env: diff --git a/.github/workflows/reusable-ci-astro.yml b/.github/workflows/reusable-ci-astro.yml index 4285b02..5164a54 100644 --- a/.github/workflows/reusable-ci-astro.yml +++ b/.github/workflows/reusable-ci-astro.yml @@ -107,7 +107,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: pnpm/action-setup@v6 with: version: ${{ inputs.pnpm-version }} @@ -147,7 +147,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: pnpm/action-setup@v6 with: version: ${{ inputs.pnpm-version }} @@ -172,7 +172,7 @@ jobs: if: inputs.enable-lighthouse && (github.event_name == 'pull_request' || !inputs.lighthouse-only-pr) runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/download-artifact@v8 with: name: site-dist diff --git a/.github/workflows/reusable-ci-go.yml b/.github/workflows/reusable-ci-go.yml index b1e23d0..013d569 100644 --- a/.github/workflows/reusable-ci-go.yml +++ b/.github/workflows/reusable-ci-go.yml @@ -99,7 +99,7 @@ jobs: outputs: has_go: ${{ steps.check.outputs.has_go }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - id: check run: | if [ -f "${{ inputs.go-version-file }}" ]; then @@ -122,7 +122,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version }} @@ -160,7 +160,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version }} @@ -213,7 +213,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version }} @@ -249,7 +249,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version }} diff --git a/.github/workflows/reusable-ci-node.yml b/.github/workflows/reusable-ci-node.yml index d5b8e33..5434366 100644 --- a/.github/workflows/reusable-ci-node.yml +++ b/.github/workflows/reusable-ci-node.yml @@ -139,7 +139,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - if: inputs.package-manager == 'pnpm' uses: pnpm/action-setup@v6 with: @@ -220,7 +220,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - if: inputs.package-manager == 'pnpm' uses: pnpm/action-setup@v6 with: diff --git a/.github/workflows/reusable-ci-rust.yml b/.github/workflows/reusable-ci-rust.yml index 7d8453c..f59555e 100644 --- a/.github/workflows/reusable-ci-rust.yml +++ b/.github/workflows/reusable-ci-rust.yml @@ -146,7 +146,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - if: inputs.apt-packages != '' && runner.os == 'Linux' name: Install apt packages run: | @@ -198,7 +198,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - if: inputs.apt-packages != '' && runner.os == 'Linux' name: Install apt packages run: | @@ -256,7 +256,7 @@ jobs: if: inputs.enable-typos runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: crate-ci/typos@master with: files: ${{ inputs.working-directory }} @@ -276,7 +276,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - if: inputs.apt-packages != '' && runner.os == 'Linux' name: Install apt packages run: | diff --git a/.github/workflows/reusable-docker-build.yml b/.github/workflows/reusable-docker-build.yml index c1904db..53137a9 100644 --- a/.github/workflows/reusable-docker-build.yml +++ b/.github/workflows/reusable-docker-build.yml @@ -90,7 +90,7 @@ jobs: # job below stays on the configured (self-hosted) runner. runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 with: dockerfile: ${{ inputs.context }}/${{ inputs.dockerfile }} @@ -107,7 +107,7 @@ jobs: outputs: digest: ${{ steps.push.outputs.digest }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 # The self-hosted ARC runners have buildah, not a Docker daemon — so we # build/push with buildah (not docker/buildx). The cosign / Trivy / SBOM # jobs below pull the pushed image from the registry, so they need no diff --git a/.github/workflows/reusable-ferrflow-release.yml b/.github/workflows/reusable-ferrflow-release.yml index 96060cc..51b6778 100644 --- a/.github/workflows/reusable-ferrflow-release.yml +++ b/.github/workflows/reusable-ferrflow-release.yml @@ -48,7 +48,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: fetch-depth: ${{ inputs.fetch-depth }} persist-credentials: false diff --git a/.github/workflows/reusable-release-rust.yml b/.github/workflows/reusable-release-rust.yml index fd0e1b3..a82d486 100644 --- a/.github/workflows/reusable-release-rust.yml +++ b/.github/workflows/reusable-release-rust.yml @@ -72,7 +72,7 @@ jobs: archive: zip arch_label: windows-x64 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} @@ -111,7 +111,7 @@ jobs: needs: build runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/download-artifact@v8 with: path: artifacts/ @@ -135,7 +135,7 @@ jobs: if: inputs.crate-publish runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: dtolnay/rust-toolchain@stable - run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }} diff --git a/.github/workflows/reusable-security-scan.yml b/.github/workflows/reusable-security-scan.yml index 6f26a90..d0749d2 100644 --- a/.github/workflows/reusable-security-scan.yml +++ b/.github/workflows/reusable-security-scan.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} if: ${{ !github.event.repository.private || inputs.run-on-private }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 - name: Install gitleaks @@ -91,7 +91,7 @@ jobs: runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} if: ${{ !github.event.repository.private || inputs.run-on-private }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Detect Go module id: detect run: | @@ -142,7 +142,7 @@ jobs: runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} if: ${{ !github.event.repository.private || inputs.run-on-private }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - name: Install zizmor env: PIP_BREAK_SYSTEM_PACKAGES: '1' @@ -183,7 +183,7 @@ jobs: runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} if: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && (!github.event.repository.private || inputs.run-on-private) }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: fetch-depth: 0 - name: Install trufflehog diff --git a/.github/workflows/reusable-sonarqube-scan.yml b/.github/workflows/reusable-sonarqube-scan.yml index ba1d0e7..f807acf 100644 --- a/.github/workflows/reusable-sonarqube-scan.yml +++ b/.github/workflows/reusable-sonarqube-scan.yml @@ -47,7 +47,7 @@ jobs: name: SonarQube analysis runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }} steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: # Full history so SonarQube can attribute new-code and blame. fetch-depth: 0 diff --git a/workflow-templates/ci-astro.yml b/workflow-templates/ci-astro.yml index 6b655e1..16d7c4e 100644 --- a/workflow-templates/ci-astro.yml +++ b/workflow-templates/ci-astro.yml @@ -15,7 +15,7 @@ jobs: name: Build & Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: pnpm/action-setup@v6 with: version: 11 @@ -47,7 +47,7 @@ jobs: name: i18n parity runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: pnpm/action-setup@v6 with: version: 11 @@ -71,7 +71,7 @@ jobs: if: github.event_name == 'pull_request' runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/download-artifact@v8 with: name: site-dist diff --git a/workflow-templates/ci-go.yml b/workflow-templates/ci-go.yml index 5e53477..5c583f9 100644 --- a/workflow-templates/ci-go.yml +++ b/workflow-templates/ci-go.yml @@ -16,7 +16,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -40,7 +40,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -58,7 +58,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -74,7 +74,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: actions/setup-go@v6 with: go-version-file: go.mod diff --git a/workflow-templates/ci-node.yml b/workflow-templates/ci-node.yml index f115744..c932f3e 100644 --- a/workflow-templates/ci-node.yml +++ b/workflow-templates/ci-node.yml @@ -15,7 +15,7 @@ jobs: name: Test & Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: pnpm/action-setup@v6 with: version: 11 @@ -46,7 +46,7 @@ jobs: name: Quality (knip, madge, audit) runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: pnpm/action-setup@v6 with: version: 11 diff --git a/workflow-templates/ci-rust.yml b/workflow-templates/ci-rust.yml index 668c46d..1ec8a74 100644 --- a/workflow-templates/ci-rust.yml +++ b/workflow-templates/ci-rust.yml @@ -20,7 +20,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: dtolnay/rust-toolchain@stable with: components: clippy, rustfmt @@ -37,7 +37,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: dtolnay/rust-toolchain@stable - uses: Swatinem/rust-cache@v2 - uses: taiki-e/install-action@v2 @@ -54,7 +54,7 @@ jobs: name: Typos runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: crate-ci/typos@v1 coverage: @@ -62,7 +62,7 @@ jobs: if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):') runs-on: ferrlabs-k8s steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: dtolnay/rust-toolchain@stable with: components: llvm-tools-preview diff --git a/workflow-templates/codeql.yml b/workflow-templates/codeql.yml index 2d09c3a..f424d10 100644 --- a/workflow-templates/codeql.yml +++ b/workflow-templates/codeql.yml @@ -25,7 +25,7 @@ jobs: matrix: language: [javascript-typescript] steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 - uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} diff --git a/workflow-templates/scorecard.yml b/workflow-templates/scorecard.yml index de2dd70..3ebd950 100644 --- a/workflow-templates/scorecard.yml +++ b/workflow-templates/scorecard.yml @@ -19,7 +19,7 @@ jobs: contents: read actions: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v7 with: persist-credentials: false - uses: ossf/scorecard-action@v2.4.3