diff --git a/.github/workflows/linting-formatting.yml b/.github/workflows/linting-formatting.yml index 993c0796..03413e83 100644 --- a/.github/workflows/linting-formatting.yml +++ b/.github/workflows/linting-formatting.yml @@ -39,12 +39,12 @@ jobs: persona: pedantic # flavors/dotnet is the smallest flavor of MegaLinter that contains the linters # we are interested in. - - uses: oxsecurity/megalinter/flavors/dotnet@0e3ce9b9c8c10effb9b269509cc47ca17cae31c7 # v9.5.0 + - uses: oxsecurity/megalinter/flavors/dotnet@ef3e84b8b836d76db562d0f3ed7da61e8fd538bc # v9.6.0 env: APPLY_FIXES: all VALIDATE_ALL_CODEBASE: true GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 if: success() || failure() with: sarif_file: megalinter-reports/megalinter-report.sarif diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index df977cac..e27f5196 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -33,6 +33,6 @@ jobs: results_format: sarif repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: true - - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml index 0b1a1cb7..2b9ed422 100644 --- a/.github/workflows/vulnerability-scan.yml +++ b/.github/workflows/vulnerability-scan.yml @@ -21,12 +21,12 @@ jobs: - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: audit - - uses: crazy-max/ghaction-container-scan@a0a3900b79d158c85ccf034e5368fae620a9233a # v4.0.0 + - uses: crazy-max/ghaction-container-scan@ffcba8deb5cb3531954cbedbbcd0179d79edf510 # v4.1.0 id: scan with: image: ghcr.io/${{ github.repository }}-${{ matrix.flavor }}:latest dockerfile: .devcontainer/Dockerfile - - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + - uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 if: steps.scan.outputs.sarif != '' with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/wc-build-push.yml b/.github/workflows/wc-build-push.yml index 8d725810..32c5e346 100644 --- a/.github/workflows/wc-build-push.yml +++ b/.github/workflows/wc-build-push.yml @@ -82,15 +82,15 @@ jobs: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 with: cache-binary: false - - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + - uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4.3.0 with: registry: ${{ inputs.registry }} username: ${{ secrets.DOCKER_REGISTRY_USERNAME || github.actor }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD || github.token }} - - uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 + - uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0 env: DOCKER_METADATA_SET_OUTPUT_ENV: false id: metadata @@ -115,7 +115,7 @@ jobs: id: devcontainer-epoch - run: echo "arch=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" id: devcontainer-arch - - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 + - uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0 id: build-and-push env: SOURCE_DATE_EPOCH: ${{ steps.devcontainer-epoch.outputs.git-commit-epoch }} @@ -171,15 +171,15 @@ jobs: path: ${{ runner.temp }}/digests pattern: digests-${{ needs.sanitize-image-name.outputs.image-basename }}-* merge-multiple: true - - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 with: cache-binary: false - - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + - uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4.3.0 with: registry: ${{ inputs.registry }} username: ${{ secrets.DOCKER_REGISTRY_USERNAME || github.actor }} password: ${{ secrets.DOCKER_REGISTRY_PASSWORD || github.token }} - - uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 + - uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0 id: metadata env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index @@ -234,7 +234,7 @@ jobs: name: container-diff-${{ needs.sanitize-image-name.outputs.image-basename }} path: container-diff.json retention-days: 10 - - uses: philips-software/amp-devcontainer/.github/actions/container-size-diff@2c922780888f6612f2f4029da7b75f76ee07eaf9 # v7.2.0 + - uses: philips-software/amp-devcontainer/.github/actions/container-size-diff@6ade42bad21bb2f0f99b202a3c1bfbc1a71f49ef # v7.2.1 id: container-size-diff with: from-container: ${{ needs.sanitize-image-name.outputs.fully-qualified-image-name }}:edge diff --git a/.github/workflows/wc-publish-templates.yml b/.github/workflows/wc-publish-templates.yml index b3ec5451..1610a494 100644 --- a/.github/workflows/wc-publish-templates.yml +++ b/.github/workflows/wc-publish-templates.yml @@ -20,7 +20,7 @@ jobs: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + - uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4.3.0 with: registry: ghcr.io username: ${{ github.actor }}