diff --git a/.github/workflows/build-workspace-images.yml b/.github/workflows/build-workspace-images.yml index 91da2cc..f3ec1f4 100644 --- a/.github/workflows/build-workspace-images.yml +++ b/.github/workflows/build-workspace-images.yml @@ -74,7 +74,7 @@ jobs: # Checkout # ------------------------------------------------------------------- - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: fetch-depth: 0 @@ -82,12 +82,12 @@ jobs: # Python + uv (for build-provider.py staging) # ------------------------------------------------------------------- - name: Install uv - uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v6 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v6 with: enable-cache: true - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.12" @@ -146,7 +146,7 @@ jobs: # ------------------------------------------------------------------- - name: Log in to GHCR if: steps.version.outputs.should_push == 'true' - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -183,7 +183,7 @@ jobs: # ------------------------------------------------------------------- - name: Build and push image id: push - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: build/${{ matrix.provider }} file: build/${{ matrix.provider }}/Dockerfile @@ -201,7 +201,7 @@ jobs: # ------------------------------------------------------------------- - name: Install cosign if: steps.version.outputs.should_push == 'true' - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - name: Sign image with cosign if: steps.version.outputs.should_push == 'true' diff --git a/.github/workflows/claude-cli-version-check.yml b/.github/workflows/claude-cli-version-check.yml index 693275a..3c2e9c4 100644 --- a/.github/workflows/claude-cli-version-check.yml +++ b/.github/workflows/claude-cli-version-check.yml @@ -14,7 +14,7 @@ jobs: check-version: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Get pinned version from Dockerfile id: pinned @@ -48,7 +48,7 @@ jobs: - name: Open issue if version changed if: steps.pinned.outputs.version != steps.latest.outputs.version - uses: actions/github-script@v8 + uses: actions/github-script@v9 with: script: | const pinned = '${{ steps.pinned.outputs.version }}'; diff --git a/.github/workflows/plugin-tag.yml b/.github/workflows/plugin-tag.yml index 2329fc3..521ec29 100644 --- a/.github/workflows/plugin-tag.yml +++ b/.github/workflows/plugin-tag.yml @@ -12,7 +12,7 @@ jobs: name: Tag Plugin Versions runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 2 diff --git a/.github/workflows/qa.yml b/.github/workflows/qa.yml index 27d0c0c..114aaf5 100644 --- a/.github/workflows/qa.yml +++ b/.github/workflows/qa.yml @@ -41,16 +41,16 @@ jobs: steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Setup UV - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true cache-dependency-glob: "${{ matrix.package.path }}/uv.lock" - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: ${{ matrix.package.python }} @@ -79,15 +79,15 @@ jobs: name: Python Hooks & Unit Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Setup UV - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "3.12" @@ -107,16 +107,16 @@ jobs: name: Consumer Contract Tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Setup UV - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true cache-dependency-glob: "tests/consumer_contracts/uv.lock" - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "3.12" @@ -136,10 +136,10 @@ jobs: name: Plugin Validation runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@v6.2.0 with: python-version: "3.12" @@ -350,7 +350,7 @@ jobs: if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@v6.0.2 with: fetch-depth: 0