chore: Update CI workflow to use latest versions of actions for checkout, Terraform setup, Trivy scan, and paths filter, ensuring improved compatibility and security.

Arnel Jan Sarmiento · Arnel Jan Sarmiento · commit 756ca391a1f6 · 2026-04-11T16:22:08.000+08:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -14,8 +14,8 @@ jobs:
     name: Terraform fmt
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: hashicorp/setup-terraform@b9cd54531c595c8e4b82fe9d11d6c0c9e6a5a8b1 # v3.1.2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TF_VERSION }}
       - run: terraform fmt -recursive -check .
@@ -28,8 +28,8 @@ jobs:
       matrix:
         workspace: [root, prod, nonprod, sandbox]
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: hashicorp/setup-terraform@b9cd54531c595c8e4b82fe9d11d6c0c9e6a5a8b1 # v3.1.2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TF_VERSION }}
       - run: terraform -chdir=workspaces/${{ matrix.workspace }} init -backend=false
@@ -39,8 +39,8 @@ jobs:
     name: Trivy IaC scan
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.30.0
+      - uses: actions/checkout@v4
+      - uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: config
           scan-ref: .
@@ -52,10 +52,10 @@ jobs:
     name: Secret scan
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: gitleaks/gitleaks-action@ff98106e4c7891a408dccf9dcb36fa6f39a34b8e # v2.3.9
+      - uses: gitleaks/gitleaks-action@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -70,8 +70,8 @@ jobs:
       nonprod: ${{ steps.filter.outputs.nonprod }}
       sandbox: ${{ steps.filter.outputs.sandbox }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      - uses: actions/checkout@v4
+      - uses: dorny/paths-filter@v3
         id: filter
         with:
           filters: |
@@ -96,8 +96,8 @@ jobs:
     env:
       TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: hashicorp/setup-terraform@b9cd54531c595c8e4b82fe9d11d6c0c9e6a5a8b1 # v3.1.2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TF_VERSION }}
       - run: terraform -chdir=workspaces/root init
@@ -111,8 +111,8 @@ jobs:
     env:
       TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: hashicorp/setup-terraform@b9cd54531c595c8e4b82fe9d11d6c0c9e6a5a8b1 # v3.1.2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TF_VERSION }}
       - run: terraform -chdir=workspaces/prod init
@@ -126,8 +126,8 @@ jobs:
     env:
       TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: hashicorp/setup-terraform@b9cd54531c595c8e4b82fe9d11d6c0c9e6a5a8b1 # v3.1.2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TF_VERSION }}
       - run: terraform -chdir=workspaces/nonprod init
@@ -141,8 +141,8 @@ jobs:
     env:
       TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: hashicorp/setup-terraform@b9cd54531c595c8e4b82fe9d11d6c0c9e6a5a8b1 # v3.1.2
+      - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TF_VERSION }}
       - run: terraform -chdir=workspaces/sandbox init
