Skip to content

Commit 567d530

Browse files
Bump the actions group with 4 updates (#3258)
Bumps the actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [chainguard-dev/actions](https://github.com/chainguard-dev/actions), [step-security/google-github-auth](https://github.com/step-security/google-github-auth) and [actions/setup-node](https://github.com/actions/setup-node). Updates `step-security/harden-runner` from 2.17.0 to 2.19.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/harden-runner/releases">step-security/harden-runner's releases</a>.</em></p> <blockquote> <h2>v2.19.0</h2> <h2>What's Changed</h2> <h3>New Runner Support</h3> <p>Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.</p> <h3>Automated Incident Response for Supply Chain Attacks</h3> <ul> <li>Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.</li> <li>System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).</li> </ul> <h3>Bug Fixes</h3> <p>Windows and macOS: stability and reliability fixes</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0">https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0</a></p> <h2>v2.18.0</h2> <h2>What's Changed</h2> <p>Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.</p> <p>Deploy on Self-Hosted VM: Added <code>deploy-on-self-hosted-vm</code> input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0">https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40"><code>8d3c67d</code></a> Release v2.19.0 (<a href="https://redirect.github.com/step-security/harden-runner/issues/661">#661</a>)</li> <li><a href="https://github.com/step-security/harden-runner/commit/6c3c2f2c1c457b00c10c4848d6f5491db3b629df"><code>6c3c2f2</code></a> Feature/deploy on self hosted vm (<a href="https://redirect.github.com/step-security/harden-runner/issues/658">#658</a>)</li> <li>See full diff in <a href="https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...8d3c67de8e2fe68ef647c8db1e6a09f647780f40">compare view</a></li> </ul> </details> <br /> Updates `chainguard-dev/actions` from 1.6.14 to 1.6.15 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chainguard-dev/actions/releases">chainguard-dev/actions's releases</a>.</em></p> <blockquote> <h2>v1.6.15</h2> <h2>What's Changed</h2> <ul> <li>build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /kind-diag by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/855">chainguard-dev/actions#855</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /wolfi-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/854">chainguard-dev/actions#854</a></li> <li>build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /nodiff by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/853">chainguard-dev/actions#853</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /melange-build by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/852">chainguard-dev/actions#852</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/847">chainguard-dev/actions#847</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /inky-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/850">chainguard-dev/actions#850</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /goimports by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/849">chainguard-dev/actions#849</a></li> <li>build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /k8s-diag by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/851">chainguard-dev/actions#851</a></li> <li>build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /gofmt by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/848">chainguard-dev/actions#848</a></li> <li>build(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/856">chainguard-dev/actions#856</a></li> <li>setup-registry: Set PORT env var from input through workflow by <a href="https://github.com/markusthoemmes"><code>@​markusthoemmes</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/858">chainguard-dev/actions#858</a></li> <li>setup-registry: Use non-deprecated flag for disk storage by <a href="https://github.com/markusthoemmes"><code>@​markusthoemmes</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/857">chainguard-dev/actions#857</a></li> <li>setup-registry: Always install an actually released version by <a href="https://github.com/markusthoemmes"><code>@​markusthoemmes</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/859">chainguard-dev/actions#859</a></li> <li>build(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/860">chainguard-dev/actions#860</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/actions/compare/v1.6.14...v1.6.15">https://github.com/chainguard-dev/actions/compare/v1.6.14...v1.6.15</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chainguard-dev/actions/commit/061bc0e921116bde1470f51fb5c86d5318f16558"><code>061bc0e</code></a> build(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/860">#860</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/007d4aa93770de8bb4a40b9342e7c920fefc6bb0"><code>007d4aa</code></a> setup-registry: Always install an actually released version (<a href="https://redirect.github.com/chainguard-dev/actions/issues/859">#859</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/f2bea9a4fc28b4066dad7ae699b7208595e4aadd"><code>f2bea9a</code></a> setup-registry: Use non-deprecated flag for disk storage (<a href="https://redirect.github.com/chainguard-dev/actions/issues/857">#857</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/b846e9e9db7ff3872736fbc93ef891216525e747"><code>b846e9e</code></a> setup-registry: Set PORT env var from input through workflow (<a href="https://redirect.github.com/chainguard-dev/actions/issues/858">#858</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/142813aa2e3cccaa75d38eb2a98f0acb9d2e0d3e"><code>142813a</code></a> build(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/856">#856</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/b99da5d8b7e24fd936d011a8288e7f8deee229bd"><code>b99da5d</code></a> build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /gofmt (<a href="https://redirect.github.com/chainguard-dev/actions/issues/848">#848</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/d377ff95dcbf3a2736d8a58ebcb01df7ed8d752b"><code>d377ff9</code></a> build(deps): bump chainguard-dev/actions in /goimports (<a href="https://redirect.github.com/chainguard-dev/actions/issues/849">#849</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/13511fb668810f7d1ee1f4d3cdc427a4c9b86d8c"><code>13511fb</code></a> build(deps): bump actions/upload-artifact in /k8s-diag (<a href="https://redirect.github.com/chainguard-dev/actions/issues/851">#851</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/793bf75b75afcef2e92a286c88a09c59a0e72b67"><code>793bf75</code></a> build(deps): bump chainguard-dev/actions in /inky-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/850">#850</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/99685851afc031849d39e49bffd17464d9e5ecd3"><code>9968585</code></a> build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/847">#847</a>)</li> <li>Additional commits viewable in <a href="https://github.com/chainguard-dev/actions/compare/de68b87302e6266db5fb5220246f8aa46fe94b67...061bc0e921116bde1470f51fb5c86d5318f16558">compare view</a></li> </ul> </details> <br /> Updates `step-security/google-github-auth` from 3.0.1 to 3.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/step-security/google-github-auth/releases">step-security/google-github-auth's releases</a>.</em></p> <blockquote> <h2>v3.0.2</h2> <h2>What's Changed</h2> <ul> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/77">step-security/google-github-auth#77</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/78">step-security/google-github-auth#78</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/79">step-security/google-github-auth#79</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/80">step-security/google-github-auth#80</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/81">step-security/google-github-auth#81</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/82">step-security/google-github-auth#82</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/83">step-security/google-github-auth#83</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/84">step-security/google-github-auth#84</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/85">step-security/google-github-auth#85</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/87">step-security/google-github-auth#87</a></li> <li>fix: Create osv-scanner.toml by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/google-github-auth/pull/88">step-security/google-github-auth#88</a></li> <li>feat: added banner and update subscription check to make maintained actions free for public repos by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/google-github-auth/pull/90">step-security/google-github-auth#90</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/89">step-security/google-github-auth#89</a></li> <li>fix: Security updates by <a href="https://github.com/github-actions"><code>@​github-actions</code></a>[bot] in <a href="https://redirect.github.com/step-security/google-github-auth/pull/91">step-security/google-github-auth#91</a></li> <li>ci: Update actions_release.yml by <a href="https://github.com/Raj-StepSecurity"><code>@​Raj-StepSecurity</code></a> in <a href="https://redirect.github.com/step-security/google-github-auth/pull/92">step-security/google-github-auth#92</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/step-security/google-github-auth/compare/v3...v3.0.2">https://github.com/step-security/google-github-auth/compare/v3...v3.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/step-security/google-github-auth/commit/775fc4c80760272ef389c9f9f8d98de7db0c170d"><code>775fc4c</code></a> Merge pull request <a href="https://redirect.github.com/step-security/google-github-auth/issues/92">#92</a> from step-security/Raj-StepSecurity-patch-8</li> <li><a href="https://github.com/step-security/google-github-auth/commit/ceffbdcbac5fed4338759c185ecedfa56c344c5f"><code>ceffbdc</code></a> ci: Update actions_release.yml</li> <li><a href="https://github.com/step-security/google-github-auth/commit/2088a102f02c8aa286d13892d0e23d1e7cd26850"><code>2088a10</code></a> Merge pull request <a href="https://redirect.github.com/step-security/google-github-auth/issues/91">#91</a> from step-security/npm-audit-fix</li> <li><a href="https://github.com/step-security/google-github-auth/commit/2288be0c201901d860b43da36ee90b52dc99af24"><code>2288be0</code></a> fix: apply audit fixes</li> <li><a href="https://github.com/step-security/google-github-auth/commit/f8d64c2feac0b4631be2f1948beed24390c4f115"><code>f8d64c2</code></a> fix: apply audit fixes</li> <li><a href="https://github.com/step-security/google-github-auth/commit/c5e134b19d7bda2bf45c8bf2ca230264a26340bc"><code>c5e134b</code></a> Merge pull request <a href="https://redirect.github.com/step-security/google-github-auth/issues/90">#90</a> from step-security/feat/update-subscription-check</li> <li><a href="https://github.com/step-security/google-github-auth/commit/49b3389e1f4bff81a23fd57bd0a3a3b04314777b"><code>49b3389</code></a> Update LICENSE</li> <li><a href="https://github.com/step-security/google-github-auth/commit/f9c0fafabeb8630fcdf46502cdfb3fdbaf70d5b3"><code>f9c0faf</code></a> code linted</li> <li><a href="https://github.com/step-security/google-github-auth/commit/894c0f3a8c80cbabe843e10a32ab4b2813c37fc0"><code>894c0f3</code></a> feat: added banner and update subscription check to make maintained actions f...</li> <li><a href="https://github.com/step-security/google-github-auth/commit/bc91c8293bd8ecda0c3bd8ef4d3e374d2d506e36"><code>bc91c82</code></a> Merge pull request <a href="https://redirect.github.com/step-security/google-github-auth/issues/88">#88</a> from step-security/Raj-StepSecurity-patch-7</li> <li>Additional commits viewable in <a href="https://github.com/step-security/google-github-auth/compare/57c51210cb4d85d8a5d39dc4c576c79bd693f914...775fc4c80760272ef389c9f9f8d98de7db0c170d">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-node` from 6.3.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Dependency updates:</h3> <ul> <li>Upgrade <a href="https://github.com/actions"><code>@​actions</code></a> dependencies by <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> <li>Update Node.js versions in versions.yml and bump package to v6.4.0 by <a href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1533">actions/setup-node#1533</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@​Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1525">actions/setup-node#1525</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.4.0">https://github.com/actions/setup-node/compare/v6...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e"><code>48b55a0</code></a> Update Node.js versions in versions.yml and bump package to v6.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1533">#1533</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/ab72c7e7eba0eaa11f8cab0f5679243900c2cac9"><code>ab72c7e</code></a> Upgrade <a href="https://github.com/actions"><code>@​actions</code></a> dependencies (<a href="https://redirect.github.com/actions/setup-node/issues/1525">#1525</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 05de659 commit 567d530

13 files changed

Lines changed: 23 additions & 23 deletions

.github/workflows/actionlint.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
name: Action lint
2525
runs-on: ubuntu-latest
2626
steps:
27-
- uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
27+
- uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
2828
with:
2929
egress-policy: block
3030
allowed-endpoints: >

.github/workflows/autodocs-platform.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,19 +22,19 @@ jobs:
2222

2323
steps:
2424
- name: 'Github Actions Runner'
25-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
25+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
2626
with:
2727
egress-policy: audit
2828

2929
- name: 'Checkout default branch to $GITHUB_WORKSPACE dir'
3030
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3131

3232
- name: 'Setup gitsign'
33-
uses: chainguard-dev/actions/setup-gitsign@de68b87302e6266db5fb5220246f8aa46fe94b67 # v1.6.14
33+
uses: chainguard-dev/actions/setup-gitsign@061bc0e921116bde1470f51fb5c86d5318f16558 # v1.6.15
3434

3535
- name: Authenticate to Google Cloud
3636
id: auth
37-
uses: step-security/google-github-auth@57c51210cb4d85d8a5d39dc4c576c79bd693f914 # v3.0.1
37+
uses: step-security/google-github-auth@775fc4c80760272ef389c9f9f8d98de7db0c170d # v3.0.2
3838
with:
3939
service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"
4040
workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"
@@ -44,7 +44,7 @@ jobs:
4444
project_id: "${{ secrets.PROJECT_ID }}"
4545
storage_bucket: "${{ secrets.STORAGE_BUCKET }}"
4646

47-
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
47+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
4848
with:
4949
node-version: 16
5050

.github/workflows/build-terminal-images.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
3535
steps:
3636
- name: 'Github Actions Runner'
37-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
37+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
3838
with:
3939
egress-policy: audit
4040

@@ -57,7 +57,7 @@ jobs:
5757
5858
- name: Authenticate to Google Cloud
5959
id: auth
60-
uses: step-security/google-github-auth@57c51210cb4d85d8a5d39dc4c576c79bd693f914 # v3.0.1
60+
uses: step-security/google-github-auth@775fc4c80760272ef389c9f9f8d98de7db0c170d # v3.0.2
6161
with:
6262
service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"
6363
workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"

.github/workflows/check-links.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626

2727
steps:
2828
- name: 'Github Actions Runner'
29-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
29+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
3030
with:
3131
egress-policy: audit
3232

.github/workflows/cloud-run.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,14 +23,14 @@ jobs:
2323

2424
steps:
2525
- name: 'Github Actions Runner'
26-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
26+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
2727
with:
2828
egress-policy: audit
2929

3030
- name: 'Checkout default branch to $GITHUB_WORKSPACE dir'
3131
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
3232

33-
- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
33+
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
3434
with:
3535
node-version: 20
3636

@@ -53,7 +53,7 @@ jobs:
5353

5454
- name: Authenticate to Google Cloud
5555
id: auth
56-
uses: step-security/google-github-auth@57c51210cb4d85d8a5d39dc4c576c79bd693f914 # v3.0.1
56+
uses: step-security/google-github-auth@775fc4c80760272ef389c9f9f8d98de7db0c170d # v3.0.2
5757
with:
5858
token_format: 'access_token'
5959
project_id: '${{ secrets.PROJECT_ID }}'

.github/workflows/compile-ai-docs-from-gcs.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737

3838
steps:
3939
- name: Harden Runner
40-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
40+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
4141
with:
4242
egress-policy: block
4343
allowed-endpoints: >
@@ -71,7 +71,7 @@ jobs:
7171
# persist-credentials left enabled — this workflow needs git push
7272

7373
- name: Authenticate to Google Cloud
74-
uses: step-security/google-github-auth@57c51210cb4d85d8a5d39dc4c576c79bd693f914 # v3.0.1
74+
uses: step-security/google-github-auth@775fc4c80760272ef389c9f9f8d98de7db0c170d # v3.0.2
7575
with:
7676
workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"
7777
service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"

.github/workflows/compile-docs-on-webhook.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121

2222
steps:
2323
- name: Harden the runner (Audit all outbound calls)
24-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
24+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
2525
with:
2626
egress-policy: audit
2727

.github/workflows/compile-docs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333

3434
steps:
3535
- name: Harden the runner
36-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
36+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
3737
with:
3838
egress-policy: block
3939
allowed-endpoints: >

.github/workflows/compile-public-docs.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ jobs:
3737

3838
steps:
3939
- name: Harden the runner
40-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
40+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
4141
with:
4242
egress-policy: block
4343
allowed-endpoints: >

.github/workflows/export-edu-docs-to-gcs.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626

2727
steps:
2828
- name: Harden Runner
29-
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
29+
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
3030
with:
3131
egress-policy: audit
3232

@@ -36,7 +36,7 @@ jobs:
3636
persist-credentials: false # Don't persist auth token
3737

3838
- name: Authenticate to Google Cloud
39-
uses: step-security/google-github-auth@57c51210cb4d85d8a5d39dc4c576c79bd693f914 # v3.0.1
39+
uses: step-security/google-github-auth@775fc4c80760272ef389c9f9f8d98de7db0c170d # v3.0.2
4040
with:
4141
workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"
4242
service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"

0 commit comments

Comments
 (0)