diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 87a50a5..508a881 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -44,7 +44,7 @@ jobs: - uses: actions/checkout@v6.0.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4.0.0 + uses: docker/setup-buildx-action@v4.1.0 - name: Check formatting run: make install-deps && make lint diff --git a/.github/workflows/docker-scout.yml b/.github/workflows/docker-scout.yml index 252f452..c148e6a 100644 --- a/.github/workflows/docker-scout.yml +++ b/.github/workflows/docker-scout.yml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Build image - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: file: Dockerfile build-args: | @@ -37,13 +37,15 @@ jobs: tags: xianpengshen/clang-tools:21 - name: Login to Docker Hub - uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + if: github.actor != 'dependabot[bot]' + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Docker Scout CVEs - uses: docker/scout-action@bacf462e8d090c09660de30a6ccc718035f961e3 # v1.20.4 + if: github.actor != 'dependabot[bot]' + uses: docker/scout-action@cd72f264beff1cd72735de31148b9d3244a0234a # v1.21.0 with: command: cves image: xianpengshen/clang-tools:21 @@ -51,6 +53,7 @@ jobs: only-severities: critical,high - name: Upload SARIF to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@03e4368ac7daa2bd82b3e85262f3bf87ee112f57 # v3.35.1 + if: github.actor != 'dependabot[bot]' + uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v3.35.1 with: sarif_file: scout.sarif