diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index 21c44ea..00c7c4b 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -133,7 +133,7 @@ jobs: run: gh pr review --approve "$PR_URL" - name: Wait for all workflow runs to complete - uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 with: pr-url: ${{ env.PR_URL }} github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/bump-release-monorepo.yml b/.github/workflows/bump-release-monorepo.yml index 4d9afe6..41d1fd2 100644 --- a/.github/workflows/bump-release-monorepo.yml +++ b/.github/workflows/bump-release-monorepo.yml @@ -127,7 +127,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -136,7 +136,7 @@ jobs: - name: Detect go mono-repo id: detect-monorepo - uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 bump-release-single: name: Bump release (single module) @@ -195,7 +195,7 @@ jobs: - name: Determine next tag id: bump-release - uses: go-openapi/gh-actions/ci-jobs/next-tag@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/next-tag@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 with: bump-patch: ${{ steps.bump-check.outputs.bump-patch }} bump-minor: ${{ steps.bump-check.outputs.bump-minor }} @@ -298,7 +298,7 @@ jobs: ref: ${{ github.ref }} - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -307,7 +307,7 @@ jobs: - name: Configure bot credentials if: ${{ inputs.enable-tag-signing == 'true' }} - uses: go-openapi/gh-actions/ci-jobs/bot-credentials@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/bot-credentials@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 # This is using the GPG signature of bot-go-openapi. # # For go-openapi repos (using secrets: inherit): diff --git a/.github/workflows/bump-release.yml b/.github/workflows/bump-release.yml index 73ee2cf..6c172ad 100644 --- a/.github/workflows/bump-release.yml +++ b/.github/workflows/bump-release.yml @@ -114,7 +114,7 @@ jobs: - name: Determine next tag id: bump-release - uses: go-openapi/gh-actions/ci-jobs/next-tag@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/next-tag@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 with: bump-patch: ${{ steps.bump-check.outputs.bump-patch }} bump-minor: ${{ steps.bump-check.outputs.bump-minor }} @@ -122,7 +122,7 @@ jobs: - name: Configure bot credentials if: ${{ inputs.enable-tag-signing == 'true' }} - uses: go-openapi/gh-actions/ci-jobs/bot-credentials@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/bot-credentials@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 # This is using the GPG signature of bot-go-openapi. # # For go-openapi repos (using secrets: inherit): diff --git a/.github/workflows/collect-coverage.yml b/.github/workflows/collect-coverage.yml index d044bb2..b027980 100644 --- a/.github/workflows/collect-coverage.yml +++ b/.github/workflows/collect-coverage.yml @@ -21,14 +21,14 @@ jobs: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true cache: true - name: Download coverage artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: run-id: "${{ github.run_id }}" pattern: "*.coverage.*" diff --git a/.github/workflows/collect-reports.yml b/.github/workflows/collect-reports.yml index cbb4b37..921842d 100644 --- a/.github/workflows/collect-reports.yml +++ b/.github/workflows/collect-reports.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Download test report artifacts - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: run-id: "${{ github.run_id }}" pattern: "*.report.*" @@ -32,7 +32,7 @@ jobs: path: reports/ - name: Install go-junit-report - uses: go-openapi/gh-actions/install/go-junit-report@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/install/go-junit-report@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Convert test reports to a merged JUnit XML # NOTE: codecov test reports only support JUnit format at this moment. See https://docs.codecov.com/docs/test-analytics. @@ -57,7 +57,7 @@ jobs: verbose: true - name: Install go-ctrf-json-reporter - uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/install/go-ctrf-json-reporter@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Convert test reports to CTRF JSON # description: | diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index ee29ab4..c0ca513 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -80,7 +80,7 @@ jobs: rm -rf contributors.json mv contributors.md CONTRIBUTORS.md - name: Configure bot credentials - uses: go-openapi/gh-actions/ci-jobs/bot-credentials@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/bot-credentials@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 id: bot-credentials # For go-openapi repos (using secrets: inherit): # Falls back to: CI_BOT_APP_ID, CI_BOT_APP_PRIVATE_KEY, CI_BOT_GPG_PRIVATE_KEY, etc. @@ -145,7 +145,7 @@ jobs: - name: Auto-approve PR run: gh pr review --approve "$PR_URL" - name: Wait for all workflow runs to complete - uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 with: pr-url: ${{ env.PR_URL }} github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/fuzz-test.yml b/.github/workflows/fuzz-test.yml index ae7c2e7..f25db54 100644 --- a/.github/workflows/fuzz-test.yml +++ b/.github/workflows/fuzz-test.yml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -63,7 +63,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -151,7 +151,7 @@ jobs: - name: Upload failed cases if: ${{ failure() }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 # TODO(fredbi): ideally, after uploading, we should fire a pull request to add # this corpus to testdata. with: @@ -163,7 +163,7 @@ jobs: name: Upload current corpus # This is the current corpus, it does not contain the latest failed case if: ${{ always() }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: ${{ env.CORPUS_DIR }} name: '${{ runner.os }}-fuzz-corpus-${{ matrix.test }}' diff --git a/.github/workflows/go-test-monorepo.yml b/.github/workflows/go-test-monorepo.yml index 8030681..91663a1 100644 --- a/.github/workflows/go-test-monorepo.yml +++ b/.github/workflows/go-test-monorepo.yml @@ -33,7 +33,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -42,7 +42,7 @@ jobs: - name: Detect go mono-repo id: detect-monorepo - uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: golangci-lint [monorepo] # golangci-action v9.1+ has an experimental built-in mono repo detection setup. @@ -101,7 +101,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 id: go-setup with: go-version: '${{ matrix.go }}' @@ -111,10 +111,10 @@ jobs: - name: Detect go version capabilities id: detect-go-version - uses: go-openapi/gh-actions/ci-jobs/detect-go-version@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/detect-go-version@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Install gotestsum - uses: go-openapi/gh-actions/install/gotestsum@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/install/gotestsum@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Ensure TMP is created on windows runners # On windows, some tests require testing.TempDir to reside on the same drive as the code. @@ -193,7 +193,7 @@ jobs: ./... - name: Upload coverage artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: # *.coverage.* pattern is automatically detected by codecov path: '**/*.coverage.*.out' @@ -203,7 +203,7 @@ jobs: name: Upload test report artifacts # upload report even if tests fail. BTW, this is when they are valuable. if: ${{ !cancelled() }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: '**/unit.report.*.json' name: 'unit.report.${{ matrix.os }}-${{ matrix.go }}' diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index f1e1e91..c39b8fe 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -24,7 +24,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -51,14 +51,14 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: '${{ matrix.go }}' check-latest: true cache: true - name: Install gotestsum - uses: go-openapi/gh-actions/install/gotestsum@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/install/gotestsum@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Ensure TMP is created on windows runners # On windows, some tests require testing.TempDir to reside on the same drive as the code. @@ -87,7 +87,7 @@ jobs: ./... - name: Upload coverage artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: # *.coverage.* pattern is automatically detected by codecov path: '**/*.coverage.*.out' @@ -97,7 +97,7 @@ jobs: name: Upload test report artifacts # upload report even if test fail. BTW, this is when they are valuable. if: ${{ !cancelled() }} - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: '**/unit.report.*.json' name: 'unit.report.${{ matrix.os }}-${{ matrix.go }}' diff --git a/.github/workflows/prepare-release-monorepo.yml b/.github/workflows/prepare-release-monorepo.yml index 02026ec..9e1f534 100644 --- a/.github/workflows/prepare-release-monorepo.yml +++ b/.github/workflows/prepare-release-monorepo.yml @@ -100,7 +100,7 @@ jobs: with: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -108,7 +108,7 @@ jobs: cache-dependency-path: "**/go.sum" - name: Detect go mono-repo id: detect-monorepo - uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Update go.mod files for new release env: TARGET_TAG: ${{ inputs.target-tag }} @@ -178,7 +178,7 @@ jobs: echo "::notice title=changes::Git status after updates" git status --short - name: Configure bot credentials - uses: go-openapi/gh-actions/ci-jobs/bot-credentials@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/bot-credentials@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 id: bot-credentials # For go-openapi repos (using secrets: inherit): # Falls back to: CI_BOT_APP_ID, CI_BOT_APP_PRIVATE_KEY, CI_BOT_GPG_PRIVATE_KEY, etc. @@ -261,7 +261,7 @@ jobs: run: gh pr review --approve "$PR_URL" - name: Wait for all workflow runs to complete if: ${{ needs.prepare-modules.outputs.pull-request-url != '' }} - uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/wait-pending-jobs@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 with: pr-url: ${{ env.PR_URL }} github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bf99dc7..46f7361 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -55,7 +55,7 @@ jobs: ref: ${{ inputs.tag }} fetch-tags: true - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true @@ -89,11 +89,11 @@ jobs: name: Detect go mono-repo if: ${{ inputs.is-monorepo == 'true' }} id: detect-monorepo - uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@f94d1f200adab8d24b37584e5f61795a6062421d # v1.4.6 + uses: go-openapi/gh-actions/ci-jobs/detect-go-monorepo@23cdaeff454807ac293a6e98cff552a2ea49be63 # v1.4.7 - name: Install git-cliff [monorepo] if: ${{ inputs.is-monorepo == 'true' }} - uses: taiki-e/install-action@7f491e26f71f4ec2e6902c7c95c73043f209ab79 # v2.68.9 + uses: taiki-e/install-action@aba36d755ec7ca22d38b12111787c26115943952 # v2.68.12 with: tool: git-cliff - diff --git a/.github/workflows/scanner.yml b/.github/workflows/scanner.yml index 1345efb..3a0fa42 100644 --- a/.github/workflows/scanner.yml +++ b/.github/workflows/scanner.yml @@ -31,7 +31,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: stable check-latest: true