File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -15,15 +15,15 @@ jobs:
1515 runs-on : ubuntu-latest
1616 steps :
1717 - name : Harden GitHub runner
18- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
18+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
1919 with :
2020 egress-policy : audit
2121
2222 - name : Checkout repository
2323 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2424
2525 - name : Setup Go
26- uses : actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4 .0
26+ uses : actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5 .0
2727 with :
2828 go-version : " stable"
2929 cache : false
Original file line number Diff line number Diff line change 9898 password : ${{ secrets.GITHUB_TOKEN }}
9999
100100 - name : Install Cosign
101- uses : sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
101+ uses : sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
102102
103103 - name : Verify image
104104 env :
Original file line number Diff line number Diff line change 3535 if : success() && startsWith(github.ref, 'refs/tags/')
3636 steps :
3737 - name : Harden GitHub runner
38- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
38+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
3939 with :
4040 egress-policy : audit
4141
4646 ref : main
4747
4848 - name : Setup Go
49- uses : actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4 .0
49+ uses : actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5 .0
5050 with :
5151 go-version : " stable"
5252 cache : true
5656 # GITHUB_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
5757 # run: git config --global url."https://x:${GITHUB_API_TOKEN}@github.com".insteadOf "https://github.com"
5858
59- - uses : sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
60- - uses : anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18 .0
59+ - uses : sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
60+ - uses : anchore/sbom-action/download-syft@e11c554f704a0b820cbf8c51673f6945e0731532 # v0.20 .0
6161 - uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
6262 with :
6363 registry : ghcr.io
Original file line number Diff line number Diff line change @@ -20,15 +20,15 @@ jobs:
2020
2121 steps :
2222 - name : Harden GitHub runner
23- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
23+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
2424 with :
2525 egress-policy : audit
2626
2727 - name : Checkout repository
2828 uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
2929
3030 - name : Setup Go
31- uses : actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4 .0
31+ uses : actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5 .0
3232 with :
3333 go-version : " stable"
3434 cache : false
You can’t perform that action at this time.
0 commit comments