File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -110,10 +110,12 @@ jobs:
110110 *.sigstore.dev:443
111111 *.trivy.dev:443
112112 api.github.com:443
113+ codeload.github.com:443
113114 docker-images-prod.*.r2.cloudflarestorage.com:443
114115 ghcr.io:443
115116 github.com:443
116117 mirror.gcr.io:443
118+ release-assets.githubusercontent.com:443
117119 ${{ inputs.egress-policy-allowlist }}
118120 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
119121 with :
@@ -180,7 +182,7 @@ jobs:
180182 echo "local_image_ref=${LOCAL_IMAGE_REF}"
181183 } >> "${GITHUB_OUTPUT}"
182184 - name : Run Trivy Scan
183- uses : aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # v0.34.1
185+ uses : aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
184186 if : inputs.scan-image
185187 with :
186188 format : sarif
@@ -191,7 +193,7 @@ jobs:
191193 output : ${{ inputs.working-directory }}/trivy_results.sarif
192194 github-pat : ${{ secrets.GITHUB_TOKEN }}
193195 - name : Generate SBOM
194- uses : aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # v0.34.1
196+ uses : aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
195197 if : inputs.push
196198 with :
197199 format : spdx-json
Original file line number Diff line number Diff line change @@ -100,7 +100,7 @@ jobs:
100100 filter_mode : nofilter
101101 tool_name : actionlint
102102 - name : Install uv
103- uses : astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
103+ uses : astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
104104 with :
105105 enable-cache : true
106106 - name : Run zizmor
Original file line number Diff line number Diff line change 8888 installer-parallel : true
8989
9090 # ----- UV -----
91- - uses : astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
91+ - uses : astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
9292 if : ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }}
9393 with :
9494 enable-cache : true
Original file line number Diff line number Diff line change 8787 installer-parallel : true
8888
8989 # ----- UV -----
90- - uses : astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
90+ - uses : astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
9191 if : ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }}
9292 with :
9393 enable-cache : true
Original file line number Diff line number Diff line change 6666 installer-parallel : true
6767
6868 # ----- UV -----
69- - uses : astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
69+ - uses : astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
7070 if : ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }}
7171 with :
7272 enable-cache : true
Original file line number Diff line number Diff line change 6666 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
6767 with :
6868 persist-credentials : false
69- - uses : actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
69+ - uses : actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3
7070 with :
7171 components : rustfmt
7272 toolchain : ${{ inputs.rust-version }}
9999 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
100100 with :
101101 persist-credentials : false
102- - uses : actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
102+ - uses : actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3
103103 with :
104104 toolchain : ${{ inputs.rust-version }}
105105 cache-workspaces : |-
@@ -132,7 +132,7 @@ jobs:
132132 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
133133 with :
134134 persist-credentials : false
135- - uses : actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
135+ - uses : actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3
136136 with :
137137 components : clippy
138138 toolchain : ${{ inputs.rust-version }}
@@ -204,7 +204,7 @@ jobs:
204204 uses : mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
205205 with :
206206 version : latest
207- - uses : actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
207+ - uses : actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 # v1.15.3
208208 with :
209209 toolchain : ${{ inputs.rust-version }}
210210 cache-workspaces : |-
Original file line number Diff line number Diff line change 5252 disable-sudo : ${{ inputs.disable-sudo }}
5353 egress-policy : audit
5454 allowed-endpoints : >
55+ codeload.github.com:443
5556 raw.githubusercontent.com:443
57+ release-assets.githubusercontent.com:443
5658 ${{ inputs.egress-policy-allowlist }}
5759 - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
5860 with :
@@ -101,7 +103,7 @@ jobs:
101103 filter_mode : nofilter
102104
103105 - name : Run Trivy Scan
104- uses : aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # v0.34.1
106+ uses : aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
105107 with :
106108 hide-progress : true
107109 format : sarif
Original file line number Diff line number Diff line change 11__pycache__ /
2+ .cache
23.mypy_cache
34.pytest_cache
45.ruff_cache
You can’t perform that action at this time.
0 commit comments