Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/renovate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@
owner: FerrLabs

- name: Checkout config
uses: actions/checkout@v6
uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

- name: Probe GHCR npm read access (informational)
env:
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/reusable-ci-astro.yml
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: pnpm/action-setup@v6
with:
version: ${{ inputs.pnpm-version }}
Expand Down Expand Up @@ -147,7 +147,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: pnpm/action-setup@v6
with:
version: ${{ inputs.pnpm-version }}
Expand All @@ -172,7 +172,7 @@
if: inputs.enable-lighthouse && (github.event_name == 'pull_request' || !inputs.lighthouse-only-pr)
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions/download-artifact@v8
with:
name: site-dist
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/reusable-ci-go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@
outputs:
has_go: ${{ steps.check.outputs.has_go }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- id: check
run: |
if [ -f "${{ inputs.go-version-file }}" ]; then
Expand All @@ -122,7 +122,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: ${{ inputs.go-version }}
Expand Down Expand Up @@ -160,7 +160,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: ${{ inputs.go-version }}
Expand Down Expand Up @@ -213,7 +213,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: ${{ inputs.go-version }}
Expand Down Expand Up @@ -249,7 +249,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: ${{ inputs.go-version }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable-ci-node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- if: inputs.package-manager == 'pnpm'
uses: pnpm/action-setup@v6
with:
Expand Down Expand Up @@ -220,7 +220,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- if: inputs.package-manager == 'pnpm'
uses: pnpm/action-setup@v6
with:
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/reusable-ci-rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- if: inputs.apt-packages != '' && runner.os == 'Linux'
name: Install apt packages
run: |
Expand Down Expand Up @@ -198,7 +198,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- if: inputs.apt-packages != '' && runner.os == 'Linux'
name: Install apt packages
run: |
Expand Down Expand Up @@ -256,7 +256,7 @@
if: inputs.enable-typos
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: crate-ci/typos@master
with:
files: ${{ inputs.working-directory }}
Expand All @@ -276,7 +276,7 @@
run:
working-directory: ${{ inputs.working-directory }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- if: inputs.apt-packages != '' && runner.os == 'Linux'
name: Install apt packages
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reusable-docker-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@
# job below stays on the configured (self-hosted) runner.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: ${{ inputs.context }}/${{ inputs.dockerfile }}
Expand All @@ -107,12 +107,12 @@
outputs:
digest: ${{ steps.push.outputs.digest }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
# The self-hosted ARC runners have buildah, not a Docker daemon — so we
# build/push with buildah (not docker/buildx). The cosign / Trivy / SBOM
# jobs below pull the pushed image from the registry, so they need no
# daemon either. packages-read is exposed to the build as a BuildKit-style
# `--mount=type=secret,id=packages-read`, never as a build-arg.

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Login to GHCR
if: startsWith(inputs.image-name, 'ghcr.io/')
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/reusable-ferrflow-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: ${{ inputs.fetch-depth }}
persist-credentials: false
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/reusable-release-rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@
archive: zip
arch_label: windows-x64
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
Expand Down Expand Up @@ -111,7 +111,7 @@
needs: build
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions/download-artifact@v8
with:
path: artifacts/
Expand All @@ -135,7 +135,7 @@
if: inputs.crate-publish
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
- run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/reusable-security-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,9 @@
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
if: ${{ !github.event.repository.private || inputs.run-on-private }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)
with:
fetch-depth: 0

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install gitleaks
run: |
VERSION=8.21.2
Expand Down Expand Up @@ -91,7 +91,7 @@
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
if: ${{ !github.event.repository.private || inputs.run-on-private }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Detect Go module
id: detect
run: |
Expand Down Expand Up @@ -142,7 +142,7 @@
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
if: ${{ !github.event.repository.private || inputs.run-on-private }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install zizmor
env:
PIP_BREAK_SYSTEM_PACKAGES: '1'
Expand Down Expand Up @@ -183,9 +183,9 @@
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
if: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && (!github.event.repository.private || inputs.run-on-private) }}
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7

Check failure

Code scanning / zizmor

unpinned action reference: action is not pinned to a hash (required by blanket policy) Error

unpinned action reference: action is not pinned to a hash (required by blanket policy)
with:
fetch-depth: 0

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install trufflehog
run: |
mkdir -p "$RUNNER_TEMP/bin"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/reusable-sonarqube-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,14 +47,14 @@
name: SonarQube analysis
runs-on: ${{ inputs.runner != '' && inputs.runner || (github.event.repository.private && 'ferrlabs-k8s' || 'ubuntu-latest') }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
# Full history so SonarQube can attribute new-code and blame.
fetch-depth: 0

# Coverage is produced in an upstream job (test/coverage) and handed over
# as an artifact. Land it inside the analysed dir so reportPaths (relative
# to projectBaseDir) and the lcov's own SF: paths both resolve correctly.

Check notice

Code scanning / zizmor

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false Note

credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Download coverage report
if: inputs.coverage-artifact != ''
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
Expand Down
6 changes: 3 additions & 3 deletions workflow-templates/ci-astro.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
name: Build & Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: pnpm/action-setup@v6
with:
version: 11
Expand Down Expand Up @@ -47,7 +47,7 @@ jobs:
name: i18n parity
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: pnpm/action-setup@v6
with:
version: 11
Expand All @@ -71,7 +71,7 @@ jobs:
if: github.event_name == 'pull_request'
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: actions/download-artifact@v8
with:
name: site-dist
Expand Down
8 changes: 4 additions & 4 deletions workflow-templates/ci-go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
Expand All @@ -40,7 +40,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
Expand All @@ -58,7 +58,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
Expand All @@ -74,7 +74,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: actions/setup-go@v6
with:
go-version-file: go.mod
Expand Down
4 changes: 2 additions & 2 deletions workflow-templates/ci-node.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
name: Test & Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: pnpm/action-setup@v6
with:
version: 11
Expand Down Expand Up @@ -46,7 +46,7 @@ jobs:
name: Quality (knip, madge, audit)
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: pnpm/action-setup@v6
with:
version: 11
Expand Down
8 changes: 4 additions & 4 deletions workflow-templates/ci-rust.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
Expand All @@ -37,7 +37,7 @@ jobs:
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- uses: taiki-e/install-action@v2
Expand All @@ -54,15 +54,15 @@ jobs:
name: Typos
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: crate-ci/typos@v1

coverage:
name: Coverage
if: github.event_name != 'push' || !startsWith(github.event.head_commit.message, 'chore(release):')
runs-on: ferrlabs-k8s
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools-preview
Expand Down
2 changes: 1 addition & 1 deletion workflow-templates/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
matrix:
language: [javascript-typescript]
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
- uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
Expand Down
2 changes: 1 addition & 1 deletion workflow-templates/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
contents: read
actions: read
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v7
with:
persist-credentials: false
- uses: ossf/scorecard-action@v2.4.3
Expand Down
Loading