From ee6ed96d297c906dacbf3db17eb7f9123f6c978f Mon Sep 17 00:00:00 2001 From: Marcus Burghardt Date: Fri, 3 Jul 2026 09:02:34 +0200 Subject: [PATCH] ci: align workflow dependencies to latest official releases Update actions/setup-go from v5.2.0 to v6.5.0 in ci.yml and release.yml. Pin all complytime/org-infra reusable workflow references to the v0.5.0 release SHA (638b2037) instead of arbitrary main branch commits: - reusable_ci.yml: 37b9e820 (main) -> 638b2037 (v0.5.0) - reusable_security.yml: comment updated from main to v0.5.0 - reusable_vuln_scan.yml: comment updated from main to v0.5.0 - reusable_publish_ghcr.yml: 68fa970f (main) -> 638b2037 (v0.5.0) - reusable_trivy_image_scan.yml: e266be09 (main) -> 638b2037 (v0.5.0) - reusable_sign_and_verify.yml: e30c5cd8 (main) -> 638b2037 (v0.5.0) Already up to date (no changes needed): - actions/checkout v7.0.0 - softprops/action-gh-release v3.0.1 Supersedes: #96, #97, #98, #99, #102 Assisted-by: OpenCode (claude-opus-4-6) Signed-off-by: Marcus Burghardt --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/container.yml | 6 +++--- .github/workflows/release.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 231df71..899d6cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a2405e6aebff6aabd8e43618539aa35cf90ac92 # v5.2.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: ${{ matrix.go-version }} @@ -51,7 +51,7 @@ jobs: call_reusable_ci: name: Standardized CI - uses: complytime/org-infra/.github/workflows/reusable_ci.yml@37b9e82025fb9d0b4079cfe0bbd7f0434f79e692 # main + uses: complytime/org-infra/.github/workflows/reusable_ci.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # v0.5.0 permissions: contents: read issues: read @@ -59,7 +59,7 @@ jobs: call_reusable_security: name: Security Scan - uses: complytime/org-infra/.github/workflows/reusable_security.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # main + uses: complytime/org-infra/.github/workflows/reusable_security.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # v0.5.0 permissions: contents: read id-token: write @@ -68,7 +68,7 @@ jobs: call_reusable_vuln_scan: name: Vulnerability Scan - uses: complytime/org-infra/.github/workflows/reusable_vuln_scan.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # main + uses: complytime/org-infra/.github/workflows/reusable_vuln_scan.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # v0.5.0 permissions: contents: read actions: read diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 3a4f050..baf9df6 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -12,7 +12,7 @@ permissions: jobs: push: - uses: complytime/org-infra/.github/workflows/reusable_publish_ghcr.yml@68fa970f535858f703369a6de4baa2237c38fa3c # main + uses: complytime/org-infra/.github/workflows/reusable_publish_ghcr.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # v0.5.0 permissions: contents: read packages: write @@ -33,7 +33,7 @@ jobs: always() && needs.push.result == 'success' && needs.push.outputs.image != '' - uses: complytime/org-infra/.github/workflows/reusable_trivy_image_scan.yml@e266be092e71ac9343fcd6d5cafc50402161981e # main + uses: complytime/org-infra/.github/workflows/reusable_trivy_image_scan.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # v0.5.0 permissions: contents: read packages: write @@ -49,7 +49,7 @@ jobs: if: >- always() && needs.push.result == 'success' - uses: complytime/org-infra/.github/workflows/reusable_sign_and_verify.yml@e30c5cd87e7aeddb8aa7bfeccff4d362bd886270 # main + uses: complytime/org-infra/.github/workflows/reusable_sign_and_verify.yml@638b2037394ca0f0b860a135c7c27dce75fd3c03 # v0.5.0 permissions: contents: read packages: write diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2f5660d..f3d9ce7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -24,7 +24,7 @@ jobs: persist-credentials: false - name: Set up Go - uses: actions/setup-go@4a2405e6aebff6aabd8e43618539aa35cf90ac92 # v5.2.0 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: '1.26' cache: false