diff --git a/.github/workflows/cd-production.yaml b/.github/workflows/cd-production.yaml index 5f701a3..8b0d8b4 100644 --- a/.github/workflows/cd-production.yaml +++ b/.github/workflows/cd-production.yaml @@ -25,10 +25,10 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -40,7 +40,7 @@ jobs: # https://github.com/marketplace/actions/pypi-publish - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: attestations: false packages-dir: dist/ @@ -63,10 +63,10 @@ jobs: run: sleep 15 - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -102,7 +102,7 @@ jobs: fi - name: Post message to Slack - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: method: chat.postMessage token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}" diff --git a/.github/workflows/cd-staging.yaml b/.github/workflows/cd-staging.yaml index 507fb1f..5970f67 100644 --- a/.github/workflows/cd-staging.yaml +++ b/.github/workflows/cd-staging.yaml @@ -41,13 +41,13 @@ jobs: # instead of PAT, github_app_id and github_app_pem_file are used by this workflow because # we have tag-based ruleset in place to restrict ACTOR from bypassing tag protection. id: generate-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 with: app-id: ${{ secrets.SECRET_GITHUB_APP_ID }} private-key: ${{ secrets.SECRET_GITHUB_APP_PEM_FILE }} - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: token: ${{ steps.generate-token.outputs.token }} @@ -73,10 +73,10 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -88,7 +88,7 @@ jobs: # https://github.com/marketplace/actions/pypi-publish - name: Publish package distributions to TestPyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: attestations: false packages-dir: dist/ @@ -111,10 +111,10 @@ jobs: run: sleep 15 - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ env.PYTHON_VERSION }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -160,7 +160,7 @@ jobs: fi - name: Post message to Slack - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: method: chat.postMessage token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f03badb..db9d0e5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,7 +65,7 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - id: set-release-branch shell: bash @@ -86,7 +86,7 @@ jobs: - name: Download distributions if: ${{ github.event.repository.language == 'Python' }} id: artifact-download - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1 with: artifact-ids: "${{ needs.build-test.outputs.ARTIFACT_ID }}" run-id: "${{ needs.build-test.outputs.WORKFLOW_RUN_ID }}" @@ -151,7 +151,7 @@ jobs: fi - name: Post message to Slack - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: method: chat.postMessage token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}" diff --git a/.github/workflows/cron-tasks.yaml b/.github/workflows/cron-tasks.yaml index 9793bc5..a6ed3d3 100644 --- a/.github/workflows/cron-tasks.yaml +++ b/.github/workflows/cron-tasks.yaml @@ -31,10 +31,10 @@ jobs: steps: - id: checkout-source-code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # 6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2 - id: setup-Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -54,7 +54,7 @@ jobs: echo "COV_PER=$(coverage report | grep TOTAL | awk '{print $6}')" >> "$GITHUB_OUTPUT" - id: upload-coverage - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage path: htmlcov/ @@ -135,7 +135,7 @@ jobs: steps: - name: Run stale-issues-prs id: stale-issues-prs - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1 + uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 with: stale-issue-message: 'This issue is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 3 days after stale' days-before-stale: 5 @@ -202,7 +202,7 @@ jobs: fi - name: Post message to Slack - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: method: chat.postMessage token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}" diff --git a/.github/workflows/reusable-build-test.yaml b/.github/workflows/reusable-build-test.yaml index faf9416..0340934 100644 --- a/.github/workflows/reusable-build-test.yaml +++ b/.github/workflows/reusable-build-test.yaml @@ -41,10 +41,10 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ matrix.python }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python }} @@ -65,7 +65,7 @@ jobs: # set and get artifacts - name: Upload distributions id: upload-distributions - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a #v7.0.1 with: name: distributions-${{ matrix.python }} path: dist/ @@ -112,10 +112,10 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ matrix.python }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python }} @@ -131,7 +131,7 @@ jobs: - name: Upload Coverage if: always() id: upload-coverage - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a #v7.0.1 with: name: coverage-${{ matrix.python }} path: htmlcov/ diff --git a/.github/workflows/reusable-codeql.yaml b/.github/workflows/reusable-codeql.yaml index 2229fbf..16f41b9 100644 --- a/.github/workflows/reusable-codeql.yaml +++ b/.github/workflows/reusable-codeql.yaml @@ -35,27 +35,27 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ matrix.python }} - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python }} - name: Initialize CodeQL - uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} queries: security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: output: codeql-results/ - name: Upload codeql-${{ matrix.language }} id: upload-artifacts - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a #v7.0.1 with: name: codeql-${{ matrix.language }} path: codeql-results/ diff --git a/.github/workflows/reusable-dependency-review.yaml b/.github/workflows/reusable-dependency-review.yaml index b51e065..5f4d172 100644 --- a/.github/workflows/reusable-dependency-review.yaml +++ b/.github/workflows/reusable-dependency-review.yaml @@ -14,10 +14,10 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Pull Request Dependency Review - uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # 4.8.2 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # 4.9.0 with: license-check: false vulnerability-check: true diff --git a/.github/workflows/reusable-pre-commit.yaml b/.github/workflows/reusable-pre-commit.yaml index ce5bb57..1ed48d6 100644 --- a/.github/workflows/reusable-pre-commit.yaml +++ b/.github/workflows/reusable-pre-commit.yaml @@ -22,10 +22,10 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ env.PYTHON_VERSION }} @@ -48,12 +48,12 @@ jobs: hadolint --version - name: Install terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_version: ${{ env.TERRAFORM_VERSION }} - name: Install tflint - uses: terraform-linters/setup-tflint@4cb9feea73331a35b422df102992a03a44a3bb33 # v6.2.1 + uses: terraform-linters/setup-tflint@b480b8fcdaa6f2c577f8e4fa799e89e756bb7c93 # v6.2.2 - name: Run pre-commit on everything run: pre-commit run -a -v @@ -64,11 +64,11 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run Checkov Github Action id: checkov - uses: bridgecrewio/checkov-action@8f61ce5b8a3afb4ca94d236b75201878ded6d2cd # v12.3077.0 + uses: bridgecrewio/checkov-action@002cd2e8cc0fe0535e6f364509e091c1a9870efa # v12.3093.0 with: log_level: WARNING quiet: false diff --git a/.github/workflows/sidecar-pr-target.yaml b/.github/workflows/sidecar-pr-target.yaml index 6fc8c35..a371cb0 100644 --- a/.github/workflows/sidecar-pr-target.yaml +++ b/.github/workflows/sidecar-pr-target.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout source code - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ github.repository }} @@ -37,7 +37,7 @@ jobs: steps: - name: Slack message on PR activities - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: method: chat.postMessage token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}"