diff --git a/README.md b/README.md index f43d01e..4396650 100644 --- a/README.md +++ b/README.md @@ -36,12 +36,12 @@ on: jobs: zizmor: - uses: vechain/github-actions-public/.github/workflows/scan-workflows.yaml@f54f69d33344b241b5ec901d3d5e1b02d44a1b96 + uses: vechain/github-actions-public/.github/workflows/scan-workflows.yaml@c8645e5723b09ce657b865f78924b87a357df036 secrets: ZIZMOR_TOKEN: ${{ secrets.GITHUB_TOKEN }} actionlint: - uses: vechain/github-actions-public/.github/workflows/action-lint.yaml@f54f69d33344b241b5ec901d3d5e1b02d44a1b96 + uses: vechain/github-actions-public/.github/workflows/action-lint.yaml@c8645e5723b09ce657b865f78924b87a357df036 ``` > ⚠️ **IMPORTANT:** For production use, it's **highly recommended** to pin to a specific commit SHA or release tag instead of `@main` to ensure consistency and avoid potential issues. @@ -94,14 +94,14 @@ Static analysis tool for Solidity smart contracts that detects vulnerabilities a ```yaml slither: - uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 ``` **Custom configuration:** ```yaml slither: - uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 with: target: 'contracts/' solc-version: '0.8.19' @@ -130,7 +130,7 @@ check-changes: slither: needs: check-changes if: needs.check-changes.outputs.contracts-changed == 'true' - uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 with: target: 'contracts/' skip-change-detection: true @@ -140,7 +140,7 @@ slither: ```yaml slither: - uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 with: target: 'contracts/' env-vars: '{"NODE_ENV": "testing", "DEBUG_MODE": "false"}' @@ -177,7 +177,7 @@ Security scanner for GitHub Actions workflows that detects security issues and m ```yaml zizmor: - uses: vechain/github-actions-public/.github/workflows/scan-workflows.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/scan-workflows.yaml@v.2.3.1 secrets: ZIZMOR_TOKEN: ${{ secrets.GITHUB_TOKEN }} ``` @@ -186,7 +186,7 @@ zizmor: ```yaml zizmor: - uses: vechain/github-actions-public/.github/workflows/scan-workflows.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/scan-workflows.yaml@v.2.3.1 with: persona: 'auditor' min_severity: 'high' @@ -216,7 +216,7 @@ Validates GitHub Actions workflow files for syntax errors, best practices, and c ```yaml actionlint: - uses: vechain/github-actions-public/.github/workflows/action-lint.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/action-lint.yaml@v.2.3.1 ``` **On pull requests only:** @@ -228,7 +228,7 @@ on: jobs: actionlint: - uses: vechain/github-actions-public/.github/workflows/action-lint.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/action-lint.yaml@v.2.3.1 ``` **Features:** @@ -251,7 +251,7 @@ Automatically updates README.md with new release tags and commit SHAs when a rel This workflow is triggered automatically on release events. To use it: 1. Add the workflow to your repository -2. Ensure your README.md contains version references (e.g., `v.2.3.0` and commit SHAs) +2. Ensure your README.md contains version references (e.g., `v.2.3.1` and commit SHAs) 3. Create a new release **Workflow trigger:** @@ -264,7 +264,7 @@ on: jobs: update-docs: - uses: vechain/github-actions-public/.github/workflows/doc-update.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/doc-update.yaml@v.2.3.1 ``` **Features:** @@ -307,7 +307,7 @@ jobs: permissions: contents: read pull-requests: write - uses: vechain/github-actions-public/.github/workflows/validate-pr-label.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/validate-pr-label.yaml@v.2.3.1 ``` **Require explicit increment label (no auto-apply):** @@ -318,7 +318,7 @@ jobs: permissions: contents: read pull-requests: read - uses: vechain/github-actions-public/.github/workflows/validate-pr-label.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/validate-pr-label.yaml@v.2.3.1 with: FAIL_IF_MISSING_LABEL: true ``` @@ -358,7 +358,7 @@ on: jobs: tag-release: if: github.event.pull_request.merged == true - uses: vechain/github-actions-public/.github/workflows/semantic-versioning.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/semantic-versioning.yaml@v.2.3.1 secrets: DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }} ``` @@ -394,7 +394,7 @@ jobs: permissions: contents: read actions: write # required for the JSON artifact upload - uses: vechain/github-actions-public/.github/workflows/checkov.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/checkov.yaml@v.2.3.1 # Optional: # with: # skip_path: '^examples/' @@ -453,7 +453,7 @@ jobs: permissions: contents: read pull-requests: write - uses: vechain/github-actions-public/.github/workflows/infracost.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/infracost.yaml@v.2.3.1 secrets: INFRACOST_API_KEY: ${{ secrets.INFRACOST_API_KEY }} TERRAFORM_SSH_KEY: ${{ secrets.TERRAFORM_SSH_KEY }} @@ -482,7 +482,7 @@ Always pin workflows to specific versions for security and stability: uses: vechain/github-actions-public/.github/workflows/slither.yaml@a1b2c3d4... # ✅ Good - pinned to release tag -uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 +uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 # ⚠️ Avoid - tracks main branch (unpredictable) uses: vechain/github-actions-public/.github/workflows/slither.yaml@main @@ -499,7 +499,7 @@ jobs: contents: read security-events: write pull-requests: write - uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 ``` ### Secrets Management @@ -509,7 +509,7 @@ Use GitHub secrets for sensitive data: ```yaml jobs: slither: - uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.0 + uses: vechain/github-actions-public/.github/workflows/slither.yaml@v.2.3.1 secrets: MNEMONIC: ${{ secrets.MNEMONIC }} # ❌ Never hardcode secrets in workflows