diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4568053..9a67b4b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,7 +20,7 @@ jobs: TOXENV: ${{ matrix.toxenv }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9afcdf0..7c824e3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: name: Build tuf-on-ci signer runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: @@ -28,7 +28,7 @@ jobs: awk "/## $GITHUB_REF_NAME/{flag=1; next} /## v/{flag=0} flag" docs/CHANGELOG.md > changelog - name: Store build artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 with: name: build-artifacts path: | @@ -50,7 +50,7 @@ jobs: - name: Publish binary wheel and source tarball on PyPI if: github.repository == 'theupdateframework/tuf-on-ci' - uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2 + uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3 release-gh: name: Release diff --git a/.github/workflows/update-pinned-deps.yml b/.github/workflows/update-pinned-deps.yml index 1234459..1e631b9 100644 --- a/.github/workflows/update-pinned-deps.yml +++ b/.github/workflows/update-pinned-deps.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: diff --git a/actions/create-signing-events/action.yml b/actions/create-signing-events/action.yml index 881927c..21af069 100644 --- a/actions/create-signing-events/action.yml +++ b/actions/create-signing-events/action.yml @@ -9,7 +9,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: token: ${{ inputs.token }} fetch-depth: 0 diff --git a/actions/online-sign/action.yml b/actions/online-sign/action.yml index 005cf6a..6020b69 100644 --- a/actions/online-sign/action.yml +++ b/actions/online-sign/action.yml @@ -37,14 +37,14 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: token: ${{ inputs.token }} fetch-depth: 0 - name: Authenticate to Google Cloud if: inputs.gcp_workload_identity_provider != '' - uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5 + uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 with: token_format: access_token workload_identity_provider: ${{ inputs.gcp_workload_identity_provider }} diff --git a/actions/signing-event/action.yml b/actions/signing-event/action.yml index 0c3bb6f..cb02a13 100644 --- a/actions/signing-event/action.yml +++ b/actions/signing-event/action.yml @@ -24,7 +24,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: token: ${{ inputs.token }} fetch-depth: 0 diff --git a/actions/test-repository/action.yml b/actions/test-repository/action.yml index 73abb4f..5ec6d53 100644 --- a/actions/test-repository/action.yml +++ b/actions/test-repository/action.yml @@ -41,7 +41,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 if: inputs.compare_source == 'true' with: ref: "publish" diff --git a/actions/update-issue/action.yml b/actions/update-issue/action.yml index 2d9a16f..bd1bad8 100644 --- a/actions/update-issue/action.yml +++ b/actions/update-issue/action.yml @@ -19,7 +19,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Update issue uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 diff --git a/actions/upload-repository/action.yml b/actions/upload-repository/action.yml index a7f092e..456e665 100644 --- a/actions/upload-repository/action.yml +++ b/actions/upload-repository/action.yml @@ -22,7 +22,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ inputs.ref }} @@ -50,13 +50,13 @@ runs: source: build destination: build-jekyll - - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 if: inputs.gh_pages != 'true' with: name: metadata path: build-jekyll/${{inputs.metadata_path}}/* - - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 if: inputs.gh_pages != 'true' with: name: artifacts