diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fa3e8693..aa4bd1a6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,7 +34,7 @@ jobs: sum.golang.org:443 - name: Check out code into the Go module directory - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 - name: golangci-lint uses: golangci/golangci-lint-action@5f1fec7010f6ae3b84ea4f7b2129beb8639b564f # v2 @@ -72,7 +72,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 with: fetch-depth: 0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9f22c944..132cfed2 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -53,7 +53,7 @@ jobs: uploads.github.com:443 - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 105a0ebb..1fef8694 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -34,7 +34,7 @@ jobs: github.com:443 - name: Checkout Code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index e160e870..308c1471 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -16,7 +16,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: 'Checkout Repository' - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - name: 'Dependency Review' uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 diff --git a/.github/workflows/gitlabsync.yml b/.github/workflows/gitlabsync.yml index 3aab6508..52c0eb3d 100644 --- a/.github/workflows/gitlabsync.yml +++ b/.github/workflows/gitlabsync.yml @@ -24,7 +24,7 @@ jobs: github.com:443 gitlab.com:443 - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2 with: fetch-depth: 0 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index ae8302a9..e0ed3e21 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -41,7 +41,7 @@ jobs: zrdfepirv2blaprdstr01a.blob.core.windows.net:443 - name: Checkout Code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2 with: # Full git history is needed to get a proper list of changed files within `super-linter` fetch-depth: 0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a74d4a07..7ea73c4d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -71,7 +71,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 with: fetch-depth: 0 diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index c9055aa0..795c5cb4 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -38,7 +38,7 @@ jobs: snyk.io:443 - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 - name: Run Snyk to check for vulnerabilities uses: snyk/actions/golang@b98d498629f1c368650224d6d212bf7dfa89e4bf # master @@ -74,7 +74,7 @@ jobs: snyk.io:443 - name: Checkout Source - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2 - name: Run Gosec Security Scanner uses: securego/gosec@c5ea1b7bdd9efc3792e513258853552b0ae31e06 # master diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d96e07ba..f835df5d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -43,7 +43,7 @@ jobs: sigstore-tuf-root.storage.googleapis.com:443 - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 with: persist-credentials: false diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 8dae2010..3aa14e15 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -24,7 +24,7 @@ jobs: metrics.semgrep.dev:443 semgrep.dev:443 - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2 - uses: returntocorp/semgrep-action@7120226e55a1ddb7624bbf600148b716c82f2745 # v1 with: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index de7b32cb..c0197db3 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -29,7 +29,7 @@ jobs: proxy.golang.org:443 snyk.io:443 - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v2.4.0 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v2.4.0 - name: Run Snyk to check for vulnerabilities uses: snyk/actions/golang@b98d498629f1c368650224d6d212bf7dfa89e4bf # master