diff --git a/.github/workflows/forms-cli.yml b/.github/workflows/forms-cli.yml index 74d4b7409..06078f492 100644 --- a/.github/workflows/forms-cli.yml +++ b/.github/workflows/forms-cli.yml @@ -19,13 +19,13 @@ jobs: working-directory: support/forms-cli steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Determine Ruby version id: determine-ruby-version run: | echo "RUBY_VERSION=$(cat ../../.ruby-version)" >> "$GITHUB_OUTPUT" - name: Install Ruby and gems - uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0 + uses: ruby/setup-ruby@89f90524b88a01fe6e0b732220432cc6142926af # v1.313.0 with: bundler-cache: true ruby-version: ${{steps.determine-ruby-version.outputs.RUBY_VERSION}} diff --git a/.github/workflows/guardrail_matching_pentester_cidr_blocks.yml b/.github/workflows/guardrail_matching_pentester_cidr_blocks.yml index 978b432b6..7afc05577 100644 --- a/.github/workflows/guardrail_matching_pentester_cidr_blocks.yml +++ b/.github/workflows/guardrail_matching_pentester_cidr_blocks.yml @@ -20,10 +20,10 @@ jobs: name: Check for matching CIDR blocks steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install `hcl2json` with mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: install_args: hcl2json diff --git a/.github/workflows/guardrail_tf_version_upgrade.yml b/.github/workflows/guardrail_tf_version_upgrade.yml index 8c1c71b33..61cf2ec56 100644 --- a/.github/workflows/guardrail_tf_version_upgrade.yml +++ b/.github/workflows/guardrail_tf_version_upgrade.yml @@ -17,7 +17,7 @@ jobs: name: Leave a comment steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Leave a comment env: diff --git a/.github/workflows/guardrail_unique_job_names.yml b/.github/workflows/guardrail_unique_job_names.yml index 315d23c65..78c22f1c3 100644 --- a/.github/workflows/guardrail_unique_job_names.yml +++ b/.github/workflows/guardrail_unique_job_names.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-24.04-arm steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Ensure unique job names env: diff --git a/.github/workflows/pipeline-visualiser.yml b/.github/workflows/pipeline-visualiser.yml index edee77841..853203f32 100644 --- a/.github/workflows/pipeline-visualiser.yml +++ b/.github/workflows/pipeline-visualiser.yml @@ -16,7 +16,7 @@ jobs: working-directory: support/pipeline-visualiser steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Run docker build run: docker build . @@ -29,13 +29,13 @@ jobs: working-directory: support/pipeline-visualiser steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Determine Ruby version id: determine-ruby-version run: | echo "RUBY_VERSION=$(cat ../../.ruby-version)" >> "$GITHUB_OUTPUT" - name: Install Ruby and gems - uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0 + uses: ruby/setup-ruby@89f90524b88a01fe6e0b732220432cc6142926af # v1.313.0 with: bundler-cache: true ruby-version: ${{steps.determine-ruby-version.outputs.RUBY_VERSION}} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index ef5c0628f..fa0e55391 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - name: 📦 Check Out Repository Code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/require-pinned-github-actions.yml b/.github/workflows/require-pinned-github-actions.yml index e6ba5cc5a..bb2e1ad37 100644 --- a/.github/workflows/require-pinned-github-actions.yml +++ b/.github/workflows/require-pinned-github-actions.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-24.04-arm steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Ensure SHA pinned actions uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236c6ce584ae24bc6283ba8dcf4b3ec8a066 # v5.0.4 with: diff --git a/.github/workflows/reusable-lint-workflows.yml b/.github/workflows/reusable-lint-workflows.yml index 64b308889..7132e1184 100644 --- a/.github/workflows/reusable-lint-workflows.yml +++ b/.github/workflows/reusable-lint-workflows.yml @@ -7,7 +7,7 @@ jobs: actionlint: runs-on: ubuntu-slim steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download actionlint id: get_actionlint run: | diff --git a/.github/workflows/reusable-review_apps_on_pr_change.yml b/.github/workflows/reusable-review_apps_on_pr_change.yml index e6cdf8ad6..298493440 100644 --- a/.github/workflows/reusable-review_apps_on_pr_change.yml +++ b/.github/workflows/reusable-review_apps_on_pr_change.yml @@ -27,10 +27,10 @@ jobs: role-to-assume: arn:aws:iam::${{ inputs.aws-account-number }}:role/review-github-actions-${{ inputs.app-name }} aws-region: ${{ inputs.aws-region }} - name: Log in to Amazon ECR - uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 # v2.1.5 + uses: aws-actions/amazon-ecr-login@d539f0932e70871a027e9d5a9d8fc38589180a64 # v2.1.6 - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Generate container image URI id: generate_image_uri diff --git a/.github/workflows/ruby-ci.yml b/.github/workflows/ruby-ci.yml index 2474a7399..1489a447f 100644 --- a/.github/workflows/ruby-ci.yml +++ b/.github/workflows/ruby-ci.yml @@ -22,10 +22,10 @@ jobs: spec-matrix: ${{ steps.build-matrix.outputs.spec-matrix }} steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialise mise and cache `hcl2json` - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: install_args: hcl2json @@ -46,9 +46,9 @@ jobs: needs: setup steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Install Ruby and gems at root - uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0 + uses: ruby/setup-ruby@89f90524b88a01fe6e0b732220432cc6142926af # v1.313.0 with: bundler-cache: true ruby-version: ${{needs.setup.outputs.ruby-version}} @@ -65,15 +65,15 @@ jobs: spec_target: ${{ fromJSON(needs.setup.outputs.spec-matrix) }} steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up hcl2json - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: install_args: hcl2json - name: "Install Ruby and gems in ${{matrix.spec_target}}" - uses: ruby/setup-ruby@afeafc3d1ab54a631816aba4c914a0081c12ff2f # v1.310.0 + uses: ruby/setup-ruby@89f90524b88a01fe6e0b732220432cc6142926af # v1.313.0 with: bundler-cache: true ruby-version: ${{needs.setup.outputs.ruby-version}} diff --git a/.github/workflows/shell-ci.yml b/.github/workflows/shell-ci.yml index d70c818f8..d4edb7419 100644 --- a/.github/workflows/shell-ci.yml +++ b/.github/workflows/shell-ci.yml @@ -9,7 +9,7 @@ jobs: name: Shell steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Lint shell scripts run: | diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml index 93ec7e5e5..bee798a35 100644 --- a/.github/workflows/terraform-ci.yml +++ b/.github/workflows/terraform-ci.yml @@ -16,14 +16,14 @@ jobs: has-terraform-changes: ${{ steps.check-changes.outputs.has-changes }} steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Grab the last 75 commits. Later on we need to a git diff, and it's # very likely that two commits involved will be inside the last 75 fetch-depth: 75 - name: Initialise mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: github_token: ${{ secrets.MISE_PAT }} # As this is a private repo, we can get API rate limit issues. Use a PAT to avoid this. (The token needs no special permissions.) install_args: go:github.com/hashicorp/terraform-config-inspect @@ -133,10 +133,10 @@ jobs: runs-on: ubuntu-24.04-arm steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialise mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: github_token: ${{ secrets.MISE_PAT }} install_args: terraform @@ -156,10 +156,10 @@ jobs: directory: ${{ fromJSON(needs.setup.outputs.validation-matrix) }} steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialise mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: github_token: ${{ secrets.MISE_PAT }} install_args: terraform @@ -181,10 +181,10 @@ jobs: runs-on: ubuntu-24.04-arm steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialise mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: github_token: ${{ secrets.MISE_PAT }} install_args: tflint @@ -214,10 +214,10 @@ jobs: runs-on: ubuntu-24.04-arm steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialise mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: github_token: ${{ secrets.MISE_PAT }} install_args: checkov diff --git a/.github/workflows/update-provider-locks.yml b/.github/workflows/update-provider-locks.yml index b1f0946b8..ec9b8d1d9 100644 --- a/.github/workflows/update-provider-locks.yml +++ b/.github/workflows/update-provider-locks.yml @@ -16,13 +16,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: # Use the pull request head ref to ensure we're on the PR branch ref: ${{ github.head_ref }} - name: Install `tfupdate` with mise - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4.2.0 with: install_args: tfupdate