diff --git a/.github/actions/test-image/action.yaml b/.github/actions/test-image/action.yaml index 51c16bd63..d526cfe6b 100644 --- a/.github/actions/test-image/action.yaml +++ b/.github/actions/test-image/action.yaml @@ -19,7 +19,7 @@ runs: using: composite steps: - name: Download artifact - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 if: ${{ github.event_name == 'pull_request' }} with: name: ${{ inputs.project-name }}-build-artifacts diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml index e6b81681e..e834ee41f 100644 --- a/.github/workflows/build-docs.yaml +++ b/.github/workflows/build-docs.yaml @@ -19,7 +19,7 @@ jobs: contents: write pages: write steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: true # required for pushing to gh-pages - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index a912fedd4..35d652b90 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -34,7 +34,7 @@ jobs: digest: ${{ steps.build.outputs.digest }} tag: ${{ steps.container_meta.outputs.version }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -107,7 +107,7 @@ jobs: timeout: 15m - name: Upload image vulnerability attestation - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ inputs.module-name }}-attestations path: | @@ -124,7 +124,7 @@ jobs: - name: Upload container image if: ${{ github.event_name == 'pull_request' }} - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ inputs.module-name }}-build-artifacts path: | @@ -168,7 +168,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Download attestations - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ inputs.module-name }}-attestations path: /tmp diff --git a/.github/workflows/chaos-test.yaml b/.github/workflows/chaos-test.yaml index 7e46c0163..3ab77f0c6 100644 --- a/.github/workflows/chaos-test.yaml +++ b/.github/workflows/chaos-test.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index c6ff348d1..75887cc3d 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -16,7 +16,7 @@ jobs: permissions: issues: write steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5f78c385e..db83d6004 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -59,7 +59,7 @@ jobs: env: IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ matrix.module }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - uses: ./.github/actions/test-image diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index cf94c7520..4a213fa6b 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -19,7 +19,7 @@ jobs: git config --global --add safe.directory /__w/recruit/recruit - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 persist-credentials: false @@ -57,7 +57,7 @@ jobs: - name: Cache kubeconform schemas id: cache-powerlint-kubeconform - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 with: path: /tmp key: ${{ runner.os }}-powerlint-kubeconform diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 752748a0a..4fc97a774 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -58,7 +58,7 @@ jobs: cosign sign --yes "ghcr.io/${GITHUB_REPOSITORY}/charts/recruit:${CHART_VERSION}" - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: helm-chart path: | @@ -70,12 +70,12 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: path: recruit persist-credentials: false - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: token: ${{ secrets.GITHUB_TOKEN }} repository: miracum/charts @@ -96,7 +96,7 @@ jobs: CHART_VERSION=$(yq .version recruit/charts/recruit/Chart.yaml) echo "version=${CHART_VERSION}" >> "$GITHUB_OUTPUT" - - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7.0.11 + - uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0 with: token: ${{ secrets.token }} path: miracum-charts @@ -112,7 +112,7 @@ jobs: continue-on-error: true steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -136,12 +136,12 @@ jobs: contents: write # to upload artifacts to the release steps: - name: Checkout - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Download Helm chart - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: helm-chart path: /tmp diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 36e1ed79b..74302da5b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/test-compose-installation.yaml b/.github/workflows/test-compose-installation.yaml index 9942e8e98..f3f258360 100644 --- a/.github/workflows/test-compose-installation.yaml +++ b/.github/workflows/test-compose-installation.yaml @@ -18,13 +18,13 @@ jobs: RECRUIT_IMAGE_BASE_NAME: ghcr.io/${{ github.repository }} RECRUIT_IMAGE_TAG: ${{ inputs.image-tag }} steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - name: Download all artifacts if: ${{ github.event_name == 'pull_request' }} - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: "*-build-artifacts" path: /tmp diff --git a/.github/workflows/test-k8s-installation.yaml b/.github/workflows/test-k8s-installation.yaml index cc92242ff..c79a17bac 100644 --- a/.github/workflows/test-k8s-installation.yaml +++ b/.github/workflows/test-k8s-installation.yaml @@ -16,7 +16,7 @@ jobs: name: Test installation on k8s runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false @@ -54,7 +54,7 @@ jobs: --version 0.45.26 - name: Download all artifacts - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: "*-build-artifacts" path: /tmp @@ -118,7 +118,7 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kind-cluster-dump.txt path: | diff --git a/.github/workflows/validate-fhir-resources.yaml b/.github/workflows/validate-fhir-resources.yaml index a6648c5c6..14e25fe09 100644 --- a/.github/workflows/validate-fhir-resources.yaml +++ b/.github/workflows/validate-fhir-resources.yaml @@ -16,7 +16,7 @@ jobs: container: ghcr.io/miracum/ig-build-tools:v2.2.25@sha256:25c8e381a9c3768b18ebd470543c0716cf72523677fd0824fc3ce81b84f0ff3b steps: - name: Checkout code - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false diff --git a/.github/workflows/validate-gradle-wrapper.yaml b/.github/workflows/validate-gradle-wrapper.yaml index 46962c862..fb94fb803 100644 --- a/.github/workflows/validate-gradle-wrapper.yaml +++ b/.github/workflows/validate-gradle-wrapper.yaml @@ -15,7 +15,7 @@ jobs: name: "Validation" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false