diff --git a/.github/workflows/add-remove-new-fulcio.yaml b/.github/workflows/add-remove-new-fulcio.yaml index 855b1e4d2..a7d449d94 100644 --- a/.github/workflows/add-remove-new-fulcio.yaml +++ b/.github/workflows/add-remove-new-fulcio.yaml @@ -53,7 +53,7 @@ jobs: check-latest: true - name: Check out our repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: path: ./src/github.com/sigstore/scaffolding persist-credentials: false @@ -73,7 +73,7 @@ jobs: - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Setup Cluster uses: chainguard-dev/actions/setup-kind@3e8a2a226fad9e1ecbf2d359b8a7697554a4ac6d # v1.5.10 diff --git a/.github/workflows/cloud-sql-proxy-update.yml b/.github/workflows/cloud-sql-proxy-update.yml index cb3261031..bc1e794eb 100644 --- a/.github/workflows/cloud-sql-proxy-update.yml +++ b/.github/workflows/cloud-sql-proxy-update.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 persist-credentials: true diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3d787bdc7..2ab6786e7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/create-tink-keyset-test.yml b/.github/workflows/create-tink-keyset-test.yml index f03493b92..8bd2dbaef 100644 --- a/.github/workflows/create-tink-keyset-test.yml +++ b/.github/workflows/create-tink-keyset-test.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: 'Checkout' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Set up Go uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 diff --git a/.github/workflows/fulcio-rekor-kind.yaml b/.github/workflows/fulcio-rekor-kind.yaml index 9e9384582..f4a2fec79 100644 --- a/.github/workflows/fulcio-rekor-kind.yaml +++ b/.github/workflows/fulcio-rekor-kind.yaml @@ -44,7 +44,7 @@ jobs: steps: - name: Check out our repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: path: ./src/github.com/sigstore/scaffolding persist-credentials: false @@ -73,7 +73,7 @@ jobs: - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Setup Cluster uses: chainguard-dev/actions/setup-kind@3e8a2a226fad9e1ecbf2d359b8a7697554a4ac6d # v1.5.10 @@ -206,7 +206,7 @@ jobs: # Test with cosign in 'airgapped mode' # Uncomment these once modified cosign goes in. #- name: Checkout modified cosign for testing. - # uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + # uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 # with: # repository: vaikas/cosign # ref: air-gap @@ -228,7 +228,7 @@ jobs: # ./cosign verify --rekor-url ${{ env.REKOR_URL }} --allow-insecure-registry ${{ env.demoimage }} - name: Checkout TSA for testing. - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: sigstore/timestamp-authority path: ./src/github.com/sigstore/timestamp-authority diff --git a/.github/workflows/prober-test.yml b/.github/workflows/prober-test.yml index 9a25ac79b..44826ea21 100644 --- a/.github/workflows/prober-test.yml +++ b/.github/workflows/prober-test.yml @@ -33,7 +33,7 @@ jobs: args: "--staging" steps: - name: 'Checkout' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 40cb439a3..b6a9beb0a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,7 +22,7 @@ jobs: steps: - name: Check out code onto GOPATH - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 1 path: ./src/github.com/${{ github.repository }} @@ -37,7 +37,7 @@ jobs: uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Install cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Install GoReleaser uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 diff --git a/.github/workflows/test-action-tuf.yaml b/.github/workflows/test-action-tuf.yaml index e96b2327a..597e51012 100644 --- a/.github/workflows/test-action-tuf.yaml +++ b/.github/workflows/test-action-tuf.yaml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout the current action - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - name: Test running the action @@ -47,7 +47,7 @@ jobs: # Install cosign - name: Install cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Set up Go uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -98,7 +98,7 @@ jobs: DEMOIMAGE: ${{ env.demoimage }} - name: Checkout TSA for testing. - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: sigstore/timestamp-authority path: ./src/github.com/sigstore/timestamp-authority diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml index ef5e820d9..cd9a6eeff 100644 --- a/.github/workflows/test-release.yaml +++ b/.github/workflows/test-release.yaml @@ -38,7 +38,7 @@ jobs: steps: - uses: chainguard-dev/actions/setup-mirror@3e8a2a226fad9e1ecbf2d359b8a7697554a4ac6d # v1.5.10 - - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Set up Go uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 @@ -150,7 +150,7 @@ jobs: DEMOIMAGE: ${{ env.demoimage }} - name: Checkout TSA for testing. - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: repository: sigstore/timestamp-authority path: ./src/github.com/sigstore/timestamp-authority diff --git a/.github/workflows/test-setup-sigstore-env.yml b/.github/workflows/test-setup-sigstore-env.yml index d26d182f4..58b3524f3 100644 --- a/.github/workflows/test-setup-sigstore-env.yml +++ b/.github/workflows/test-setup-sigstore-env.yml @@ -12,12 +12,12 @@ jobs: name: Test Sigstore setup runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false - id: setup-sigstore-env uses: ./actions/setup-sigstore-env - - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 with: cosign-release: main - name: Create artifact to sign diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index abda51d30..348300759 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -13,7 +13,7 @@ jobs: name: license boilerplate check runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -35,7 +35,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -46,7 +46,7 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -64,7 +64,7 @@ jobs: name: run unit tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false