From 9fe05efeecaab1cb17505c7e187793815be99ada Mon Sep 17 00:00:00 2001 From: Ismo Vuorinen Date: Tue, 25 Nov 2025 13:31:36 +0200 Subject: [PATCH] chore: update workflows (#375) --- .github/actions/setup-test-environment/action.yml | 2 +- .github/workflows/action-security.yml | 4 ++-- .github/workflows/codeql.yml | 6 +++--- .github/workflows/issue-stats.yml | 2 +- .github/workflows/pr-lint.yml | 2 +- .github/workflows/test-actions.yml | 2 +- ansible-lint-fix/action.yml | 6 +++--- biome-lint/action.yml | 2 +- codeql-analysis/action.yml | 6 +++--- csharp-build/action.yml | 4 ++-- csharp-lint-check/action.yml | 4 ++-- csharp-publish/action.yml | 4 ++-- docker-publish/action.yml | 6 +++--- eslint-lint/action.yml | 2 +- go-build/action.yml | 2 +- go-lint/action.yml | 2 +- php-tests/action.yml | 2 +- python-lint-fix/action.yml | 8 ++++---- terraform-lint-fix/action.yml | 2 +- 19 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/actions/setup-test-environment/action.yml b/.github/actions/setup-test-environment/action.yml index 87fd689..fe46191 100644 --- a/.github/actions/setup-test-environment/action.yml +++ b/.github/actions/setup-test-environment/action.yml @@ -22,7 +22,7 @@ runs: enable-cache: true - name: Set up Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version-file: pyproject.toml diff --git a/.github/workflows/action-security.yml b/.github/workflows/action-security.yml index 9dea68e..8e2f20c 100644 --- a/.github/workflows/action-security.yml +++ b/.github/workflows/action-security.yml @@ -117,14 +117,14 @@ jobs: - name: Upload Trivy results if: steps.verify-sarif.outputs.has_trivy == 'true' - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: 'trivy-results.sarif' category: 'trivy' - name: Upload Gitleaks results if: steps.verify-sarif.outputs.has_gitleaks == 'true' - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: 'gitleaks-report.sarif' category: 'gitleaks' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1b71b5c..a07cc60 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -37,15 +37,15 @@ jobs: uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta - name: Initialize CodeQL - uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: languages: ${{ matrix.language }} queries: security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/autobuild@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: category: '/language:${{matrix.language}}' diff --git a/.github/workflows/issue-stats.yml b/.github/workflows/issue-stats.yml index 6035243..4e9f8eb 100644 --- a/.github/workflows/issue-stats.yml +++ b/.github/workflows/issue-stats.yml @@ -30,7 +30,7 @@ jobs: echo "last_month=$first_day..$last_day" >> "$GITHUB_ENV" - name: Run issue-metrics tool - uses: github/issue-metrics@637a24e71b78bc10881e61972b19ea9ff736e14a # v3.25.2 + uses: github/issue-metrics@78b1d469a1b1c94945b15bd71dedcb1928667f49 # v3.25.3 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} SEARCH_QUERY: 'repo:ivuorinen/actions is:issue created:${{ env.last_month }} -reason:"not planned"' diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index d1350be..f93935c 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -104,7 +104,7 @@ jobs: - name: Upload SARIF Report if: always() && hashFiles('megalinter-reports/sarif/*.sarif') - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: megalinter-reports/sarif category: megalinter diff --git a/.github/workflows/test-actions.yml b/.github/workflows/test-actions.yml index 9d95aa4..b6dfc55 100644 --- a/.github/workflows/test-actions.yml +++ b/.github/workflows/test-actions.yml @@ -73,7 +73,7 @@ jobs: if: always() - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 if: always() && hashFiles('_tests/reports/test-results.sarif') != '' with: sarif_file: _tests/reports/test-results.sarif diff --git a/ansible-lint-fix/action.yml b/ansible-lint-fix/action.yml index b22d80a..1d99331 100644 --- a/ansible-lint-fix/action.yml +++ b/ansible-lint-fix/action.yml @@ -75,7 +75,7 @@ runs: - name: Setup Python if: steps.check-files.outputs.files_found == 'true' - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: '3.11' cache: 'pip' @@ -83,7 +83,7 @@ runs: - name: Install ansible-lint id: install-ansible-lint if: steps.check-files.outputs.files_found == 'true' - uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3 + uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3.0.4 with: timeout_minutes: 5 max_attempts: ${{ inputs.max-retries }} @@ -130,6 +130,6 @@ runs: - name: Upload SARIF Report if: steps.check-files.outputs.files_found == 'true' - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: ansible-lint.sarif diff --git a/biome-lint/action.yml b/biome-lint/action.yml index 09b20f9..3d42670 100644 --- a/biome-lint/action.yml +++ b/biome-lint/action.yml @@ -331,7 +331,7 @@ runs: - name: Upload SARIF Report if: inputs.mode == 'check' && always() - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: biome-report.sarif diff --git a/codeql-analysis/action.yml b/codeql-analysis/action.yml index 5d8bec1..f0951ec 100644 --- a/codeql-analysis/action.yml +++ b/codeql-analysis/action.yml @@ -186,7 +186,7 @@ runs: echo "Using build mode: $build_mode" - name: Initialize CodeQL - uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: languages: ${{ inputs.language }} queries: ${{ inputs.queries }} @@ -199,12 +199,12 @@ runs: threads: ${{ inputs.threads }} - name: Autobuild - uses: github/codeql-action/autobuild@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/autobuild@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 if: ${{ steps.set-build-mode.outputs.build-mode == 'autobuild' }} - name: Perform CodeQL Analysis id: analysis - uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: category: ${{ steps.set-category.outputs.category }} upload: ${{ inputs.upload-results }} diff --git a/csharp-build/action.yml b/csharp-build/action.yml index c4213e9..3bc49c4 100644 --- a/csharp-build/action.yml +++ b/csharp-build/action.yml @@ -148,14 +148,14 @@ runs: echo "Final detected .NET version: $detected_version" >&2 - name: Setup .NET SDK - uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 + uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 with: dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }} cache: true cache-dependency-path: '**/packages.lock.json' - name: Restore Dependencies - uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3 + uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3.0.4 with: timeout_minutes: 10 max_attempts: ${{ inputs.max-retries }} diff --git a/csharp-lint-check/action.yml b/csharp-lint-check/action.yml index 30748bf..d1ffcbe 100644 --- a/csharp-lint-check/action.yml +++ b/csharp-lint-check/action.yml @@ -164,7 +164,7 @@ runs: echo "Final detected .NET version: $detected_version" >&2 - name: Setup .NET SDK - uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 + uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 with: dotnet-version: ${{ steps.detect-dotnet-version.outputs.detected-version }} cache: true @@ -206,6 +206,6 @@ runs: fi - name: Upload SARIF Report - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: dotnet-format.sarif diff --git a/csharp-publish/action.yml b/csharp-publish/action.yml index 24f761f..17fd2db 100644 --- a/csharp-publish/action.yml +++ b/csharp-publish/action.yml @@ -162,14 +162,14 @@ runs: echo "Final detected .NET version: $detected_version" >&2 - name: Setup .NET SDK - uses: actions/setup-dotnet@d4c94342e560b34958eacfc5d055d21461ed1c5d # v5.0.0 + uses: actions/setup-dotnet@2016bd2012dba4e32de620c46fe006a3ac9f0602 # v5.0.1 with: dotnet-version: ${{ inputs.dotnet-version || steps.detect-dotnet-version.outputs.detected-version }} cache: true cache-dependency-path: '**/packages.lock.json' - name: Restore Dependencies - uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3 + uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3.0.4 with: timeout_minutes: 10 max_attempts: ${{ inputs.max-retries }} diff --git a/docker-publish/action.yml b/docker-publish/action.yml index 62152aa..1e164de 100644 --- a/docker-publish/action.yml +++ b/docker-publish/action.yml @@ -171,7 +171,7 @@ runs: echo "Input validation completed successfully" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Determine Image Names and Tags id: meta @@ -234,14 +234,14 @@ runs: - name: Login to Docker Hub if: inputs.registry == 'dockerhub' || inputs.registry == 'both' - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ inputs.dockerhub-username }} password: ${{ inputs.dockerhub-token }} - name: Login to GitHub Container Registry if: inputs.registry == 'github' || inputs.registry == 'both' - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/eslint-lint/action.yml b/eslint-lint/action.yml index edc8ec4..0a2284d 100644 --- a/eslint-lint/action.yml +++ b/eslint-lint/action.yml @@ -457,7 +457,7 @@ runs: - name: Upload SARIF Report if: inputs.mode == 'check' && inputs.report-format == 'sarif' && always() - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: ${{ inputs.working-directory }}/eslint-results.sarif diff --git a/go-build/action.yml b/go-build/action.yml index 8c4f03f..73bf540 100644 --- a/go-build/action.yml +++ b/go-build/action.yml @@ -165,7 +165,7 @@ runs: cache: true - name: Download Dependencies - uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3 + uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3.0.4 with: timeout_minutes: 10 max_attempts: ${{ inputs.max-retries }} diff --git a/go-lint/action.yml b/go-lint/action.yml index 5389c9c..3a3c162 100644 --- a/go-lint/action.yml +++ b/go-lint/action.yml @@ -414,7 +414,7 @@ runs: - name: Upload Lint Results if: always() && inputs.report-format == 'sarif' - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: ${{ inputs.working-directory }}/reports/golangci-lint.sarif category: golangci-lint diff --git a/php-tests/action.yml b/php-tests/action.yml index 85d5e48..8fff854 100644 --- a/php-tests/action.yml +++ b/php-tests/action.yml @@ -376,7 +376,7 @@ runs: composer clear-cache - name: Install Composer Dependencies - uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3 + uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3.0.4 with: timeout_minutes: 10 max_attempts: ${{ inputs.max-retries }} diff --git a/python-lint-fix/action.yml b/python-lint-fix/action.yml index 7c75bca..356f541 100644 --- a/python-lint-fix/action.yml +++ b/python-lint-fix/action.yml @@ -224,7 +224,7 @@ runs: - name: Setup Python (pip) if: steps.package-manager.outputs.package-manager == 'pip' - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: ${{ steps.python-version.outputs.detected-version }} cache: 'pip' @@ -237,7 +237,7 @@ runs: - name: Setup Python (pipenv) if: steps.package-manager.outputs.package-manager == 'pipenv' - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: ${{ steps.python-version.outputs.detected-version }} cache: 'pipenv' @@ -247,7 +247,7 @@ runs: - name: Setup Python (poetry) if: steps.package-manager.outputs.package-manager == 'poetry' - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: ${{ steps.python-version.outputs.detected-version }} cache: 'poetry' @@ -370,7 +370,7 @@ runs: - name: Upload SARIF Report if: steps.check-files.outputs.result == 'found' - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: ${{ inputs.working-directory }}/reports/flake8.sarif category: 'python-lint' diff --git a/terraform-lint-fix/action.yml b/terraform-lint-fix/action.yml index a114d9e..c2b155b 100644 --- a/terraform-lint-fix/action.yml +++ b/terraform-lint-fix/action.yml @@ -256,7 +256,7 @@ runs: - name: Upload SARIF Report if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif' - uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4 + uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 with: sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif category: terraform-lint