diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 553eafd..48e5dcc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,13 +9,13 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 # v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Go - uses: actions/setup-go@v5 # v5.5.0 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 - name: Install dependencies run: go mod tidy - name: Setup Node.js for EditorConfig tools - uses: actions/setup-node@v4 # v4.4.0 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: '22' - name: Install EditorConfig tools @@ -56,7 +56,7 @@ jobs: echo "Verifying generated documentation files..." ls -la docs/ - name: Upload Generated Documentation - uses: actions/upload-artifact@v4 # v4.4.3 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: generated-documentation diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 8292b0a..1fea1bf 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -29,10 +29,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Go - uses: actions/setup-go@v5 # v5.5.0 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5 with: go-version-file: 'go.mod' check-latest: true @@ -48,7 +48,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master # 0.32.0 @@ -60,7 +60,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 # v3.29.5 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3 if: always() with: sarif_file: 'trivy-results.sarif' @@ -79,12 +79,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 # Full history for gitleaks - name: Run gitleaks to detect secrets - uses: gitleaks/gitleaks-action@v2 # v2.4.0 + uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for gitleaks-action pro @@ -95,7 +95,7 @@ jobs: if: github.event_name != 'pull_request' # Skip on PRs to avoid building images unnecessarily steps: - name: Checkout repository - uses: actions/checkout@v4 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Build Docker image run: docker build -t gh-action-readme:test . @@ -108,7 +108,7 @@ jobs: output: 'trivy-docker-results.sarif' - name: Upload Docker Trivy scan results - uses: github/codeql-action/upload-sarif@v3 # v3.29.5 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3 if: always() with: sarif_file: 'trivy-docker-results.sarif' @@ -119,10 +119,10 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Checkout repository - uses: actions/checkout@v4 # v4.2.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Dependency Review - uses: actions/dependency-review-action@v4 # v4.7.1 + uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4 with: fail-on-severity: high comment-summary-in-pr: always