ivuorinen/gh-action-readme
1
0
Fork 0
mirror of https://github.com/ivuorinen/gh-action-readme.git synced 2026-03-13 17:00:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): pin dependencies (#25)

Browse Source 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot]
2025-08-07 16:06:38 +03:00
committed by GitHub
parent 0f70388d93
commit 51940e9094
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/ci.yml vendored
View File

@@ -9,13 +9,13 @@ jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 # v4.2.2 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v5 # v5.5.0 uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
- name: Install dependencies - name: Install dependencies
run: go mod tidy run: go mod tidy
- name: Setup Node.js for EditorConfig tools - name: Setup Node.js for EditorConfig tools
uses: actions/setup-node@v4 # v4.4.0 uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with: with:
node-version: '22' node-version: '22'
- name: Install EditorConfig tools - name: Install EditorConfig tools
@@ -56,7 +56,7 @@ jobs:
echo "Verifying generated documentation files..." echo "Verifying generated documentation files..."
ls -la docs/ ls -la docs/
- name: Upload Generated Documentation - name: Upload Generated Documentation
uses: actions/upload-artifact@v4 # v4.4.3 uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
if: always() if: always()
with: with:
name: generated-documentation name: generated-documentation

20
.github/workflows/security.yml vendored
View File

@@ -29,10 +29,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Go - name: Set up Go
uses: actions/setup-go@v5 # v5.5.0 uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
check-latest: true check-latest: true
@@ -48,7 +48,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Run Trivy vulnerability scanner in repo mode - name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master # 0.32.0 uses: aquasecurity/trivy-action@master # 0.32.0
@@ -60,7 +60,7 @@ jobs:
severity: 'CRITICAL,HIGH,MEDIUM' severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3 # v3.29.5 uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3
if: always() if: always()
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: 'trivy-results.sarif'
@@ -79,12 +79,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with: with:
fetch-depth: 0 # Full history for gitleaks fetch-depth: 0 # Full history for gitleaks
- name: Run gitleaks to detect secrets - name: Run gitleaks to detect secrets
uses: gitleaks/gitleaks-action@v2 # v2.4.0 uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for gitleaks-action pro GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for gitleaks-action pro
@@ -95,7 +95,7 @@ jobs:
if: github.event_name != 'pull_request' # Skip on PRs to avoid building images unnecessarily if: github.event_name != 'pull_request' # Skip on PRs to avoid building images unnecessarily
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Build Docker image - name: Build Docker image
run: docker build -t gh-action-readme:test . run: docker build -t gh-action-readme:test .
@@ -108,7 +108,7 @@ jobs:
output: 'trivy-docker-results.sarif' output: 'trivy-docker-results.sarif'
- name: Upload Docker Trivy scan results - name: Upload Docker Trivy scan results
uses: github/codeql-action/upload-sarif@v3 # v3.29.5 uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3
if: always() if: always()
with: with:
sarif_file: 'trivy-docker-results.sarif' sarif_file: 'trivy-docker-results.sarif'
@@ -119,10 +119,10 @@ jobs:
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 # v4.2.2 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Dependency Review - name: Dependency Review
uses: actions/dependency-review-action@v4 # v4.7.1 uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4
with: with:
fail-on-severity: high fail-on-severity: high
comment-summary-in-pr: always comment-summary-in-pr: always