diff --git a/.github/workflows/container-attestation.yml b/.github/workflows/container-attestation.yml index dda8fac..195a47b 100644 --- a/.github/workflows/container-attestation.yml +++ b/.github/workflows/container-attestation.yml @@ -71,12 +71,12 @@ jobs: - name: Skip note (no container-relevant changes) if: steps.changes.outputs.docker == 'false' run: echo "No Dockerfile*/pyproject.toml/requirements.txt/workflow changes - smoke build skipped, required check passes." - - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 if: steps.changes.outputs.docker == 'true' - name: Build API image (no push) if: steps.changes.outputs.docker == 'true' id: smoke - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0 with: context: . file: Dockerfile.api @@ -97,17 +97,17 @@ jobs: steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + - uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + - uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Build and push API image id: build - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0 with: context: . file: Dockerfile.api diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 00d9985..0ffb32f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -54,6 +54,6 @@ jobs: if-no-files-found: error - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: results.sarif diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index e830ed5..5b92681 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -226,6 +226,6 @@ jobs: exit-code: "1" - name: Upload Trivy scan results if: always() - uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 with: sarif_file: trivy-results.sarif