diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c9a5d15..4edd2cb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -50,7 +50,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # full history so the PR diff range can be resolved @@ -101,7 +101,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # full history so the PR commit range can be scanned @@ -123,7 +123,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # full history so the PR commit range can be scanned @@ -143,7 +143,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -165,7 +165,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -189,7 +189,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -211,7 +211,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # terramate --changed requires full git history @@ -232,7 +232,7 @@ jobs: with: egress-policy: audit - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/gemini-invoke.yml b/.github/workflows/gemini-invoke.yml index fc3744f..014ded6 100644 --- a/.github/workflows/gemini-invoke.yml +++ b/.github/workflows/gemini-invoke.yml @@ -38,7 +38,7 @@ jobs: permission-pull-requests: 'write' - name: 'Checkout Code' - uses: 'actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd' # v6.0.2 + uses: 'actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0' # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/gemini-plan-execute.yml b/.github/workflows/gemini-plan-execute.yml index ea72b82..6b90251 100644 --- a/.github/workflows/gemini-plan-execute.yml +++ b/.github/workflows/gemini-plan-execute.yml @@ -40,7 +40,7 @@ jobs: permission-pull-requests: 'write' - name: 'Checkout Code' - uses: 'actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd' # v6.0.2 + uses: 'actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0' # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/gemini-review.yml b/.github/workflows/gemini-review.yml index dfe89a0..0ca60f9 100644 --- a/.github/workflows/gemini-review.yml +++ b/.github/workflows/gemini-review.yml @@ -46,7 +46,7 @@ jobs: permission-pull-requests: 'write' - name: 'Checkout repository' - uses: 'actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd' # v6.0.2 + uses: 'actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0' # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/lint-app.yml b/.github/workflows/lint-app.yml index a0d4a47..a2c2fa5 100644 --- a/.github/workflows/lint-app.yml +++ b/.github/workflows/lint-app.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository under test - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # MegaLinter needs history to diff against the base diff --git a/.github/workflows/lint-iac.yml b/.github/workflows/lint-iac.yml index cb47940..d05fac0 100644 --- a/.github/workflows/lint-iac.yml +++ b/.github/workflows/lint-iac.yml @@ -39,7 +39,7 @@ jobs: contents: read steps: - name: Checkout repository under test - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -58,7 +58,7 @@ jobs: # then invoke it locally. Keeps the action reference immutable (no mutable # cross-repo @main) while honouring the repo's SHA-pin policy. - name: Checkout tflint composite action - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: sparkgeo/github-actions ref: ${{ inputs.actions-ref }} diff --git a/.github/workflows/lint-precommit.yml b/.github/workflows/lint-precommit.yml index 728143d..0dfce02 100644 --- a/.github/workflows/lint-precommit.yml +++ b/.github/workflows/lint-precommit.yml @@ -33,7 +33,7 @@ jobs: contents: read steps: - name: Checkout repository under test - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # full history so the PR diff range can be resolved @@ -42,7 +42,7 @@ jobs: # then invoke it locally. Keeps the action reference immutable (no mutable # cross-repo @main) while honouring the repo's SHA-pin policy. - name: Checkout pre-commit composite action - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: sparkgeo/github-actions ref: ${{ inputs.actions-ref }} diff --git a/.github/workflows/secrets-precommit.yml b/.github/workflows/secrets-precommit.yml index 11058db..a651859 100644 --- a/.github/workflows/secrets-precommit.yml +++ b/.github/workflows/secrets-precommit.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Checkout repository under test - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # full history so the PR commit range can be scanned @@ -46,7 +46,7 @@ jobs: # then invoke it locally. This keeps the action reference immutable # (no mutable cross-repo @main) while honouring the repo's SHA-pin policy. - name: Checkout gitleaks composite action - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: sparkgeo/github-actions ref: ${{ inputs.actions-ref }} diff --git a/.github/workflows/secrets-scan.yml b/.github/workflows/secrets-scan.yml index 9bc95fa..f6dee84 100644 --- a/.github/workflows/secrets-scan.yml +++ b/.github/workflows/secrets-scan.yml @@ -37,7 +37,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository under test - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false fetch-depth: 0 # full history so the PR commit range can be scanned @@ -46,7 +46,7 @@ jobs: # then invoke it locally. Keeps the action reference immutable (no mutable # cross-repo @main) while honouring the repo's SHA-pin policy. - name: Checkout trufflehog composite action - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: sparkgeo/github-actions ref: ${{ inputs.actions-ref }}