diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f86b6b3..33b3a21 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,9 +36,9 @@ jobs: CGO_ENABLED: "0" # Match release build settings steps: # Pin actions to full SHA for supply-chain security. - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: "1.26.x" @@ -68,14 +68,14 @@ jobs: - name: Check dead code run: | - go install golang.org/x/tools/cmd/deadcode@v0.45.0 || { echo "deadcode install failed, skipping"; exit 0; } + go install golang.org/x/tools/cmd/deadcode@v0.47.0 || { echo "deadcode install failed, skipping"; exit 0; } go install github.com/magefile/mage@v1.17.2 || { echo "mage install failed, skipping"; exit 0; } mage deadcode - run: go build ./cmd/dispatch/ - name: golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 + uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0 with: version: "v2.12.2" install-mode: goinstall @@ -100,7 +100,7 @@ jobs: fi - name: Upload coverage - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: coverage path: coverage.out @@ -112,7 +112,7 @@ jobs: - name: govulncheck run: | - go install golang.org/x/vuln/cmd/govulncheck@v1.3.0 + go install golang.org/x/vuln/cmd/govulncheck@v1.5.0 govulncheck ./... # Verify the binary compiles for all release platforms. @@ -122,9 +122,9 @@ jobs: env: CGO_ENABLED: "0" steps: - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: "1.26.x" diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml index df4737f..e22ccc6 100644 --- a/.github/workflows/pages.yml +++ b/.github/workflows/pages.yml @@ -20,7 +20,7 @@ jobs: run: working-directory: web steps: - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: @@ -44,4 +44,4 @@ jobs: url: ${{ steps.deployment.outputs.page_url }} steps: - id: deployment - uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5 + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a90c204..55e145b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,17 +28,17 @@ jobs: id-token: write pull-requests: write steps: - - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + - uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: "1.26.x" - - uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3 + - uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2 - - uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 # v0 + - uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 - name: Compute next version id: version @@ -131,9 +131,9 @@ jobs: git tag -a "v${{ steps.version.outputs.version }}" -m "v${{ steps.version.outputs.version }}" git push origin "v${{ steps.version.outputs.version }}" - - uses: goreleaser/goreleaser-action@1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8 # v7.2.1 + - uses: goreleaser/goreleaser-action@f06c13b6b1a9625abc9e6e439d9c05a8f2190e94 # v7.2.3 with: - version: "v2.9.0" + version: "v2.16.0" args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}