diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml index 08d1fa5..05b714f 100644 --- a/.github/workflows/container-publish.yml +++ b/.github/workflows/container-publish.yml @@ -47,17 +47,17 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Log in to the Container registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set Container Metadata - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 id: meta with: images: ${{ env.REGISTRY }}/${{ inputs.container-name }} @@ -71,7 +71,7 @@ jobs: type=semver,pattern=v{{major}}.{{minor}},value=${{ inputs.version }} - name: Build & Publish Container ${{ inputs.container-name }} - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 id: build with: file: "${{ inputs.container-file }}" @@ -103,12 +103,12 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 with: cosign-release: 'v2.4.1' - name: Log in to the Container registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/container-security.yml b/.github/workflows/container-security.yml index e7dc2b4..7c042bb 100644 --- a/.github/workflows/container-security.yml +++ b/.github/workflows/container-security.yml @@ -38,10 +38,10 @@ jobs: uses: actions/checkout@v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Build Initial Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 id: build with: file: "${{ inputs.container-file }}" @@ -52,7 +52,7 @@ jobs: # Scan the image for vulnerabilities - name: Run the Anchore / Grype scan action - uses: anchore/scan-action@f2ba85e044c8f5e5014c9a539328a9c78d3bfa49 # v5.2.1 + uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 id: scan with: image: localbuild/testimage:latest diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml index f29114a..2ee55e3 100644 --- a/.github/workflows/python-release.yml +++ b/.github/workflows/python-release.yml @@ -56,7 +56,7 @@ jobs: fi github-release: - uses: advanced-security/reusable-workflows/.github/workflows/release.yml@v0.2.0 + uses: advanced-security/reusable-workflows/.github/workflows/release.yml@v0.3.0 needs: [ version-changes ] if: ${{ needs.version-changes.outputs.release == 'true' }} secrets: inherit diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index e9428e7..b8cca63 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -25,14 +25,14 @@ on: jobs: # Run the tests on all supported versions of Python testing: - uses: advanced-security/reusable-workflows/.github/workflows/python-testing.yml@v0.2.0 + uses: advanced-security/reusable-workflows/.github/workflows/python-testing.yml@v0.3.0 secrets: inherit with: versions: ${{ inputs.versions }} # Run linters on the codebase linting: - uses: advanced-security/reusable-workflows/.github/workflows/python-linting.yml@v0.2.0 + uses: advanced-security/reusable-workflows/.github/workflows/python-linting.yml@v0.3.0 needs: [ testing ] secrets: inherit with: @@ -40,7 +40,7 @@ jobs: # Vendor the dependencies into the repository if needed vendoring: - uses: advanced-security/reusable-workflows/.github/workflows/python-vendor.yml@v0.2.0 + uses: advanced-security/reusable-workflows/.github/workflows/python-vendor.yml@v0.3.0 needs: [ testing, linting ] if: ${{ inputs.vendor == 'true' }} secrets: inherit @@ -50,7 +50,7 @@ jobs: # Release a new version of the package release: - uses: advanced-security/reusable-workflows/.github/workflows/python-release.yml@v0.2.0 + uses: advanced-security/reusable-workflows/.github/workflows/python-release.yml@v0.3.0 needs: [ testing, linting ] secrets: inherit with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9a1d1d3..1cfb4e1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -30,7 +30,7 @@ jobs: steps: - name: "Checkout" - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: "Patch Release Me" uses: 42ByteLabs/patch-release-me@f950db6bce09f2156a5f2d1cc86ac60ed1663a9e # 0.5.3 diff --git a/.github/workflows/self-dependency-review.yml b/.github/workflows/self-dependency-review.yml index 6184662..f357f4e 100644 --- a/.github/workflows/self-dependency-review.yml +++ b/.github/workflows/self-dependency-review.yml @@ -19,5 +19,5 @@ permissions: jobs: dependency-review: - uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@v0.2.0 + uses: advanced-security/reusable-workflows/.github/workflows/dependency-review.yml@v0.3.0 secrets: inherit