diff --git a/.github/workflows/build-artifacts.yml b/.github/workflows/build-artifacts.yml index f2c2bacd1d..b4d820cc85 100644 --- a/.github/workflows/build-artifacts.yml +++ b/.github/workflows/build-artifacts.yml @@ -101,7 +101,7 @@ jobs: if: ${{ inputs.force }} - name: Store Artifacts in Cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 35dac48bcf..d8d9f06222 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -158,7 +158,7 @@ jobs: echo "full-build: ${{ inputs.full-build }}" - name: Fetch Cached Artifacts - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 97003ccd48..7d5ea7971a 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -168,7 +168,7 @@ jobs: echo "full-build: ${{ inputs.full-build }}" - name: Fetch Cached Artifacts - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/build-single-image.yml b/.github/workflows/build-single-image.yml index 103ee0970a..1451da4f2a 100644 --- a/.github/workflows/build-single-image.yml +++ b/.github/workflows/build-single-image.yml @@ -94,7 +94,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} @@ -119,7 +119,7 @@ jobs: if: ${{ steps.binary-cache.outputs.binary_cache_hit != 'true' }} - name: Store Artifacts in Cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index db9516d8b7..76f7e13ccb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -121,7 +121,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} @@ -459,7 +459,7 @@ jobs: if: ${{ ( needs.checks.outputs.forked_workflow == 'false' || needs.checks.outputs.docs_only == 'false' ) && steps.stable_exists.outputs.exists != 'true' }} - name: Fetch Cached Artifacts - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4d18e5859c..42dee0ef68 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: "Dependency Review" - uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3 + uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0 with: config-file: "nginx/k8s-common/dependency-review-config.yml@main" base-ref: ${{ github.event.pull_request.base.sha || github.event.repository.default_branch }} diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index ddc19ba59b..a0526e6b70 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -141,7 +141,7 @@ jobs: fi - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 if: steps.check-sarif.outputs.sarif_has_results == 'true' with: sarif_file: govulncheck.sarif @@ -359,7 +359,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -439,7 +439,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -526,7 +526,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: sarif_file: "${{ steps.directory.outputs.directory }}/" continue-on-error: true @@ -542,7 +542,7 @@ jobs: uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Create/Update Draft - uses: lucacome/draft-release@00f74370c044c322da6cb52acc707d62c7762c71 # v1.2.4 + uses: lucacome/draft-release@fd099feb33710d1fa27b915a08a7acd6a1fb7fd2 # v2.0.0 id: release-notes with: minor-label: "enhancement" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 16ea8e0813..4c2cf5ca8a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -474,7 +474,7 @@ jobs: ref: ${{ inputs.release_branch }} - name: Fetch Binary Artifacts from Cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.variables.outputs.go_code_md5 }} @@ -493,7 +493,7 @@ jobs: SYFT_BIN: ${{ steps.syft.outputs.cmd }} - name: Store Tarball Artifacts in Cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/tarballs key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} @@ -515,7 +515,7 @@ jobs: ref: ${{ inputs.release_branch }} - name: Fetch Cached Tarball Artifacts - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} path: ${{ github.workspace }}/tarballs @@ -529,7 +529,7 @@ jobs: subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Azure Upload Release Packages - uses: azure/CLI@089eac9d8cc39f5d003e94f8b65efc51076c9cbd # v2.1.0 + uses: azure/CLI@9f7ce6f37c31b777ec6c6b6d1dfe7db79f497956 # v2.2.0 with: inlineScript: | for i in $(find tarballs -type f); do @@ -559,7 +559,7 @@ jobs: ref: ${{ inputs.release_branch }} - name: Fetch Cached Tarball Artifacts - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} path: ${{ github.workspace }}/tarballs diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ac7a676f95..76f6385433 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3 + uses: github/codeql-action/upload-sarif@303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 # v3.30.4 with: sarif_file: results.sarif diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index 15cbd6b376..4ed8fb9205 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -102,7 +102,7 @@ jobs: if: ${{ inputs.authenticated && steps.stable_exists.outputs.exists != 'true' }} - name: Fetch Cached Artifacts - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/update-release-draft.yml b/.github/workflows/update-release-draft.yml index b07c1025cc..ee0611f4af 100644 --- a/.github/workflows/update-release-draft.yml +++ b/.github/workflows/update-release-draft.yml @@ -61,7 +61,7 @@ jobs: ref: ${{ inputs.branch }} - name: Create/Update Draft - uses: lucacome/draft-release@00f74370c044c322da6cb52acc707d62c7762c71 # v1.2.4 + uses: lucacome/draft-release@fd099feb33710d1fa27b915a08a7acd6a1fb7fd2 # v2.0.0 id: release-notes with: minor-label: "enhancement"