diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 28de88a2..7d6c6b3e 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -15,7 +15,7 @@ jobs: name: "Build Binary" runs-on: "depot-ubuntu-latest-arm" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" - uses: "authzed/actions/go-build@main" @@ -23,18 +23,18 @@ jobs: name: "Build Container Image" runs-on: "depot-ubuntu-latest-arm" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/docker-build@main" ensure-docs-uptodate: name: "Ensure Docs are up to date" runs-on: "depot-ubuntu-latest-arm" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" - name: "Generate docs" run: "go run mage.go gen:docs" - - uses: "chainguard-dev/actions/nodiff@8bb24c24be6871bee44f19be55ea11e3b2aea3dd" # main + - uses: "chainguard-dev/actions/nodiff@f0be69916b439d0fcced2451b23d0f27cd46d545" # main with: path: "" fixup-command: "mage gen:docs" @@ -47,12 +47,12 @@ jobs: os: ["depot-ubuntu-latest-arm"] # TODO(miparnisari): add "windows-latest" after fixing the tests steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" - name: "Unit tests with coverage" run: "go run mage.go test:runWithCoverage" - name: "Upload coverage to Codecov" - uses: "codecov/codecov-action@v6.0.0" + uses: "codecov/codecov-action@v7.0.0" with: files: "./coverage.txt" verbose: true @@ -63,7 +63,7 @@ jobs: name: "WASM Tests" runs-on: "depot-ubuntu-24.04-4" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" with: # NOTE: This needs to match the toolchain version, or else diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index cf6feb9a..3cc3ad16 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -20,7 +20,7 @@ jobs: name: "Generate & Sync Documentation" runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" - uses: "authzed/actions/setup-mage@main" @@ -28,7 +28,7 @@ jobs: run: "mage gen:docsForPublish" - name: "Checkout docs repository" - uses: "actions/checkout@v6" + uses: "actions/checkout@v7" with: token: "${{ secrets.GITHUB_TOKEN }}" repository: "${{ env.DOCS_REPO }}" @@ -71,7 +71,7 @@ jobs: GH_TOKEN: "${{ secrets.AUTHZEDAPPROVER_REPO_SCOPED_TOKEN }}" - name: "Notify in Slack if failure" if: "${{ failure() }}" - uses: "slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95" # v3.0.1 + uses: "slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c" # v3.0.3 with: webhook: "${{ secrets.SLACK_BUILDS_WEBHOOK_URL }}" webhook-type: "incoming-webhook" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index cb905249..b67d8bdf 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,7 +15,7 @@ jobs: name: "Lint Go" runs-on: "depot-ubuntu-latest-arm" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" - uses: "authzed/actions/gofumpt@main" - uses: "authzed/actions/go-mod-tidy@main" @@ -26,7 +26,7 @@ jobs: name: "Lint YAML & Markdown" runs-on: "depot-ubuntu-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/yaml-lint@main" - uses: "authzed/actions/markdown-lint@main" with: @@ -44,7 +44,7 @@ jobs: matrix: language: ["go"] steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" - uses: "authzed/actions/codeql@main" @@ -52,8 +52,8 @@ jobs: name: "Analyze FS with Trivy" runs-on: "depot-ubuntu-latest" steps: - - uses: "actions/checkout@v6" - - uses: "aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1" # For https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23 + - uses: "actions/checkout@v7" + - uses: "aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25" # For https://github.com/aquasecurity/trivy/security/advisories/GHSA-69fq-xp46-6x23 with: scan-type: "fs" ignore-unfixed: true @@ -68,7 +68,7 @@ jobs: name: "Analyze Release Image with Trivy" runs-on: "depot-ubuntu-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "authzed/actions/setup-go@main" # Workaround until goreleaser release supports --single-target # makes the build faster by not building everything @@ -103,5 +103,5 @@ jobs: runs-on: "depot-ubuntu-24.04-small" if: "github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'synchronize' || github.event.action == 'reopened' || github.event.action == 'edited')" steps: - - uses: "actions/checkout@v6" - - uses: "webiny/action-conventional-commits@v1.3.1" + - uses: "actions/checkout@v7" + - uses: "webiny/action-conventional-commits@v1.4.2" diff --git a/.github/workflows/release-windows.yml b/.github/workflows/release-windows.yml index 6437381f..42072443 100644 --- a/.github/workflows/release-windows.yml +++ b/.github/workflows/release-windows.yml @@ -11,7 +11,7 @@ jobs: release-windows: runs-on: "windows-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" with: fetch-depth: 0 - uses: "authzed/actions/setup-go@main" @@ -37,7 +37,7 @@ jobs: CHOCOLATEY_API_KEY: "${{ secrets.CHOCOLATEY_API_KEY }}" - name: "Notify in Slack if failure" if: "${{ failure() }}" - uses: "slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95" # v3.0.1 + uses: "slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c" # v3.0.3 with: webhook: "${{ secrets.SLACK_BUILDS_WEBHOOK_URL }}" webhook-type: "incoming-webhook" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1a3bbf62..b4ff62c0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,7 +9,7 @@ jobs: github: runs-on: "macos-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" with: fetch-depth: 0 - name: "Install cross-compilers" @@ -32,7 +32,7 @@ jobs: GEMFURY_PUSH_TOKEN: "${{ secrets.GEMFURY_PUSH_TOKEN }}" - name: "Notify in Slack if failure" if: "${{ failure() }}" - uses: "slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95" # v3.0.1 + uses: "slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c" # v3.0.3 with: webhook: "${{ secrets.SLACK_BUILDS_WEBHOOK_URL }}" webhook-type: "incoming-webhook" @@ -49,7 +49,7 @@ jobs: docker: runs-on: "depot-ubuntu-latest-arm" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" with: fetch-depth: 0 - uses: "authzed/actions/docker-login@main" @@ -72,7 +72,7 @@ jobs: GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}" - name: "Notify in Slack if failure" if: "${{ failure() }}" - uses: "slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95" # v3.0.1 + uses: "slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c" # v3.0.3 with: webhook: "${{ secrets.SLACK_BUILDS_WEBHOOK_URL }}" webhook-type: "incoming-webhook"