diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 92af9b40de..19232565fe 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -181,7 +181,7 @@ jobs: echo "LINT_CACHE_DIR=$dir" >> "$GITHUB_ENV" - name: golangci-lint cache - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 with: path: | ${{ env.LINT_CACHE_DIR }} @@ -1186,7 +1186,7 @@ jobs: persist-credentials: false - name: GHCR Login - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -1393,7 +1393,7 @@ jobs: id: attest_main if: github.ref == 'refs/heads/main' continue-on-error: true - uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0 + uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0 with: subject-name: "ghcr.io/coder/coder-preview:main" predicate-type: "https://slsa.dev/provenance/v1" @@ -1430,7 +1430,7 @@ jobs: id: attest_latest if: github.ref == 'refs/heads/main' continue-on-error: true - uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0 + uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0 with: subject-name: "ghcr.io/coder/coder-preview:latest" predicate-type: "https://slsa.dev/provenance/v1" @@ -1467,7 +1467,7 @@ jobs: id: attest_version if: github.ref == 'refs/heads/main' continue-on-error: true - uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0 + uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0 with: subject-name: "ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}" predicate-type: "https://slsa.dev/provenance/v1" diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 3ed5949349..b85cf13331 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -76,7 +76,7 @@ jobs: persist-credentials: false - name: GHCR Login - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/docker-base.yaml b/.github/workflows/docker-base.yaml index 80071f86b3..bd6160b30b 100644 --- a/.github/workflows/docker-base.yaml +++ b/.github/workflows/docker-base.yaml @@ -48,7 +48,7 @@ jobs: persist-credentials: false - name: Docker login - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index 9801008028..819018bb2d 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -42,7 +42,7 @@ jobs: # on version 2.29 and above. nix_version: "2.28.5" - - uses: nix-community/cache-nix-action@106bba72ed8e29c8357661199511ef07790175e9 # v7.0.1 + - uses: nix-community/cache-nix-action@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 with: # restore and save a cache using this key primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} @@ -82,7 +82,7 @@ jobs: - name: Login to DockerHub if: github.ref == 'refs/heads/main' - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml index d09d5491f4..60a82e4587 100644 --- a/.github/workflows/pr-deploy.yaml +++ b/.github/workflows/pr-deploy.yaml @@ -248,7 +248,7 @@ jobs: uses: ./.github/actions/setup-sqlc - name: GHCR Login - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 90d9935599..3e8d6f8b89 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -233,7 +233,7 @@ jobs: cat "$CODER_RELEASE_NOTES_FILE" - name: Docker Login - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -448,7 +448,7 @@ jobs: id: attest_base if: ${{ !inputs.dry_run && steps.image-base-tag.outputs.tag != '' }} continue-on-error: true - uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0 + uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0 with: subject-name: ${{ steps.image-base-tag.outputs.tag }} predicate-type: "https://slsa.dev/provenance/v1" @@ -564,7 +564,7 @@ jobs: id: attest_main if: ${{ !inputs.dry_run }} continue-on-error: true - uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0 + uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0 with: subject-name: ${{ steps.build_docker.outputs.multiarch_image }} predicate-type: "https://slsa.dev/provenance/v1" @@ -608,7 +608,7 @@ jobs: id: attest_latest if: ${{ !inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true' }} continue-on-error: true - uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0 + uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0 with: subject-name: ${{ steps.latest_tag.outputs.tag }} predicate-type: "https://slsa.dev/provenance/v1"