diff --git a/.github/workflows/code-scan.yaml b/.github/workflows/code-scan.yaml index 3132ee6..73ea8fe 100644 --- a/.github/workflows/code-scan.yaml +++ b/.github/workflows/code-scan.yaml @@ -25,14 +25,14 @@ jobs: **/go.sum **/go.mod - name: Initialize CodeQL - uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: languages: go queries: security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 + uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 fossa: if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' runs-on: ubuntu-latest @@ -42,7 +42,7 @@ jobs: - name: Checkout uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Run FOSSA scan and upload build data - uses: fossa-contrib/fossa-action@3d2ef181b1820d6dcd1972f86a767d18167fa19b # v3.0.1 + uses: fossa-contrib/fossa-action@d28f0c947e7406706981a62a91ecc009bcc39fd7 # v4.0.0 with: fossa-api-key: ${{ secrets.fossa-token }} github-token: ${{ secrets.github-token }} diff --git a/.github/workflows/controller-release.yaml b/.github/workflows/controller-release.yaml index ac17ed7..ac2a911 100644 --- a/.github/workflows/controller-release.yaml +++ b/.github/workflows/controller-release.yaml @@ -44,7 +44,7 @@ jobs: - name: Checkout uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@f3ad4b56adec90eb5661af565cdebec997ad4bfb # main + uses: fluxcd/pkg/actions/kustomize@3f9f27f0ba23cf7953c25b7eba7ccac1b525f60e # main - name: Prepare id: prep env: