diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6150b37e..4d5f1961 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -46,14 +46,14 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: zulu java-version: ${{matrix.java}} - name: Authenticate to Google Cloud # only needed for Flakybot on periodic (schedule) and continuous (push) events if: ${{ github.event_name == 'schedule' || github.event_name == 'push' }} - uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 + uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 with: workload_identity_provider: ${{ vars.PROVIDER_NAME }} service_account: ${{ vars.SERVICE_ACCOUNT }} @@ -90,14 +90,14 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: zulu java-version: 8 - name: Authenticate to Google Cloud # only needed for Flakybot on periodic (schedule) and continuous (push) events if: ${{ github.event_name == 'schedule' || github.event_name == 'push' }} - uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 + uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 with: workload_identity_provider: ${{ vars.PROVIDER_NAME }} service_account: ${{ vars.SERVICE_ACCOUNT }} @@ -129,7 +129,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: zulu java-version: ${{matrix.java}} @@ -147,7 +147,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: zulu java-version: 11 @@ -167,7 +167,7 @@ jobs: ref: ${{ github.event.pull_request.head.sha }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: zulu java-version: 8 @@ -195,12 +195,12 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Setup Maven Action - uses: s4u/setup-maven-action@2f53a7669c7543a045d0bb6c92436df0c5a726f8 + uses: s4u/setup-maven-action@8a09fe4cf25ea749342c76674967fd0f23371cc7 with: java-version: 17 - name: Set up GraalVM - uses: graalvm/setup-graalvm@2911b2304bee2c2f59b9a67bf45f025a6b6de4b1 # v1 + uses: graalvm/setup-graalvm@22cc13fe88ef133134b3798e128fb208df55e1f5 # v1 with: distribution: "graalvm" java-version: "17" @@ -208,7 +208,7 @@ jobs: - id: "auth" name: Authenticate to Google Cloud - uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 + uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 with: workload_identity_provider: ${{ vars.PROVIDER_NAME }} service_account: ${{ vars.SERVICE_ACCOUNT }} @@ -216,7 +216,7 @@ jobs: - id: "secrets" name: Get Secrets - uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3 + uses: google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713 # v2.1.4 with: secrets: |- ALLOYDB_INSTANCE_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/ALLOYDB_INSTANCE_URI @@ -267,19 +267,19 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Set up JDK - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 with: distribution: 'zulu' java-version: 8 - name: Setup Maven Action - uses: s4u/setup-maven-action@2f53a7669c7543a045d0bb6c92436df0c5a726f8 + uses: s4u/setup-maven-action@8a09fe4cf25ea749342c76674967fd0f23371cc7 with: java-version: 8 - id: 'auth' name: Authenticate to Google Cloud - uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 + uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 with: workload_identity_provider: ${{ vars.PROVIDER_NAME }} service_account: ${{ vars.SERVICE_ACCOUNT }} @@ -287,7 +287,7 @@ jobs: - name: Get Secrets id: 'secrets' - uses: google-github-actions/get-secretmanager-secrets@dc4a1392bad0fd60aee00bb2097e30ef07a1caae # v2.1.3 + uses: google-github-actions/get-secretmanager-secrets@95a0b09b8348ef3d02c68c6ba5662a037e78d713 # v2.1.4 with: secrets: |- ALLOYDB_INSTANCE_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/ALLOYDB_INSTANCE_URI diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 066807b1..6cfb588f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -56,7 +56,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: languages: ${{ matrix.language }} @@ -64,9 +64,9 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/autobuild@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c6d40575..66d9db5b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -40,7 +40,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -57,7 +57,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: name: SARIF file path: results.sarif @@ -65,6 +65,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: resultsFiltered.sarif