From bc37c0708bee7768d8b73317f77b7247319633fa Mon Sep 17 00:00:00 2001 From: "hashicorp-tsccr[bot]" <129506189+hashicorp-tsccr[bot]@users.noreply.github.com> Date: Mon, 9 Oct 2023 07:50:31 -0400 Subject: [PATCH] SEC-090: Automated trusted workflow pinning (2023-10-09) Co-authored-by: hashicorp-tsccr[bot] --- .github/workflows/add-content-to-project.yml | 4 ++-- .github/workflows/compliance.yml | 2 +- .github/workflows/test.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/add-content-to-project.yml b/.github/workflows/add-content-to-project.yml index d16fe5e..35166f2 100644 --- a/.github/workflows/add-content-to-project.yml +++ b/.github/workflows/add-content-to-project.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Set Issue to 'Priority = Triage Next'" - uses: leonsteinhaeuser/project-beta-automations@d1c1261558118c0876fdb2b57a649303925e5a70 # v2.1.0 + uses: leonsteinhaeuser/project-beta-automations@939000fb1900c9fc4f7b5058a09d9f833ebc6859 # v2.2.1 if: github.event_name == 'issues' with: gh_token: ${{ secrets.TF_DEVEX_PROJECT_GITHUB_TOKEN }} @@ -29,7 +29,7 @@ jobs: operation_mode: custom_field custom_field_values: '[{\"name\":\"Priority\",\"type\":\"single_select\",\"value\":\"Triage Next\"}]' - name: "Set Pull Request to 'Priority = Triage Next'" - uses: leonsteinhaeuser/project-beta-automations@d1c1261558118c0876fdb2b57a649303925e5a70 # v2.1.0 + uses: leonsteinhaeuser/project-beta-automations@939000fb1900c9fc4f7b5058a09d9f833ebc6859 # v2.2.1 if: github.event_name == 'pull_request_target' with: gh_token: ${{ secrets.TF_DEVEX_PROJECT_GITHUB_TOKEN }} diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml index b1bdaca..5d401ed 100644 --- a/.github/workflows/compliance.yml +++ b/.github/workflows/compliance.yml @@ -11,7 +11,7 @@ jobs: copywrite: runs-on: ubuntu-latest steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: hashicorp/setup-copywrite@867a1a2a064a0626db322392806428f7dc59cb3e # v1.1.2 - run: copywrite headers --plan - run: copywrite license --plan diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1dd624c..1fbb926 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 5 steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' @@ -65,7 +65,7 @@ jobs: - '1.5.*' - '1.6.0-alpha20230816' steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod' @@ -103,7 +103,7 @@ jobs: - '1.5.*' - '1.6.0-alpha20230816' steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: 'go.mod'