From 50fdb9110e4751f20c8dc071a24ddb10a89bb42a Mon Sep 17 00:00:00 2001 From: Taras Drozdovskyi Date: Mon, 22 Apr 2024 12:06:45 +0300 Subject: [PATCH] ci: Update 3rd-party components of github->actions Signed-off-by: Taras Drozdovskyi --- .github/workflows/build.yml | 2 +- .github/workflows/codeql.yml | 9 ++++++--- .github/workflows/fossology.yml | 2 +- .github/workflows/license-finder.yml | 2 +- .github/workflows/linter.yml | 7 +++++-- .github/workflows/publish.yml | 6 +++--- .github/workflows/scancode.yml | 2 +- .github/workflows/scorecards-analysis.yml | 2 +- 8 files changed, 19 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fdc3bb22..0fc0dd4c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ jobs: platform: [numaker_pfm_m2351, m2351_badge, mps2_an505_qemu] runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Install extra tools run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0894d031..bac3e7fa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,6 +19,9 @@ on: schedule: - cron: '19 23 * * 2' +permissions: + contents: read + jobs: analyze: name: Analyze @@ -48,11 +51,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -86,6 +89,6 @@ jobs: make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/fossology.yml b/.github/workflows/fossology.yml index 1b2d2815..6a709409 100644 --- a/.github/workflows/fossology.yml +++ b/.github/workflows/fossology.yml @@ -9,7 +9,7 @@ jobs: name: Check license, copyright, keyword runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - run: | docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \ -e GITHUB_TOKEN=${{ github.token }} \ diff --git a/.github/workflows/license-finder.yml b/.github/workflows/license-finder.yml index d286f6fd..5cd156a3 100644 --- a/.github/workflows/license-finder.yml +++ b/.github/workflows/license-finder.yml @@ -12,7 +12,7 @@ jobs: image: gianlucadb0/license_finder steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: License finder run run: | diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 9bb67a3d..d6cfa2d9 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -2,12 +2,15 @@ name: cpp-linter on: [push, pull_request] +permissions: + contents: read + jobs: cpp-linter: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: cpp-linter/cpp-linter-action@main + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f + - uses: cpp-linter/cpp-linter-action@bbc213852a439498b38fa21ea5c698e852abd3f5 id: linter continue-on-error: true env: diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c8e7d9fe..ce71c5af 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -25,7 +25,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Install extra tools run: | @@ -96,7 +96,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.build.outputs.hashes }}" upload-assets: true # Optional: Upload to a new release @@ -126,7 +126,7 @@ jobs: name: ${{ needs.build.outputs.version }}_ns.bin - name: Upload assets - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 + uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 with: files: | ${{ needs.build.outputs.version }}_s.bin diff --git a/.github/workflows/scancode.yml b/.github/workflows/scancode.yml index b741f95b..19520275 100644 --- a/.github/workflows/scancode.yml +++ b/.github/workflows/scancode.yml @@ -12,7 +12,7 @@ jobs: image: gianlucadb0/scancode-toolkit steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f - name: Create results directory run: mkdir results diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index e88229d8..9715a7f9 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -37,7 +37,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f with: persist-credentials: false