diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 77e3b538..80c770c7 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -20,13 +20,13 @@ jobs: # The FOSSA token is shared between all repos in NeuVector's GH org. It can # be used directly and there is no need to request specific access to EIO. - name: Read FOSSA token - uses: rancher-eio/read-vault-secrets@main + uses: rancher-eio/read-vault-secrets@0da85151ad1f19ed7986c41587e45aac1ace74b6 # v3 with: secrets: | secret/data/github/org/neuvector/fossa/credentials token | FOSSA_API_KEY_PUSH_ONLY - name: FOSSA scan - uses: fossas/fossa-action@main + uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0 with: api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }} # Only runs the scan and do not provide/returns any results back to the diff --git a/.github/workflows/lint-unitest.yaml b/.github/workflows/lint-unitest.yaml index 49fe94a0..ace861e0 100644 --- a/.github/workflows/lint-unitest.yaml +++ b/.github/workflows/lint-unitest.yaml @@ -7,10 +7,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - - uses: actions/setup-go@v3 + - uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3 with: go-version: '1.23' - name: Run chart-testing (lint) diff --git a/.github/workflows/publish-on-tagging.yaml b/.github/workflows/publish-on-tagging.yaml index 0c578230..207e4129 100644 --- a/.github/workflows/publish-on-tagging.yaml +++ b/.github/workflows/publish-on-tagging.yaml @@ -10,9 +10,9 @@ jobs: env: TAG: ${{ github.ref_name }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Setup helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.16.2 - name: Publish Helm charts