diff --git a/.github/workflows/ggshield-scan.yml b/.github/workflows/ggshield-scan.yml index be3269a..87e7de0 100644 --- a/.github/workflows/ggshield-scan.yml +++ b/.github/workflows/ggshield-scan.yml @@ -33,7 +33,7 @@ jobs: scan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: # ggshield diffs the commit range; it needs full history, not a shallow # clone, to resolve the base of a push or PR. diff --git a/.github/workflows/kustomize-validate.yml b/.github/workflows/kustomize-validate.yml index 343be37..344a294 100644 --- a/.github/workflows/kustomize-validate.yml +++ b/.github/workflows/kustomize-validate.yml @@ -40,7 +40,7 @@ jobs: # render with "unknown shorthand flag: 'c' in -c". HELM_VERSION: v3.21.1 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 # `kustomize build --enable-helm` needs helm on PATH with: diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml index 5314cfd..7d3b80a 100644 --- a/.github/workflows/selftest.yml +++ b/.github/workflows/selftest.yml @@ -16,7 +16,7 @@ jobs: env: LEFTHOOK_VERSION: 2.1.9 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: YAML-parse lefthook/base.yml (independent of lefthook) # Catches the unquoted-scalar class that broke every fresh `lefthook @@ -41,7 +41,7 @@ jobs: env: ACTIONLINT_VERSION: 1.7.12 steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: install + run actionlint # Validates Actions workflow + expression syntax across this repo's # reusable workflows. shellcheck-of-run-blocks is off (the shared shell @@ -53,7 +53,7 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 - name: shellcheck shared scripts # The scripts here run in every consumer (CI + Lefthook pre-push), so a # bug propagates everywhere — lint them at the root. shellcheck ships on