File tree Expand file tree Collapse file tree 4 files changed +13
-13
lines changed Expand file tree Collapse file tree 4 files changed +13
-13
lines changed Original file line number Diff line number Diff line change @@ -15,12 +15,12 @@ jobs:
1515 runs-on : ubuntu-latest
1616 steps :
1717 - name : Harden GitHub runner
18- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
18+ uses : step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
1919 with :
2020 egress-policy : audit
2121
2222 - name : Checkout repository
23- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
23+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
2424
2525 - name : Setup Go
2626 uses : actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
Original file line number Diff line number Diff line change 5555 packages : read
5656 steps :
5757 - name : Install the verifier
58- uses : slsa-framework/slsa-verifier/actions/installer@6657aada084353c65e5dde35394b1a010289fab0 # v2.7.0
58+ uses : slsa-framework/slsa-verifier/actions/installer@ea584f4502babc6f60d9bc799dbbb13c1caa9ee6 # v2.7.1
5959
6060 - name : Download assets
6161 env :
@@ -91,14 +91,14 @@ jobs:
9191 packages : read
9292 steps :
9393 - name : Login
94- uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4 .0
94+ uses : docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6 .0
9595 with :
9696 registry : ghcr.io
9797 username : ${{ github.actor }}
9898 password : ${{ secrets.GITHUB_TOKEN }}
9999
100100 - name : Install Cosign
101- uses : sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
101+ uses : sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
102102
103103 - name : Verify image
104104 env :
Original file line number Diff line number Diff line change @@ -35,12 +35,12 @@ jobs:
3535 if : success() && startsWith(github.ref, 'refs/tags/')
3636 steps :
3737 - name : Harden GitHub runner
38- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
38+ uses : step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
3939 with :
4040 egress-policy : audit
4141
4242 - name : Checkout repository
43- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
43+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
4444 with :
4545 fetch-depth : 0
4646 ref : main
5656 # GITHUB_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
5757 # run: git config --global url."https://x:${GITHUB_API_TOKEN}@github.com".insteadOf "https://github.com"
5858
59- - uses : sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
60- - uses : anchore/sbom-action/download-syft@e11c554f704a0b820cbf8c51673f6945e0731532 # v0.20.0
61- - uses : docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4 .0
59+ - uses : sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
60+ - uses : anchore/sbom-action/download-syft@d8a2c0130026bf585de5c176ab8f7ce62d75bf04 # v0.20.7
61+ - uses : docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6 .0
6262 with :
6363 registry : ghcr.io
6464 username : ${{ github.repository_owner }}
7474
7575 - name : Run GoReleaser
7676 id : goreleaser
77- uses : goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3 .0
77+ uses : goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4 .0
7878 with :
7979 distribution : goreleaser
8080 version : " ~> v2"
Original file line number Diff line number Diff line change @@ -20,12 +20,12 @@ jobs:
2020
2121 steps :
2222 - name : Harden GitHub runner
23- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
23+ uses : step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
2424 with :
2525 egress-policy : audit
2626
2727 - name : Checkout repository
28- uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
28+ uses : actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
2929
3030 - name : Setup Go
3131 uses : actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
You can’t perform that action at this time.
0 commit comments