diff --git a/.github/workflows/integration-azure.yaml b/.github/workflows/integration-azure.yaml index 1b0ec796..b82ff51a 100644 --- a/.github/workflows/integration-azure.yaml +++ b/.github/workflows/integration-azure.yaml @@ -30,7 +30,7 @@ jobs: go-version: 1.23.x cache-dependency-path: oci/tests/integration/go.sum - name: Authenticate to Azure - uses: Azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v1.4.6 + uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v1.4.6 with: creds: '{"clientId":"${{ secrets.OCI_E2E_AZ_ARM_CLIENT_ID }}","clientSecret":"${{ secrets.OCI_E2E_AZ_ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.OCI_E2E_AZ_ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.OCI_E2E_AZ_ARM_TENANT_ID }}"}' - name: Setup QEMU diff --git a/.github/workflows/integration-cleanup.yaml b/.github/workflows/integration-cleanup.yaml index a455b88d..90465f5b 100644 --- a/.github/workflows/integration-cleanup.yaml +++ b/.github/workflows/integration-cleanup.yaml @@ -75,7 +75,7 @@ jobs: go-version: 1.23.x cache-dependency-path: ./tools/reaper/go.sum - name: Authenticate to Azure - uses: Azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v1.4.6 + uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v1.4.6 with: creds: '{"clientId":"${{ secrets.CLEANUP_E2E_AZ_ARM_CLIENT_ID }}","clientSecret":"${{ secrets.CLEANUP_E2E_AZ_ARM_CLIENT_SECRET }}","subscriptionId":"${{ secrets.CLEANUP_E2E_AZ_ARM_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.CLEANUP_E2E_AZ_ARM_TENANT_ID }}"}' - name: Run reaper diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index 4c7a588f..b4c3ae9f 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -50,6 +50,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 7fea4829..69b91d00 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -28,13 +28,13 @@ jobs: **/go.sum **/go.mod - name: Initialize CodeQL - uses: github/codeql-action/init@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: languages: go # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # xref: https://codeql.github.com/codeql-query-help/go/ queries: security-and-quality - name: Autobuild - uses: github/codeql-action/autobuild@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8