Use major versions for workflows

AMS21 · AMS21 · commit 4198294b7d30 · 2024-05-17T07:51:02.000+02:00
diff --git a/.github/workflows/anchore-syft.yml b/.github/workflows/anchore-syft.yml
@@ -28,7 +28,7 @@ jobs:
 
     steps:
     - name: Checkout the code
-      uses: actions/checkout@v4.1.5
+      uses: actions/checkout@v4
 
     - name: Build the Docker image
       run: docker build . --file Dockerfile --tag ams21/tor-relay:latest
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -11,16 +11,16 @@ jobs:
 
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4.1.5
+        uses: actions/checkout@v4
 
       - name: Docker Setup QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
+        uses: docker/setup-buildx-action@v3
 
       - name: Build Docker image
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: false
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -26,30 +26,30 @@ jobs:
 
     steps:
       - name: Check out the repo
-        uses: actions/checkout@v4.1.5
+        uses: actions/checkout@v4
 
       - name: Docker Setup QEMU
-        uses: docker/setup-qemu-action@v3.0.0
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.3.0
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v3.1.0
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3.1.0
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5.5.1
+        uses: docker/metadata-action@v5
         with:
           # list of Docker images to use as base name for tags
           images: |
@@ -65,7 +65,7 @@ jobs:
 
       - name: Build and push Docker image
         id: push
-        uses: docker/build-push-action@v5.3.0
+        uses: docker/build-push-action@v5
         with:
           context: ./
           push: true
@@ -76,14 +76,14 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Attest Docker Hub
-        uses: actions/attest-build-provenance@v1.1.1
+        uses: actions/attest-build-provenance@v1
         with:
           subject-name: index.docker.io/ams21/tor-relay
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
 
       - name: Attest GitHub Container Registry
-        uses: actions/attest-build-provenance@v1.1.1
+        uses: actions/attest-build-provenance@v1
         with:
           subject-name: ghcr.io/ams21/tor-relay
           subject-digest: ${{ steps.push.outputs.digest }}
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -27,18 +27,18 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.5
+        uses: actions/checkout@v4
 
       - name: Run hadolint
-        uses: hadolint/hadolint-action@v3.1.0
+        uses: hadolint/hadolint-action@v3
         with:
           dockerfile: ./Dockerfile
           format: sarif
           output-file: hadolint-results.sarif
           no-fail: true
 
       - name: Upload analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v3.25.5
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: hadolint-results.sarif
           wait-for-processing: true
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4.1.5
+        uses: actions/checkout@v4
 
       - name: Build an image from Dockerfile
         run: |
@@ -40,6 +40,6 @@ jobs:
           severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3.25.5
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
