diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cca7e05..b1dd5c4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 with: fetch-depth: 0 @@ -30,19 +30,19 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 with: fetch-depth: 100 - name: Evaluate | Check common file types for changes id: core-changed-files - uses: tj-actions/changed-files@v45.0.4 + uses: tj-actions/changed-files@v45.0.7 with: files_yaml_from_source_file: .github/changed-files-spec.yml - name: Evaluate | Check specific file types for changes id: ci-changed-files - uses: tj-actions/changed-files@v45.0.4 + uses: tj-actions/changed-files@v45.0.7 with: files_yaml: | ci: diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 74b1ff9..8668814 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -19,21 +19,21 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 with: fetch-depth: 100 # Must at least retrieve a set of commits to compare changes # primarily because of any 'Rebase and Merge' PR action in GitHub - name: Evaluate | Check common file types for changes id: core-changed-files - uses: tj-actions/changed-files@v45.0.4 + uses: tj-actions/changed-files@v45.0.7 with: base_sha: ${{ github.event.push.before }} files_yaml_from_source_file: .github/changed-files-spec.yml - name: Evaluate | Check specific file types for changes id: ci-changed-files - uses: tj-actions/changed-files@v45.0.4 + uses: tj-actions/changed-files@v45.0.7 with: base_sha: ${{ github.event.push.before }} files_yaml: | @@ -100,7 +100,7 @@ jobs: # the branch was updated. To keep PSR working with the configured release branches, # we force a checkout of the desired release branch but at the workflow sha HEAD. - name: Setup | Checkout Repository at workflow sha - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 ref: ${{ github.sha }} @@ -125,7 +125,7 @@ jobs: build: false - name: Release | Add distribution artifacts to GitHub Release Assets - uses: python-semantic-release/publish-action@v9.14.0 + uses: python-semantic-release/publish-action@v9.20.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} tag: ${{ steps.release.outputs.tag }} @@ -178,7 +178,7 @@ jobs: # the branch was updated. To keep PSR working with the configured release branches, # we force a checkout of the desired release branch but at the workflow sha HEAD. - name: Setup | Checkout Repository at workflow sha - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: fetch-depth: 1 ref: ${{ github.sha }} diff --git a/.github/workflows/codeql-analysis-injected.yml b/.github/workflows/codeql-analysis-injected.yml index 12b7830..985e9be 100644 --- a/.github/workflows/codeql-analysis-injected.yml +++ b/.github/workflows/codeql-analysis-injected.yml @@ -42,11 +42,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v3.1.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2.1.36 + uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml @@ -73,4 +73,4 @@ jobs: npm run all - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2.1.36 \ No newline at end of file + uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 \ No newline at end of file diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ea1e214..0f56c0c 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Setup | Checkout Repository at workflow sha - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: ref: ${{ github.sha }} fetch-depth: 0 @@ -125,7 +125,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: ref: ${{ github.sha }} fetch-depth: 1 @@ -157,7 +157,7 @@ jobs: --junit-xml=tests/reports/pytest-results.xml - name: Report | Upload Test Results - uses: mikepenz/action-junit-report@v5.0.0 + uses: mikepenz/action-junit-report@v5.3.0 if: ${{ always() && steps.tests.outcome != 'skipped' }} with: report_paths: ./tests/reports/*.xml @@ -179,7 +179,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: ref: ${{ github.sha }} fetch-depth: 1 @@ -245,7 +245,7 @@ jobs: retention-days: 1 - name: Report | Upload Test Results - uses: mikepenz/action-junit-report@v5.0.0 + uses: mikepenz/action-junit-report@v5.3.0 if: ${{ always() && steps.tests.outcome != 'skipped' }} with: report_paths: ./tests/reports/*.xml @@ -266,7 +266,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: ref: ${{ github.sha }} fetch-depth: 1 @@ -340,7 +340,7 @@ jobs: retention-days: 1 - name: Report | Upload Test Results - uses: mikepenz/action-junit-report@v5.0.0 + uses: mikepenz/action-junit-report@v5.3.0 if: ${{ always() && steps.tests.outcome != 'skipped' }} with: report_paths: ./tests/reports/*.xml @@ -354,7 +354,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@v4.2.2 with: ref: ${{ github.sha }} fetch-depth: 1