From a524ac72d6f6f0d463292e94cab2ca5d22831d9a Mon Sep 17 00:00:00 2001 From: "hashicorp-tsccr[bot]" <129506189+hashicorp-tsccr[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 11:03:32 +0100 Subject: [PATCH] chore(deps): pin trusted workflows based on HashiCorp TSCCR (#3770) Bumping GitHub Actions version to latest TSCCR release. * changes in `.github/workflows/build.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) * changes in `.github/workflows/docker.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) * changes in `.github/workflows/examples.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) * changes in `.github/workflows/integration.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache/restore` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache/restore` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/setup-go` from `v5.0.2` to `v5.1.0` ([release notes](https://github.com/actions/setup-go/releases/tag/v5.1.0)) * changes in `.github/workflows/linting.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/pr-copyright.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/pr-depcheck.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/provider-integration.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache/restore` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/setup-go` from `v5.0.2` to `v5.1.0` ([release notes](https://github.com/actions/setup-go/releases/tag/v5.1.0)) - bump `actions/cache/restore` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) * changes in `.github/workflows/registry-docs-pr-based.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/setup-node` from `v4.0.4` to `v4.1.0` ([release notes](https://github.com/actions/setup-node/releases/tag/v4.1.0)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/setup-node` from `v4.0.4` to `v4.1.0` ([release notes](https://github.com/actions/setup-node/releases/tag/v4.1.0)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/release.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/release_next.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/unit.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) * changes in `.github/workflows/website-release.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) * changes in `.github/workflows/yarn-upgrade.yml` - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) - bump `actions/checkout` from `v4.2.1` to `v4.2.2` ([release notes](https://github.com/actions/checkout/releases/tag/v4.2.2)) - bump `actions/cache` from `v4.1.1` to `v4.1.2` ([release notes](https://github.com/actions/cache/releases/tag/v4.1.2)) _This PR was auto-generated by [security-tsccr/actions/runs/11773085209](https://github.com/hashicorp/security-tsccr/actions/runs/11773085209)_ _You can alter the configuration of this automation via the hcl config in [security-tsccr/automation](https://github.com/hashicorp/security-tsccr/tree/main/automation)_ _This PR can be regenerated by dispatching the GitHub workflow [Pin Action Refs](https://github.com/hashicorp/security-tsccr/actions/workflows/pin-workflows.yml). Please reach out to #team-prodsec if you have any questions._ [](https://github.com/hashicorp/security-tsccr/issues/193) Co-authored-by: hashicorp-tsccr[bot] --- .github/workflows/build.yml | 6 ++--- .github/workflows/docker.yml | 4 ++-- .github/workflows/examples.yml | 10 ++++---- .github/workflows/integration.yml | 24 ++++++++++---------- .github/workflows/linting.yml | 4 ++-- .github/workflows/pr-copyright.yml | 2 +- .github/workflows/pr-depcheck.yml | 2 +- .github/workflows/provider-integration.yml | 20 ++++++++-------- .github/workflows/registry-docs-pr-based.yml | 14 ++++++------ .github/workflows/release.yml | 6 ++--- .github/workflows/release_next.yml | 4 ++-- .github/workflows/unit.yml | 8 +++---- .github/workflows/website-release.yml | 2 +- .github/workflows/yarn-upgrade.yml | 14 ++++++------ 14 files changed, 60 insertions(+), 60 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5eab3068b5..ba4c4950c9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,7 +22,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -34,14 +34,14 @@ jobs: echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT mkdir -p /usr/local/share/.cache/go echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-build restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-build diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 71f4cf0ec4..94cb791a9c 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -16,11 +16,11 @@ jobs: if: github.repository == 'hashicorp/terraform-cdk' runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Cache Docker layers - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ hashFiles('/Dockerfile', '.terraform.versions.json') }} diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index c8f3fbd9ac..179ba1237f 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -24,7 +24,7 @@ jobs: examples: ${{ steps.set-examples.outputs.examples }} steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: set-examples run: | tfDefault=$(cat .terraform.versions.json | jq -r '.default') @@ -45,7 +45,7 @@ jobs: CHECKPOINT_DISABLE: "1" timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -59,20 +59,20 @@ jobs: echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT mkdir -p /usr/local/share/.cache/go echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-examples restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.terraform }} key: terraform-${{ runner.os }}-${{ matrix.terraform }}-examples restore-keys: | terraform-${{ runner.os }}-${{ matrix.terraform }} - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-examples diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 13563ad513..54e1704f0c 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -28,7 +28,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -40,14 +40,14 @@ jobs: echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT mkdir -p /usr/local/share/.cache/go echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-integration @@ -103,7 +103,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: ensure correct user run: chown -R root /__w/terraform-cdk # Setup caches for yarn, terraform, and go @@ -116,21 +116,21 @@ jobs: mkdir -p /usr/local/share/.cache/go echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT # only restore as an individual cache as per matrix explodes our cache usage - - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.terraform }} # put matrix before integration to not restore caches from other sibling matrix jobs key: terraform-${{ runner.os }}-${{ matrix.terraform }}-matrix-integration-${{ matrix.target }} restore-keys: | terraform-${{ runner.os }}-${{ matrix.terraform }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} # put matrix before integration to not restore caches from other sibling matrix jobs @@ -176,7 +176,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Setup caches for yarn, terraform, and go - name: Get cache directory paths id: global-cache-dir-path @@ -188,21 +188,21 @@ jobs: mkdir -p /usr/local/share/.cache/go echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT # only restore as an individual cache as per matrix explodes our cache usage - - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-integration restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.terraform }} # put matrix before integration to not restore caches from other sibling matrix jobs key: terraform-${{ runner.os }}-${{ matrix.terraform }}-matrix-integration-${{ matrix.target }} restore-keys: | terraform-${{ runner.os }}-${{ matrix.terraform }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} # put matrix before integration to not restore caches from other sibling matrix jobs @@ -219,7 +219,7 @@ jobs: - name: Install pipenv run: pip install pipenv - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: 1.18.x cache: false # This is disabled because we don't have a go.sum file and setup-go expects it to use caching. Thus, caching is always broken anyways diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 1fea458852..3af8ee11f8 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -20,7 +20,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: installing dependencies run: | yarn install --frozen-lockfile @@ -33,7 +33,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: installing dependencies run: | yarn install --frozen-lockfile diff --git a/.github/workflows/pr-copyright.yml b/.github/workflows/pr-copyright.yml index 7790918894..829389f8a0 100644 --- a/.github/workflows/pr-copyright.yml +++ b/.github/workflows/pr-copyright.yml @@ -18,7 +18,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} diff --git a/.github/workflows/pr-depcheck.yml b/.github/workflows/pr-depcheck.yml index a7eda9a9ec..c2ebaa90b0 100644 --- a/.github/workflows/pr-depcheck.yml +++ b/.github/workflows/pr-depcheck.yml @@ -28,7 +28,7 @@ jobs: ] steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Run Depcheck" run: | npx lerna exec --scope '${{ matrix.package }}' -- npx -y depcheck --ignores="@types/*,jsii,jsii-pacmak,jsii-docgen,yoga-layout-prebuilt,eslint,jest,tsc-files,typescript,esbuild,esbuild-jest,graphology-types" diff --git a/.github/workflows/provider-integration.yml b/.github/workflows/provider-integration.yml index 45748545de..bd2976c95e 100644 --- a/.github/workflows/provider-integration.yml +++ b/.github/workflows/provider-integration.yml @@ -33,7 +33,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -45,14 +45,14 @@ jobs: echo "yarn=$(yarn cache dir)" >> $GITHUB_OUTPUT mkdir -p /usr/local/share/.cache/go echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-provider-integration @@ -96,7 +96,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Download dist uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: @@ -111,14 +111,14 @@ jobs: mkdir -p /usr/local/share/.cache/terraform echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT # Only restoring yarn caches as the dependencies are not indiviual to each matrix job - - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.terraform }} # put matrix before provider-integration to not restore caches from other sibling matrix jobs @@ -147,7 +147,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: HashiCorp - Setup Terraform uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 with: @@ -156,7 +156,7 @@ jobs: - name: Install pipenv run: pip install pipenv - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: 1.16.x - name: Download dist @@ -172,14 +172,14 @@ jobs: mkdir -p /usr/local/share/.cache/terraform echo "terraform=/usr/local/share/.cache/terraform" >> $GITHUB_OUTPUT # Only restoring yarn caches to save available cache storage size - - uses: actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache/restore@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-provider-integration restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.terraform }} # put matrix before provider-integration to not restore caches from other sibling matrix jobs diff --git a/.github/workflows/registry-docs-pr-based.yml b/.github/workflows/registry-docs-pr-based.yml index 96f52e11d8..44945d2acd 100644 --- a/.github/workflows/registry-docs-pr-based.yml +++ b/.github/workflows/registry-docs-pr-based.yml @@ -69,7 +69,7 @@ jobs: cdktfDocsCleanupBranches: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -88,7 +88,7 @@ jobs: needs: - cdktfDocsCleanupBranches steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -110,14 +110,14 @@ jobs: CHECKPOINT_DISABLE: "1" timeout-minutes: 120 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} token: ${{ secrets.GH_PR_TOKEN }} - name: Setup Node.js - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: "20.x" @@ -150,7 +150,7 @@ jobs: CHECKPOINT_DISABLE: "1" timeout-minutes: 360 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.branch }} @@ -162,7 +162,7 @@ jobs: git config --global --add safe.directory $(pwd) - name: Setup Node.js - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: "20.x" @@ -200,7 +200,7 @@ jobs: - cdktfDocsConvert runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.repository }} fetch-depth: 0 # complete checkout diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 324897105b..da9d70725d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: env: CHECKPOINT_DISABLE: "1" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # gives sentry access to all previous commits - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this @@ -155,7 +155,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: installing dependencies run: | yarn install --frozen-lockfile @@ -320,7 +320,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: version id: get_version run: | diff --git a/.github/workflows/release_next.yml b/.github/workflows/release_next.yml index d27b48ea9b..35e4161857 100644 --- a/.github/workflows/release_next.yml +++ b/.github/workflows/release_next.yml @@ -24,7 +24,7 @@ jobs: env: CHECKPOINT_DISABLE: "1" steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # gives standard-version access to all previous commits - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this @@ -286,7 +286,7 @@ jobs: container: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: version id: get_version run: | diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 595d9a0fef..620173e13b 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -27,7 +27,7 @@ jobs: timeout-minutes: 60 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Add Git safe.directory" # Go 1.18+ started embedding repo info in the build and e.g. building @cdktf/hcl2json fails without this run: git config --global --add safe.directory /__w/terraform-cdk/terraform-cdk - name: ensure correct user @@ -42,21 +42,21 @@ jobs: echo "go=/usr/local/share/.cache/go" >> $GITHUB_OUTPUT mkdir -p /usr/local/share/.cache/providerSchema echo "providerSchema=/usr/local/share/.cache/providerSchema" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.yarn }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-unit restore-keys: | yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}- yarn-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.go }} key: go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-unit restore-keys: | go-${{ runner.os }}-${{ hashFiles('**/go.sum') }}- go-${{ runner.os }}- - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.providerSchema }} key: providerSchema-${{ runner.os }}-${{ inputs.terraform_version }}-unit-${{ inputs.package }} diff --git a/.github/workflows/website-release.yml b/.github/workflows/website-release.yml index 5e7d9e43fe..d0d6b3d248 100644 --- a/.github/workflows/website-release.yml +++ b/.github/workflows/website-release.yml @@ -12,7 +12,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN_WEBSITE_RELEASE }} steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: hashicorp/terraform-website token: ${{ secrets.GH_TOKEN_WEBSITE_RELEASE }} diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml index 8b90c473bd..627497ff45 100644 --- a/.github/workflows/yarn-upgrade.yml +++ b/.github/workflows/yarn-upgrade.yml @@ -24,11 +24,11 @@ jobs: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - name: Check Out - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get yarn cache directory path id: global-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.dir }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-upgrade @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check Out - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Download patch uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -148,11 +148,11 @@ jobs: ] steps: - name: Check Out - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get yarn cache directory path id: global-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.dir }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-upgrade @@ -214,11 +214,11 @@ jobs: image: docker.mirror.hashicorp.services/hashicorp/jsii-terraform steps: - name: Check Out - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get yarn cache directory path id: global-cache-dir-path run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT - - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ steps.global-cache-dir-path.outputs.dir }} key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}-upgrade