diff --git a/.github/actions/checkout-go/action.yml b/.github/actions/checkout-go/action.yml index 4e3f29971b..7755b95fa3 100644 --- a/.github/actions/checkout-go/action.yml +++ b/.github/actions/checkout-go/action.yml @@ -39,7 +39,7 @@ runs: # 2. if inputs.ref == '' - name: Checkout the repository with user ref if: inputs.ref != '' - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v2.3.4 with: persist-credentials: false repository: "${{ inputs.repository }}" @@ -48,7 +48,7 @@ runs: - name: Checkout the repository with default ref if: inputs.ref == '' - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.3.4 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v2.3.4 with: fetch-depth: 1 persist-credentials: false @@ -56,6 +56,6 @@ runs: token: "${{ inputs.token }}" - name: Set up Go environment - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # tag=v3.2.0 with: go-version: "${{ inputs.go-version }}" diff --git a/.github/actions/secure-download-artifact/action.yml b/.github/actions/secure-download-artifact/action.yml index 6bd9b17df2..1d305016f7 100644 --- a/.github/actions/secure-download-artifact/action.yml +++ b/.github/actions/secure-download-artifact/action.yml @@ -18,7 +18,7 @@ runs: using: "composite" steps: - name: Download the artifact - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v3.0.0 + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0 with: name: "${{ inputs.name }}" diff --git a/.github/actions/secure-upload-artifact/action.yml b/.github/actions/secure-upload-artifact/action.yml index 1571478d09..8309e59b87 100644 --- a/.github/actions/secure-upload-artifact/action.yml +++ b/.github/actions/secure-upload-artifact/action.yml @@ -19,7 +19,7 @@ runs: path: "${{ inputs.path }}" - name: Upload the artifact - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 with: name: "${{ inputs.path }}" path: "${{ inputs.path }}" diff --git a/.github/workflows/builder_go_slsa3.yml b/.github/workflows/builder_go_slsa3.yml index 7b762b96d1..a30763b320 100644 --- a/.github/workflows/builder_go_slsa3.yml +++ b/.github/workflows/builder_go_slsa3.yml @@ -81,7 +81,7 @@ jobs: steps: - name: Detect the builder ref id: detect - uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@ab345b0851aceba69a2ce8f3d2084f6e7d887850 # v1.1.1 + uses: slsa-framework/slsa-github-generator/.github/actions/detect-workflow@ab345b0851aceba69a2ce8f3d2084f6e7d887850 # tag=v1.1.1 ################################################################### # # @@ -106,7 +106,7 @@ jobs: directory: "${{ env.BUILDER_DIR }}/go" - name: Upload the builder - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 with: name: "${{ env.BUILDER_BINARY }}" path: "${{ env.BUILDER_BINARY }}" @@ -266,7 +266,7 @@ jobs: --workingDir "$UNTRUSTED_WORKING_DIR" - name: Upload the signed provenance - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 with: name: "${{ steps.sign-prov.outputs.signed-provenance-name }}" path: "${{ steps.sign-prov.outputs.signed-provenance-name }}" @@ -298,7 +298,7 @@ jobs: sha256: "${{ needs.provenance.outputs.go-provenance-sha256 }}" - name: Release - uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14 + uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # tag=v0.1.14 with: files: | ${{ needs.build-dry.outputs.go-binary-name }} diff --git a/.github/workflows/generator_generic_slsa3.yml b/.github/workflows/generator_generic_slsa3.yml index 076c54d7ae..11de525494 100644 --- a/.github/workflows/generator_generic_slsa3.yml +++ b/.github/workflows/generator_generic_slsa3.yml @@ -124,7 +124,7 @@ jobs: echo "::set-output name=attestation-sha256::$attestation_sha256" - name: Upload the signed provenance - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 with: name: "${{ steps.sign-prov.outputs.attestation-name }}" path: "${{ steps.sign-prov.outputs.attestation-name }}" @@ -149,7 +149,7 @@ jobs: sha256: "${{ needs.generator.outputs.attestation-sha256 }}" - name: Release - uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14 + uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # tag=v0.1.14 id: release with: files: | diff --git a/.github/workflows/pre-submit.units.yml b/.github/workflows/pre-submit.units.yml index 2f2b5e3e72..559f74411c 100644 --- a/.github/workflows/pre-submit.units.yml +++ b/.github/workflows/pre-submit.units.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - name: setup-go - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # v3.2.0 + uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923 # tag=v3.2.0 with: go-version: "1.18" diff --git a/internal/builders/generic/README.md b/internal/builders/generic/README.md index 585eaad96d..1af8abd950 100644 --- a/internal/builders/generic/README.md +++ b/internal/builders/generic/README.md @@ -109,7 +109,7 @@ jobs: echo "::set-output name=hashes::$(sha256sum artifact1 artifact2 | base64 -w0)" - name: Upload artifact1 - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 with: name: artifact1 path: artifact1 @@ -117,7 +117,7 @@ jobs: retention-days: 5 - name: Upload artifact2 - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 with: name: artifact2 path: artifact2 @@ -142,24 +142,24 @@ jobs: if: startsWith(github.ref, 'refs/tags/') steps: - name: Download artifact1 - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2.1.0 + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0 with: name: artifact1 - name: Download artifact2 - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2.1.0 + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0 with: name: artifact2 - name: Download provenance - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # v2.1.0 + uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v2.1.0 with: # The provenance step returns an output with the artifact name of # our provenance. name: ${{needs.provenance.outputs.attestation-name}} - name: Create release - uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14 + uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # tag=v0.1.14 with: files: | artifact1 diff --git a/internal/builders/go/README.md b/internal/builders/go/README.md index 69783d2c29..00f1995aad 100644 --- a/internal/builders/go/README.md +++ b/internal/builders/go/README.md @@ -157,7 +157,7 @@ jobs: tree-state: ${{ steps.ldflags.outputs.tree-state }} steps: - id: checkout - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.3.4 + uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # tag=v2.3.4 with: fetch-depth: 0 - id: ldflags