diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6dfbbf..965b37b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,7 +12,7 @@ jobs: platform: [numaker_pfm_m2351, m2351_badge, mps2_an505_qemu] runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Install extra tools run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 15cdbe3..f84126e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -51,11 +51,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,6 +89,6 @@ jobs: make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/fossology.yml b/.github/workflows/fossology.yml index a968c23..6941246 100644 --- a/.github/workflows/fossology.yml +++ b/.github/workflows/fossology.yml @@ -9,7 +9,7 @@ jobs: name: Check license, copyright, keyword runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - run: | docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \ -e GITHUB_TOKEN=${{ github.token }} \ @@ -21,12 +21,12 @@ jobs: -e GITHUB_ACTIONS=true \ fossology/fossology:scanner "/bin/fossologyscanner" --report TEXT repo nomos ojo copyright keyword # Upload artifact - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: scan-fossology-report path: ./results # Artifact download - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: scan-fossology-report diff --git a/.github/workflows/license-finder.yml b/.github/workflows/license-finder.yml index 9646b3e..0813253 100644 --- a/.github/workflows/license-finder.yml +++ b/.github/workflows/license-finder.yml @@ -12,7 +12,7 @@ jobs: image: gianlucadb0/license_finder steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: License finder run run: | @@ -20,12 +20,12 @@ jobs: license_finder > ./license-finder-report - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: scan-license-finder-report path: ./license-finder-report - name: Artifact download - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: scan-license-finder-report diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f118010..a64b162 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -9,8 +9,8 @@ jobs: cpp-linter: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - - uses: cpp-linter/cpp-linter-action@91cfe27ea9f72194d7a74c64bcd71f6613446cb1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + - uses: cpp-linter/cpp-linter-action@948cea872508ea44123a1e3d8638a5b828a409af id: linter continue-on-error: true env: @@ -25,4 +25,4 @@ jobs: run: | echo "some linter checks failed. ${{ steps.linter.outputs.checks-failed }}" # for actual deployment - # run: exit 1 \ No newline at end of file + # run: exit 1 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 71cd2c5..654e8ef 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -20,12 +20,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Install extra tools run: | @@ -55,14 +55,14 @@ jobs: # echo "version=mtower-${VERSION:1}.bin" >> "$GITHUB_OUTPUT" - name: Upload build artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: ${{ steps.mtower_version.outputs.version }}_s.bin path: ./${{ steps.mtower_version.outputs.version }}_s.bin if-no-files-found: error - name: Upload build artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: ${{ steps.mtower_version.outputs.version }}_ns.bin path: ./${{ steps.mtower_version.outputs.version }}_ns.bin @@ -78,7 +78,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit @@ -111,22 +111,22 @@ jobs: if: startsWith(github.ref, 'refs/tags/') steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Download ${{ needs.build.outputs.version }}_s.bin - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: ${{ needs.build.outputs.version }}_s.bin - name: Download ${{ needs.build.outputs.version }}_ns.bin - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: ${{ needs.build.outputs.version }}_ns.bin - name: Upload assets - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 with: files: | ${{ needs.build.outputs.version }}_s.bin diff --git a/.github/workflows/scancode.yml b/.github/workflows/scancode.yml index c876d65..56d345d 100644 --- a/.github/workflows/scancode.yml +++ b/.github/workflows/scancode.yml @@ -12,7 +12,7 @@ jobs: image: gianlucadb0/scancode-toolkit steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 - name: Create results directory run: mkdir results @@ -21,12 +21,12 @@ jobs: run: scancode -clpeui -n 2 --cyclonedx ./results/sbom-cyclonedx --spdx-rdf ./results/sbom-spdx ./ - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: scan-scancode-report path: ./results/ - name: Artifact download - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: scan-scancode-report \ No newline at end of file diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 475988e..ddac55e 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -32,17 +32,17 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 with: results_file: results.sarif results_format: sarif @@ -64,7 +64,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b with: name: SARIF file path: results.sarif @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a with: sarif_file: results.sarif \ No newline at end of file