diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 4e62f6a..28566fb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,7 +28,7 @@ jobs: with: version: latest test-multi-arch-build: - uses: docker/github-builder/.github/workflows/build.yml@abff7868c866c54704b6afa9ad5871948ca97334 # v1.1.0 + uses: docker/github-builder/.github/workflows/build.yml@1fbf7b561327a08e044298fe9684dac8d248c7d9 # v1.2.0 if: ${{ !github.event.pull_request.head.repo.fork }} with: output: image @@ -115,7 +115,7 @@ jobs: run: | docker images - name: Docker Scout Comparison between main branch and current PR branch - uses: docker/scout-action@75ec1d410792f411fb41df7ab69a62d14d9b6884 # v1.20.1 + uses: docker/scout-action@1128f02d1e60f339af7306e0e62b9fdc13d9fab9 # v1.20.2 with: command: compare image: local://score-radius:pr-${{ github.event.number }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4232165..0f2ec5b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -30,7 +30,7 @@ jobs: with: version: latest - name: Install Cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0 - name: Run GoReleaser uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0 with: @@ -41,7 +41,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TAP_GITHUB_TOKEN: ${{ secrets.TAP_GITHUB_TOKEN }} release-container-image: - uses: docker/github-builder/.github/workflows/build.yml@abff7868c866c54704b6afa9ad5871948ca97334 # v1.1.0 + uses: docker/github-builder/.github/workflows/build.yml@1fbf7b561327a08e044298fe9684dac8d248c7d9 # v1.2.0 permissions: id-token: write # to sign attestation(s) with GitHub OIDC Token packages: write # to push container image to ghcr