From 7dcf771aefb925f0f183fc77c40eb7194489b89a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 12:46:57 +0000 Subject: [PATCH] chore(deps): update github actions --- .github/workflows/build.yaml | 4 ++-- .github/workflows/publish.yaml | 2 +- .github/workflows/scan.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 6da4630d..d6ea509c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -25,12 +25,12 @@ jobs: run: syft ${{ steps.rockcraft.outputs.rock }} -o spdx-json=${{ steps.name.outputs.name }}.sbom.json - name: Upload SBOM - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4 with: name: ${{ steps.name.outputs.name }}-sbom path: "${{ steps.name.outputs.name }}.sbom.json" - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4 with: name: rock path: ${{ steps.rockcraft.outputs.rock }} diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index e8d3d3a1..104f1393 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -26,7 +26,7 @@ jobs: run: | sudo snap install yq - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: rock diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 505bbefe..1f6a042b 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -24,6 +24,6 @@ jobs: output: 'trivy-results.sarif' - name: Upload scan results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 with: sarif_file: 'trivy-results.sarif'