diff --git a/.github/workflows/clean-branch-cache.yml b/.github/workflows/clean-branch-cache.yml index ad1b575..0d8b3a0 100644 --- a/.github/workflows/clean-branch-cache.yml +++ b/.github/workflows/clean-branch-cache.yml @@ -17,7 +17,7 @@ jobs: permissions: actions: write steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 654c828..341bed3 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -76,7 +76,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 943d3ec..3dea1eb 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -25,7 +25,7 @@ jobs: runs-on: ${{ inputs.runs-on }} if: (github.actor != 'dependabot[bot]') steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml index 68723c8..4607172 100644 --- a/.github/workflows/go-ci.yml +++ b/.github/workflows/go-ci.yml @@ -34,7 +34,7 @@ jobs: pull-requests: write checks: write steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -70,7 +70,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -106,7 +106,7 @@ jobs: permissions: contents: write steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/go-security-scan.yml b/.github/workflows/go-security-scan.yml index 77559ae..e3316fd 100644 --- a/.github/workflows/go-security-scan.yml +++ b/.github/workflows/go-security-scan.yml @@ -33,7 +33,7 @@ jobs: env: GO111MODULE: on steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/infra-security-scan.yml b/.github/workflows/infra-security-scan.yml index 9e38645..1b63985 100644 --- a/.github/workflows/infra-security-scan.yml +++ b/.github/workflows/infra-security-scan.yml @@ -34,7 +34,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block @@ -78,7 +78,7 @@ jobs: pull-requests: write security-events: write steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: block @@ -100,7 +100,7 @@ jobs: filter_mode: nofilter tool_name: actionlint - name: Install uv - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 with: enable-cache: true - name: Run zizmor diff --git a/.github/workflows/local-auto-tagger.yml b/.github/workflows/local-auto-tagger.yml index 9c146f8..cdf690f 100644 --- a/.github/workflows/local-auto-tagger.yml +++ b/.github/workflows/local-auto-tagger.yml @@ -17,7 +17,7 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/pulumi-preview.yml b/.github/workflows/pulumi-preview.yml index 0b406fe..f84b759 100644 --- a/.github/workflows/pulumi-preview.yml +++ b/.github/workflows/pulumi-preview.yml @@ -51,7 +51,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -88,7 +88,7 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true diff --git a/.github/workflows/pulumi-up.yml b/.github/workflows/pulumi-up.yml index 43ff649..f07e6c6 100644 --- a/.github/workflows/pulumi-up.yml +++ b/.github/workflows/pulumi-up.yml @@ -50,7 +50,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -87,7 +87,7 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 31ca167..7da2701 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -31,7 +31,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -66,7 +66,7 @@ jobs: installer-parallel: true # ----- UV ----- - - uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1 + - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 if: ${{ hashFiles(format('{0}/uv.lock', inputs.working-directory)) != '' }} with: enable-cache: true diff --git a/.github/workflows/rust-ci.yml b/.github/workflows/rust-ci.yml index 04f5c0b..45a34a3 100644 --- a/.github/workflows/rust-ci.yml +++ b/.github/workflows/rust-ci.yml @@ -52,7 +52,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -85,7 +85,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -116,7 +116,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block @@ -170,7 +170,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: block diff --git a/.github/workflows/terraform-ci.yml b/.github/workflows/terraform-ci.yml index 82c3ee9..5cbb4c7 100644 --- a/.github/workflows/terraform-ci.yml +++ b/.github/workflows/terraform-ci.yml @@ -47,7 +47,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo: ${{ inputs.disable-sudo }} egress-policy: audit @@ -135,7 +135,7 @@ jobs: run: working-directory: ${{ inputs.working-directory }} steps: - - uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1 + - uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2 with: disable-sudo-and-containers: ${{ inputs.disable-sudo }} egress-policy: audit