ci: Update 3rd-party components of github->actions

Signed-off-by: Taras Drozdovskyi <t.drozdovsky@samsung.com>
Samsung · Apr 22, 2024 · 50fdb91 · 50fdb91
1 parent 12da07a
commit 50fdb91
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 13 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,7 +12,7 @@ jobs:
         platform: [numaker_pfm_m2351, m2351_badge, mps2_an505_qemu]
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
 
       - name: Install extra tools
         run: |

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -19,6 +19,9 @@ on:
   schedule:
     - cron: '19 23 * * 2'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
@@ -48,11 +51,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -86,6 +89,6 @@ jobs:
         make
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/fossology.yml b/.github/workflows/fossology.yml
@@ -9,7 +9,7 @@ jobs:
     name: Check license, copyright, keyword
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
       - run: |
           docker run --rm --name "fossologyscanner" -w "/opt/repo" -v ${PWD}:/opt/repo \
             -e GITHUB_TOKEN=${{ github.token }} \

diff --git a/.github/workflows/license-finder.yml b/.github/workflows/license-finder.yml
@@ -12,7 +12,7 @@ jobs:
       image: gianlucadb0/license_finder
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
 
       - name: License finder run
         run: | 

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -2,12 +2,15 @@ name: cpp-linter
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   cpp-linter:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: cpp-linter/cpp-linter-action@main
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
+      - uses: cpp-linter/cpp-linter-action@bbc213852a439498b38fa21ea5c698e852abd3f5 
         id: linter
         continue-on-error: true
         env:

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -25,7 +25,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
 
       - name: Install extra tools
         run: |
@@ -96,7 +96,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
     with:
       base64-subjects: "${{ needs.build.outputs.hashes }}"
       upload-assets: true # Optional: Upload to a new release
@@ -126,7 +126,7 @@ jobs:
           name: ${{ needs.build.outputs.version }}_ns.bin
 
       - name: Upload assets
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+        uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4
         with:
           files: |
             ${{ needs.build.outputs.version }}_s.bin

diff --git a/.github/workflows/scancode.yml b/.github/workflows/scancode.yml
@@ -12,7 +12,7 @@ jobs:
       image: gianlucadb0/scancode-toolkit
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
 
       - name: Create results directory
         run: mkdir results

diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
@@ -37,7 +37,7 @@ jobs:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f
         with:
           persist-credentials: false