diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index 175301e1..74cf62ea 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -18,7 +18,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/kv/data/jira user | JIRA_USER; diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index b27d33ab..ead51870 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 64793cc2..735d9ee7 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index f1dec7b6..178c0d05 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -20,7 +20,7 @@ jobs: || github.event.review.state == 'approved') steps: - id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index b476ccbc..df360616 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -6,7 +6,7 @@ jobs: pre-commit: runs-on: sonar-runner-large steps: - - uses: jdx/mise-action@bfb9fa0b029db830a8c570757cee683df207a6c5 # v2.4.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 - uses: SonarSource/gh-action_pre-commit@0ecedc4e4070444a95f6b6714ddc3ebcdde697c4 # 1.1.0 diff --git a/.github/workflows/test-pr-cleanup.yml b/.github/workflows/test-pr-cleanup.yml index cd686a4c..4a17d8c2 100644 --- a/.github/workflows/test-pr-cleanup.yml +++ b/.github/workflows/test-pr-cleanup.yml @@ -16,7 +16,7 @@ jobs: echo "Test content for cache" > test-cache/test.txt - name: Save test cache - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ./test-cache key: test-cache-${{ github.event.pull_request.number }} diff --git a/.github/workflows/test-shell-scripts.yml b/.github/workflows/test-shell-scripts.yml index 9e2c4156..ef4ae265 100644 --- a/.github/workflows/test-shell-scripts.yml +++ b/.github/workflows/test-shell-scripts.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: jdx/mise-action@bfb9fa0b029db830a8c570757cee683df207a6c5 # v2.4.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 - name: Run ShellSpec tests @@ -30,7 +30,7 @@ jobs: ./run_shell_tests.sh - name: Vault id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/kv/data/sonarcloud url | SONAR_URL; diff --git a/build-gradle/action.yml b/build-gradle/action.yml index ba70e91d..d5ec8104 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -62,7 +62,7 @@ runs: - name: Vault id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: # yamllint disable rule:line-length secrets: | @@ -77,7 +77,7 @@ runs: # yamllint enable rule:line-length - name: Setup Gradle - uses: gradle/actions/setup-gradle@ac638b010cf58a27ee6c972d7336334ccaf61c96 # v4.4.1 + uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4.4.2 with: gradle-version: ${{ inputs.gradle-version }} develocity-access-key: >- diff --git a/build-maven/action.yml b/build-maven/action.yml index 540e34c9..f91026cb 100644 --- a/build-maven/action.yml +++ b/build-maven/action.yml @@ -63,7 +63,7 @@ runs: - name: Vault # yamllint disable rule:line-length id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/kv/data/${{ inputs.sonar-platform == 'sqc-eu' && 'sonarcloud' || (inputs.sonar-platform == 'sqc-us' && 'sonarqube-us' || 'next') }} url | SONAR_HOST_URL; diff --git a/build-npm/action.yml b/build-npm/action.yml index a95d11d8..72ed9dc7 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -65,7 +65,7 @@ runs: run: | cp ${GITHUB_ACTION_PATH}/mise.local.toml mise.local.toml - - uses: jdx/mise-action@bfb9fa0b029db830a8c570757cee683df207a6c5 # v2.4.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 @@ -81,7 +81,7 @@ runs: - name: Vault # yamllint disable rule:line-length id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/kv/data/${{ inputs.sonar-platform == 'sqc-eu' && 'sonarcloud' || (inputs.sonar-platform == 'sqc-us' && 'sonarqube-us' || 'next') }} url | SONAR_HOST_URL; diff --git a/build-poetry/action.yml b/build-poetry/action.yml index ed72b4b0..645edee5 100644 --- a/build-poetry/action.yml +++ b/build-poetry/action.yml @@ -52,18 +52,18 @@ runs: echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" cp ${GITHUB_ACTION_PATH}/mise.local.toml mise.local.toml - name: Cache local Poetry cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} restore-keys: poetry-${{ runner.os }}- - - uses: jdx/mise-action@bfb9fa0b029db830a8c570757cee683df207a6c5 # v2.4.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 - name: Vault # yamllint disable rule:line-length id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/kv/data/${{ inputs.sonar-platform == 'sqc-eu' && 'sonarcloud' || (inputs.sonar-platform == 'sqc-us' && 'sonarqube-us' || 'next') }} url | SONAR_HOST_URL; diff --git a/build-yarn/action.yml b/build-yarn/action.yml index 0ea1bbc1..40a2ff38 100644 --- a/build-yarn/action.yml +++ b/build-yarn/action.yml @@ -61,7 +61,7 @@ runs: run: | cp ${GITHUB_ACTION_PATH}/mise.local.toml mise.local.toml - - uses: jdx/mise-action@bfb9fa0b029db830a8c570757cee683df207a6c5 # v2.4.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 with: version: 2025.7.12 @@ -78,7 +78,7 @@ runs: - name: Vault # yamllint disable rule:line-length id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/kv/data/${{ inputs.sonar-platform == 'sqc-eu' && 'sonarcloud' || (inputs.sonar-platform == 'sqc-us' && 'sonarqube-us' || 'next') }} url | SONAR_HOST_URL; diff --git a/cache/action.yml b/cache/action.yml index 0a7dfe70..7758b76f 100644 --- a/cache/action.yml +++ b/cache/action.yml @@ -61,7 +61,7 @@ runs: - name: Cache with GitHub Actions (public repos) if: steps.repo-visibility.outputs.cache-backend == 'github' - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 id: github-cache with: path: ${{ inputs.path }} diff --git a/get-build-number/action.yml b/get-build-number/action.yml index 50dc0fe2..17cfc271 100644 --- a/get-build-number/action.yml +++ b/get-build-number/action.yml @@ -11,7 +11,7 @@ runs: steps: # Reuse current build number in case of rerun - name: Get cached build number - uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 id: current-build-number with: path: build_number.txt @@ -21,7 +21,7 @@ runs: - name: Get secrets from Vault id: secrets if: steps.current-build-number.outputs.cache-hit != 'true' - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: development/github/token/{REPO_OWNER_NAME_DASH}-build-number token | github_token; - name: Get new build number @@ -41,7 +41,7 @@ runs: echo "BUILD_NUMBER=${BUILD_NUMBER}" >> "$GITHUB_ENV" echo "BUILD_NUMBER=${BUILD_NUMBER}" >> "$GITHUB_OUTPUT" - name: Save build number to cache - uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 if: steps.current-build-number.outputs.cache-hit != 'true' with: path: build_number.txt diff --git a/promote/action.yml b/promote/action.yml index a31e7bba..d3035ce6 100644 --- a/promote/action.yml +++ b/promote/action.yml @@ -25,12 +25,12 @@ runs: - name: Vault if: ${{ inputs.promote-pull-request == 'true' }} id: secrets - uses: SonarSource/vault-action-wrapper@d6d745ffdbc82b040df839b903bc33b5592cd6b0 # 3.0.2 + uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 with: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token | ARTIFACTORY_PROMOTE_ACCESS_TOKEN; development/github/token/{REPO_OWNER_NAME_DASH}-promotion token | GITHUB_TOKEN; - - uses: jdx/mise-action@bfb9fa0b029db830a8c570757cee683df207a6c5 # v2.4.0 + - uses: jdx/mise-action@c37c93293d6b742fc901e1406b8f764f6fb19dac # v2.4.4 if: ${{ inputs.promote-pull-request == 'true' }} with: version: 2025.7.12