From bf25e16aec5c15fcc9bb60595a37d7531748a581 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?=
 <76956526+fproulx-boostsecurity@users.noreply.github.com>
Date: Sun, 14 Apr 2024 19:25:45 -0700
Subject: [PATCH 1/4] Remove in-repo GitHub Action
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We've moved it to its own repo https://github.com/boostsecurityio/poutine-action

Signed-off-by: François Proulx <76956526+fproulx-boostsecurity@users.noreply.github.com>
---
 action.yml | 22 ----------------------
 1 file changed, 22 deletions(-)
 delete mode 100644 action.yml

diff --git a/action.yml b/action.yml
deleted file mode 100644
index 6420d01c..00000000
--- a/action.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-name: poutine - GitHub Actions SAST
-description: |
-  BoostSecurity.io’s poutine detects vulnerabilities and misconfigurations in your GitHub Actions workflows.
-branding:
-  icon: align-center
-  color: yellow
-inputs:
-  format:
-    description: 'Report format'
-    default: sarif
-    required: true
-  output:
-    description: 'Report file output'
-    default: results.sarif
-    required: true
-runs:
-  using: docker
-  image: Dockerfile.action
-  args:
-    - |
-        git config --global --add safe.directory "$GITHUB_WORKSPACE"
-        poutine -format "$INPUT_FORMAT" analyze_local "$GITHUB_WORKSPACE" > "$INPUT_OUTPUT"

From 64337c39107eaccfd0acb906766a9415f487dd05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?=
 <76956526+fproulx-boostsecurity@users.noreply.github.com>
Date: Sun, 14 Apr 2024 19:26:02 -0700
Subject: [PATCH 2/4] Delete Dockerfile.action
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: François Proulx <76956526+fproulx-boostsecurity@users.noreply.github.com>
---
 Dockerfile.action | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 Dockerfile.action

diff --git a/Dockerfile.action b/Dockerfile.action
deleted file mode 100644
index b39c4e5b..00000000
--- a/Dockerfile.action
+++ /dev/null
@@ -1,5 +0,0 @@
-FROM ghcr.io/boostsecurityio/poutine:0.9.7@sha256:034326fac021cbedf8df99e90d993ec3553c7649395040bbb8bca05b601de35a
-
-USER root
-
-ENTRYPOINT ["/bin/sh", "-c"]

From 81bc3ca102e64e39f2b7d73de33657ea17f0758e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?=
 <76956526+fproulx-boostsecurity@users.noreply.github.com>
Date: Sun, 14 Apr 2024 19:26:50 -0700
Subject: [PATCH 3/4] Update pop.yml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: François Proulx <76956526+fproulx-boostsecurity@users.noreply.github.com>
---
 .github/workflows/pop.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/pop.yml b/.github/workflows/pop.yml
index 73e02510..6e5586d6 100644
--- a/.github/workflows/pop.yml
+++ b/.github/workflows/pop.yml
@@ -31,10 +31,9 @@ jobs:
           codeload.github.com:443
           objects.githubusercontent.com:443
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-    - uses: ./
+    - uses: boostsecurityio/poutine-action@63ba14852cb46e541bfca609eedda08df9197b76 # v0.9.7
       name: "Run poutine on poutine's own codebase"
       id: self-test
-
     - name: Upload SARIF file
       uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
       with:

From 80653cf46641d6771e6050c39277a0ef61349bc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Proulx?=
 <76956526+fproulx-boostsecurity@users.noreply.github.com>
Date: Sun, 14 Apr 2024 19:37:36 -0700
Subject: [PATCH 4/4] Update pop.yml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: François Proulx <76956526+fproulx-boostsecurity@users.noreply.github.com>
---
 .github/workflows/pop.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pop.yml b/.github/workflows/pop.yml
index 6e5586d6..09535719 100644
--- a/.github/workflows/pop.yml
+++ b/.github/workflows/pop.yml
@@ -31,7 +31,7 @@ jobs:
           codeload.github.com:443
           objects.githubusercontent.com:443
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-    - uses: boostsecurityio/poutine-action@63ba14852cb46e541bfca609eedda08df9197b76 # v0.9.7
+    - uses: boostsecurityio/poutine-action@main # Dogfood the latest action
       name: "Run poutine on poutine's own codebase"
       id: self-test
     - name: Upload SARIF file