diff --git a/.github/workflows/check-drone-signature.yaml b/.github/workflows/check-drone-signature.yaml index db3717d72..5e5d09cd8 100644 --- a/.github/workflows/check-drone-signature.yaml +++ b/.github/workflows/check-drone-signature.yaml @@ -46,7 +46,7 @@ jobs: fi - name: Post PR message about fork if: steps.check-if-fork.outputs.isFork == true && github.event_name == 'pull_request' - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | github.issues.createComment({ diff --git a/.github/workflows/check-for-non-releasable-actions.yaml b/.github/workflows/check-for-non-releasable-actions.yaml index ccbac1ba5..16baeecb2 100644 --- a/.github/workflows/check-for-non-releasable-actions.yaml +++ b/.github/workflows/check-for-non-releasable-actions.yaml @@ -37,7 +37,7 @@ jobs: ./release-please-config.json - name: Check for non-releasable actions - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 with: script: | const fs = require('fs/promises'); diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9f56a1de5..4a6ccda84 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,7 +41,7 @@ jobs: # `/--sha`. - name: tag major and minor versions if: steps.release.outputs.releases_created == 'true' - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: RELEASES: ${{ toJSON(steps.release.outputs) }} with: diff --git a/.github/workflows/reusable-zizmor.yml b/.github/workflows/reusable-zizmor.yml index dca6059f1..3867ef88c 100644 --- a/.github/workflows/reusable-zizmor.yml +++ b/.github/workflows/reusable-zizmor.yml @@ -98,7 +98,7 @@ jobs: - id: get-job-workflow-ref name: Fetch the job_workflow_ref of this run - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | const { jwtVerify, createRemoteJWKSet } = require('jose'); @@ -270,7 +270,7 @@ jobs: - name: Fetch Zizmor Config id: fetch-config if: steps.cache-config.outputs.cache-hit != 'true' && env.DEFAULT_ZIZMOR_CONFIG_DOWNLOADED - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: OWNER: ${{ needs.job-workflow-ref.outputs.owner }} REPO: ${{ needs.job-workflow-ref.outputs.repo }} diff --git a/actions/create-github-app-token/action.yaml b/actions/create-github-app-token/action.yaml index 1e2b0c620..7ab68a31f 100644 --- a/actions/create-github-app-token/action.yaml +++ b/actions/create-github-app-token/action.yaml @@ -37,7 +37,7 @@ runs: echo "ref_sha=$REF_SHA" >> "$GITHUB_OUTPUT" - id: get-github-jwt-token - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: VAULT_INSTANCE: ${{ inputs.vault_instance }} with: @@ -47,7 +47,7 @@ runs: core.setOutput("github-jwt",jwt); - id: get-github-jwt-auth-token - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: VAULT_INSTANCE: ${{ inputs.vault_instance }} with: diff --git a/actions/get-vault-secrets/action.yaml b/actions/get-vault-secrets/action.yaml index ba4c430e4..7588f45b2 100644 --- a/actions/get-vault-secrets/action.yaml +++ b/actions/get-vault-secrets/action.yaml @@ -64,7 +64,7 @@ runs: REPO: ${{ github.repository }} - id: get-github-jwt-token - uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 env: VAULT_INSTANCE: ${{ inputs.vault_instance }} with: