diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 3abc516262..eb0e792d94 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -79,7 +79,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/oss @@ -145,7 +145,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus @@ -232,7 +232,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic-base/plus diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 5a1bdef845..32b0467d03 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -102,7 +102,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: context: ${{ inputs.tag != '' && 'git' || 'workflow' }} images: | diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 14aa14d1cb..b3c2443555 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -123,7 +123,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | name=gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/nginx-ic${{ contains(inputs.nap_modules, 'dos') && '-dos' || '' }}${{ contains(inputs.nap_modules, 'waf') && '-nap' || '' }}/nginx-plus-ingress diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 73189dc9c7..aa502f72b6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,7 +114,7 @@ jobs: run: make cover if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 + uses: codecov/codecov-action@f30e4959ba63075080d4f7f90cacc18d9f3fafd7 # v4.0.0 with: files: ./coverage.txt if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} @@ -177,11 +177,11 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Download Syft - uses: anchore/sbom-action/download-syft@c6aed38a4323b393d05372c58a74c39ae8386d02 # v0.15.6 + uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 if: github.ref_type == 'tag' - name: Install Cosign - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 if: github.ref_type == 'tag' - name: Build binaries diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 60ba79dd82..fd48ae5611 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -52,7 +52,7 @@ jobs: .github/scripts/release-notes-update.sh ${{ github.event.inputs.version }} ${{ github.event.inputs.helm_version }} "${{ github.event.inputs.k8s_versions }}" "${{ github.event.inputs.release_date }}" - name: Create Pull Request - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 + uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 with: token: ${{ secrets.NGINX_PAT }} commit-message: Release ${{ github.event.inputs.version }}