diff --git a/.github/workflows/_checkmarx.yml b/.github/workflows/_checkmarx.yml index 1fc29503..b53c3734 100644 --- a/.github/workflows/_checkmarx.yml +++ b/.github/workflows/_checkmarx.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ github.event.pull_request.head.sha }} @@ -55,7 +55,7 @@ jobs: uses: bitwarden/gh-actions/azure-logout@main - name: Scan with Checkmarx - uses: checkmarx/ast-github-action@fa338ce82069b297c4852ac77e2d168db9fb56d8 # 2.3.21 + uses: checkmarx/ast-github-action@427623bbb54f318e690463e11302a1eb1b9b2b5a # 2.3.25 with: project_name: ${{ github.repository }} cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }} @@ -69,7 +69,7 @@ jobs: - name: Upload Checkmarx results to GitHub if: inputs.upload-sarif - uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.11 with: sarif_file: cx_result.sarif sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }} diff --git a/.github/workflows/_ephemeral_environment_manager.yml b/.github/workflows/_ephemeral_environment_manager.yml index 5e74a952..a004ee23 100644 --- a/.github/workflows/_ephemeral_environment_manager.yml +++ b/.github/workflows/_ephemeral_environment_manager.yml @@ -67,7 +67,7 @@ jobs: uses: bitwarden/gh-actions/azure-logout@main - name: Checkout Ephemeral Environment Charts - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: bitwarden/ephemeral-environment-charts token: '${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}' @@ -108,7 +108,7 @@ jobs: uses: bitwarden/gh-actions/azure-logout@main - name: Checkout ${{ inputs.project }} - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: bitwarden/${{ inputs.project }} ref: ${{ inputs.ephemeral_env_branch }} diff --git a/.github/workflows/_publish-mobile-github-release.yml b/.github/workflows/_publish-mobile-github-release.yml index 06d1b9c5..71f039aa 100644 --- a/.github/workflows/_publish-mobile-github-release.yml +++ b/.github/workflows/_publish-mobile-github-release.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Check out repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 @@ -166,7 +166,7 @@ jobs: - name: Configure Ruby if: steps.check_already_processed.outputs.should_skip == 'false' - uses: ruby/setup-ruby@ca041f971d66735f3e5ff1e21cc13e2d51e7e535 # v1.233.0 + uses: ruby/setup-ruby@efbf473cab83af4468e8606cc33eca9281bb213f # v1.256.0 with: bundler-cache: true diff --git a/.github/workflows/_sonar.yml b/.github/workflows/_sonar.yml index 3b7e098e..92f059cd 100644 --- a/.github/workflows/_sonar.yml +++ b/.github/workflows/_sonar.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/_version.yml b/.github/workflows/_version.yml index 962069a2..18ef6307 100644 --- a/.github/workflows/_version.yml +++ b/.github/workflows/_version.yml @@ -25,7 +25,7 @@ jobs: version: ${{ steps.calculate.outputs.version }} steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 diff --git a/.github/workflows/test-download-artifacts.yml b/.github/workflows/test-download-artifacts.yml index 8759fdd0..f940dedd 100644 --- a/.github/workflows/test-download-artifacts.yml +++ b/.github/workflows/test-download-artifacts.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -43,7 +43,7 @@ jobs: if: github.ref == 'refs/heads/main' steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -64,7 +64,7 @@ jobs: if: github.event_name != 'pull_request' steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Extract branch name id: extract_branch @@ -91,7 +91,7 @@ jobs: if: github.event_name == 'pull_request' steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -112,7 +112,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -132,7 +132,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -153,7 +153,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -173,7 +173,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download uses: ./download-artifacts @@ -193,7 +193,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download id: download diff --git a/.github/workflows/test-get-secrets.yml b/.github/workflows/test-get-secrets.yml index f8800bd9..3e689990 100644 --- a/.github/workflows/test-get-secrets.yml +++ b/.github/workflows/test-get-secrets.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 @@ -96,7 +96,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Check out repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 diff --git a/.github/workflows/test-release-version-check.yml b/.github/workflows/test-release-version-check.yml index 2ddf7ccf..3f398f0c 100644 --- a/.github/workflows/test-release-version-check.yml +++ b/.github/workflows/test-release-version-check.yml @@ -64,7 +64,7 @@ jobs: xamarin-calver-fail-status: ${{ steps.set-status.outputs.xamarin-calver-fail }} steps: - name: Checkout Branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Version Check - ${{ matrix.name }} id: run-version-check diff --git a/.github/workflows/test-report-deployment-status-to-slack.yml b/.github/workflows/test-report-deployment-status-to-slack.yml index e5af6c03..f57de3fd 100644 --- a/.github/workflows/test-report-deployment-status-to-slack.yml +++ b/.github/workflows/test-report-deployment-status-to-slack.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Start uses: ./report-deployment-status-to-slack @@ -84,7 +84,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: With DB migration true on main uses: ./report-deployment-status-to-slack diff --git a/.github/workflows/test-report-upcoming-release-version.yml b/.github/workflows/test-report-upcoming-release-version.yml index 07628d31..a5dd5f6d 100644 --- a/.github/workflows/test-report-upcoming-release-version.yml +++ b/.github/workflows/test-report-upcoming-release-version.yml @@ -14,7 +14,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Report upcoming release version to Slack uses: ./report-upcoming-release-version diff --git a/.github/workflows/test-version-bump.yml b/.github/workflows/test-version-bump.yml index 633c6ffc..e4344107 100644 --- a/.github/workflows/test-version-bump.yml +++ b/.github/workflows/test-version-bump.yml @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Bump JSON Test id: test_json diff --git a/.github/workflows/upload-test-artifacts.yml b/.github/workflows/upload-test-artifacts.yml index 11ab6541..4af994bc 100644 --- a/.github/workflows/upload-test-artifacts.yml +++ b/.github/workflows/upload-test-artifacts.yml @@ -22,7 +22,7 @@ jobs: echo $GITHUB_SHA > artifact/sha - name: Upload - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: artifact path: artifact @@ -39,13 +39,13 @@ jobs: echo $GITHUB_SHA > artifact2/sha2 - name: Upload first - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: artifact1 path: artifact1 - name: Upload second - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: artifact2 path: artifact2 @@ -62,13 +62,13 @@ jobs: echo $GITHUB_SHA > artifact2/sha2 - name: Upload first - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: artifact1.txt path: artifact1 - name: Upload second - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: artifact2.txt path: artifact2 diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index 1d80e931..74239b95 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Check out branch - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: ${{ github.repository }} fetch-depth: ${{ github.event_name == 'pull_request' && 2 || 0 }} @@ -57,9 +57,9 @@ jobs: - name: Set up Python 3.13 if: steps.changed-workflows.outputs.changed_files_count != '0' - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: "3.13.5" + python-version: "3.13.7" - name: Install bwwl binary if: steps.changed-workflows.outputs.changed_files_count != '0'