diff --git a/.github/workflows/PullRequestClosed.yml b/.github/workflows/PullRequestClosed.yml index 3ea40a3d..7189d13f 100644 --- a/.github/workflows/PullRequestClosed.yml +++ b/.github/workflows/PullRequestClosed.yml @@ -18,7 +18,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 with: secrets: | development/kv/data/jira user | JIRA_USER; diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml index 60720bf7..0468c925 100644 --- a/.github/workflows/PullRequestCreated.yml +++ b/.github/workflows/PullRequestCreated.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/RequestReview.yml b/.github/workflows/RequestReview.yml index 93326828..6ab75e35 100644 --- a/.github/workflows/RequestReview.yml +++ b/.github/workflows/RequestReview.yml @@ -17,7 +17,7 @@ jobs: github.event.pull_request.head.repo.full_name == github.repository steps: - id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/SubmitReview.yml b/.github/workflows/SubmitReview.yml index 221d43bd..7b07b45d 100644 --- a/.github/workflows/SubmitReview.yml +++ b/.github/workflows/SubmitReview.yml @@ -20,7 +20,7 @@ jobs: || github.event.review.state == 'approved') steps: - id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 with: secrets: | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c4bfd35a..ca7e32ff 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - uses: ./config-npm - - uses: SonarSource/gh-action_pre-commit@0ecedc4e4070444a95f6b6714ddc3ebcdde697c4 # 1.1.0 + - uses: SonarSource/gh-action_pre-commit@2ddc0c7fdabce0adfaaa4075a17690972ed9961a # 1.2.0 with: extra-args: > --from-ref=origin/${{ github.event.pull_request.base.ref }} diff --git a/.github/workflows/test-shell-scripts.yml b/.github/workflows/test-shell-scripts.yml index f8c17e96..203157cf 100644 --- a/.github/workflows/test-shell-scripts.yml +++ b/.github/workflows/test-shell-scripts.yml @@ -20,7 +20,7 @@ jobs: with: fetch-depth: 0 - uses: ./config-npm - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 with: version: 2026.1.0 - name: Run ShellSpec tests @@ -33,7 +33,7 @@ jobs: ./run_shell_tests.sh - name: Vault id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 with: secrets: | development/kv/data/sonarcloud url | SONAR_URL; diff --git a/.github/workflows/unified-dogfooding.yml b/.github/workflows/unified-dogfooding.yml index 76fe6c3e..15886447 100644 --- a/.github/workflows/unified-dogfooding.yml +++ b/.github/workflows/unified-dogfooding.yml @@ -12,7 +12,7 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Run IRIS Analysis uses: SonarSource/unified-dogfooding-actions/run-iris@v1 with: diff --git a/build-gradle/action.yml b/build-gradle/action.yml index 43a6788d..47c3a24d 100644 --- a/build-gradle/action.yml +++ b/build-gradle/action.yml @@ -118,7 +118,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-deployer' || 'qa-deployer') }} run: | echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets with: # yamllint disable rule:line-length @@ -185,7 +185,7 @@ runs: github.event_name != 'pull_request' && steps.build.outputs.deployed == 'true' && (inputs.provenance-artifact-paths != '' || steps.build.outputs.artifact-paths != '') }} - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-path: >- ${{ inputs.provenance-artifact-paths != '' && inputs.provenance-artifact-paths || steps.build.outputs.artifact-paths }} diff --git a/build-maven/action.yml b/build-maven/action.yml index 3dac14ce..eb1e8170 100644 --- a/build-maven/action.yml +++ b/build-maven/action.yml @@ -147,7 +147,7 @@ runs: echo "SONARSOURCE_REPOSITORY_URL=${ARTIFACTORY_URL}/sonarsource" >> "$GITHUB_ENV" # yamllint enable rule:line-length - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets with: # yamllint disable rule:line-length @@ -223,7 +223,7 @@ runs: if: | inputs.provenance == 'true' && github.event_name != 'pull_request' && steps.build.outputs.deployed == 'true' && (inputs.provenance-artifact-paths != '' || steps.build.outputs.artifact-paths != '') - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-path: >- ${{ inputs.provenance-artifact-paths != '' && inputs.provenance-artifact-paths || steps.build.outputs.artifact-paths }} diff --git a/build-npm/action.yml b/build-npm/action.yml index 6ce3deec..0c8aca74 100644 --- a/build-npm/action.yml +++ b/build-npm/action.yml @@ -100,7 +100,7 @@ runs: echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" cp "$ACTION_PATH_BUILD_NPM/mise.local.toml" mise.local.toml - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 with: version: 2026.1.0 @@ -114,7 +114,7 @@ runs: working-directory: ${{ inputs.working-directory }} cache-npm: ${{ inputs.cache-npm }} - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets # yamllint disable rule:line-length with: @@ -170,7 +170,7 @@ runs: github.event_name != 'pull_request' && steps.build.outputs.deployed == 'true' && (inputs.provenance-artifact-paths != '' || steps.build.outputs.artifact-paths != '') }} - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-path: >- ${{ inputs.provenance-artifact-paths != '' && inputs.provenance-artifact-paths || steps.build.outputs.artifact-paths }} diff --git a/build-poetry/action.yml b/build-poetry/action.yml index d0c4a983..e52daab4 100644 --- a/build-poetry/action.yml +++ b/build-poetry/action.yml @@ -110,10 +110,10 @@ runs: path: ${{ github.workspace }}/${{ inputs.poetry-cache-dir }} key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock') }} restore-keys: poetry-${{ runner.os }}- - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 with: version: 2026.1.0 - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets # yamllint disable rule:line-length with: @@ -167,7 +167,7 @@ runs: github.event_name != 'pull_request' && steps.build.outputs.deployed == 'true' && (inputs.provenance-artifact-paths != '' || steps.build.outputs.artifact-paths != '') }} - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-path: >- ${{ inputs.provenance-artifact-paths != '' && inputs.provenance-artifact-paths || steps.build.outputs.artifact-paths }} diff --git a/build-yarn/action.yml b/build-yarn/action.yml index 7f5c7a9e..cac3f221 100644 --- a/build-yarn/action.yml +++ b/build-yarn/action.yml @@ -101,7 +101,7 @@ runs: echo "ARTIFACTORY_DEPLOYER_ROLE=${ARTIFACTORY_DEPLOYER_ROLE}" >> "$GITHUB_ENV" cp "$ACTION_PATH_BUILD_YARN/mise.local.toml" mise.local.toml - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 with: version: 2026.1.0 working_directory: ${{ inputs.working-directory }} @@ -115,7 +115,7 @@ runs: key: yarn-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }} restore-keys: yarn-${{ runner.os }}- - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets # yamllint disable rule:line-length with: @@ -168,7 +168,7 @@ runs: github.event_name != 'pull_request' && steps.build.outputs.deployed == 'true' && (inputs.provenance-artifact-paths != '' || steps.build.outputs.artifact-paths != '') }} - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0 + uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0 with: subject-path: >- ${{ inputs.provenance-artifact-paths != '' && inputs.provenance-artifact-paths || steps.build.outputs.artifact-paths }} diff --git a/code-signing/action.yml b/code-signing/action.yml index 351b8b11..02bdbd3d 100644 --- a/code-signing/action.yml +++ b/code-signing/action.yml @@ -32,7 +32,7 @@ runs: - name: Get DigiCert secrets from Vault id: secrets - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 with: secrets: | development/kv/data/sign/digicert apikey | SM_API_KEY; @@ -43,7 +43,7 @@ runs: - name: Setup DigiCert Client Tools if: steps.tools-cache.outputs.cache-hit != 'true' || inputs.force-download-tools == 'true' - uses: digicert/ssm-code-signing@fb61e357690ad6aaa11c372000c37fb74d35c000 # v1.1.1 + uses: digicert/ssm-code-signing@1d820463733701cf1484c7eb5d7d24a15ca2c454 # v1.2.1 with: force-download-tools: ${{ inputs.force-download-tools }} diff --git a/config-gradle/action.yml b/config-gradle/action.yml index 72e43a8d..606f9376 100644 --- a/config-gradle/action.yml +++ b/config-gradle/action.yml @@ -91,7 +91,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 if: steps.config-gradle-completed.outputs.skip != 'true' id: secrets with: diff --git a/config-maven/action.yml b/config-maven/action.yml index e078bcda..232dbd18 100644 --- a/config-maven/action.yml +++ b/config-maven/action.yml @@ -92,7 +92,7 @@ runs: (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }} run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 if: steps.config-maven-completed.outputs.skip != 'true' id: secrets with: diff --git a/config-npm/action.yml b/config-npm/action.yml index 76bf2eda..c1e50c22 100644 --- a/config-npm/action.yml +++ b/config-npm/action.yml @@ -71,11 +71,11 @@ runs: echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 with: version: 2026.1.0 - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets with: secrets: | diff --git a/config-pip/action.yml b/config-pip/action.yml index 1a2c7434..aeee64a2 100644 --- a/config-pip/action.yml +++ b/config-pip/action.yml @@ -73,7 +73,7 @@ runs: run: | echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV" - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets with: secrets: | diff --git a/get-build-number/action.yml b/get-build-number/action.yml index fdfa1b37..31c0db81 100644 --- a/get-build-number/action.yml +++ b/get-build-number/action.yml @@ -52,7 +52,7 @@ runs: enableCrossOsArchive: true # Otherwise, increment the build number - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets if: steps.from-env.outputs.skip != 'true' && steps.current-build-number.outputs.cache-hit != 'true' with: diff --git a/promote/action.yml b/promote/action.yml index 1905066c..fb938a2f 100644 --- a/promote/action.yml +++ b/promote/action.yml @@ -44,13 +44,13 @@ runs: - uses: ./.actions/get-build-number with: host-actions-root: ${{ steps.set-path.outputs.host_actions_root }} - - uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # 3.1.0 + - uses: SonarSource/vault-action-wrapper@c210d4012f44361e2d2a28aa2d97a75fd90b6214 # 3.1.1 id: secrets with: secrets: | development/artifactory/token/{REPO_OWNER_NAME_DASH}-promoter access_token | ARTIFACTORY_PROMOTE_ACCESS_TOKEN; development/github/token/{REPO_OWNER_NAME_DASH}-promotion token | GITHUB_TOKEN; - - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5 # v3.5.1 + - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 with: version: 2026.1.0 - name: Promote artifacts