diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 6eab2a60ed..a350ebf354 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -171,7 +171,7 @@ jobs: uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # pin@v3.7.0 - name: Set up Docker Buildx if: github.event_name != 'pull_request' - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # pin@v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # pin@v3.12.0 - name: Set up cosign if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # pin@v4.0.0 diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml index 7e87cc1577..8bf7bd8ab0 100644 --- a/.github/workflows/qc_checks.yaml +++ b/.github/workflows/qc_checks.yaml @@ -176,7 +176,7 @@ jobs: - name: Export API Documentation run: invoke dev.schema --ignore-warnings --filename src/backend/InvenTree/schema.yml - name: Upload schema - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 with: name: schema.yml path: src/backend/InvenTree/schema.yml @@ -225,17 +225,17 @@ jobs: - name: Extract settings / tags run: invoke int.export-definitions --basedir docs - name: Upload settings - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 with: name: inventree_settings.json path: docs/generated/inventree_settings.json - name: Upload tags - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 with: name: inventree_tags.yml path: docs/generated/inventree_tags.yml - name: Upload filters - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 with: name: inventree_filters.yml path: docs/generated/inventree_filters.yml @@ -258,7 +258,7 @@ jobs: - name: Create artifact directory run: mkdir -p artifact - name: Download schema artifact - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # pin@v6.0.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # pin@v7.0.0 with: path: artifact merge-multiple: true @@ -275,7 +275,7 @@ jobs: echo "after move" ls -la artifact rm -rf artifact - - uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # pin@v7.0.0 + - uses: stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9 # pin@v7.1.0 name: Commit schema changes with: commit_message: "Update API schema for ${{ env.version }} / ${{ github.sha }}" @@ -364,13 +364,13 @@ jobs: - name: Coverage Tests run: invoke dev.test --check --coverage --translations - name: Upload raw coverage to artifacts - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 with: name: coverage path: .coverage retention-days: 14 - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # pin@v5.5.1 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@v5.5.2 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} @@ -405,7 +405,7 @@ jobs: dev-install: true update: true - name: Performance Reporting - uses: CodSpeedHQ/action@346a2d8a8d9d38909abd0bc3d23f773110f076ad # pin@v4 + uses: CodSpeedHQ/action@972e3437949c89e1357ebd1a2dbc852fcbc57245 # pin@v4 with: mode: simulation run: inv dev.test --pytest @@ -546,7 +546,7 @@ jobs: - name: Run Tests run: invoke dev.test --check --migrations --report --coverage --translations - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # pin@v5.5.1 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@v5.5.2 if: always() with: token: ${{ secrets.CODECOV_TOKEN }} @@ -668,7 +668,7 @@ jobs: - name: Run Playwright tests id: tests run: cd src/frontend && npx nyc playwright test - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 if: ${{ !cancelled() && steps.tests.outcome == 'failure' }} with: name: playwright-report @@ -677,7 +677,7 @@ jobs: - name: Report coverage run: cd src/frontend && npx nyc report --report-dir ./coverage --temp-dir .nyc_output --reporter=lcov --exclude-after-remap false - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # pin@v5.5.1 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # pin@v5.5.2 with: token: ${{ secrets.CODECOV_TOKEN }} slug: inventree/InvenTree @@ -713,7 +713,7 @@ jobs: run: | cd src/backend/InvenTree/web/static zip -r frontend-build.zip web/ web/.vite - - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # pin@v5.0.0 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # pin@v6.0.0 with: name: frontend-build path: src/backend/InvenTree/web/static/web @@ -738,7 +738,7 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # pin@v3 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # pin@v3 with: sarif_file: results.sarif category: zizmor diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 35f2aeea44..a5dab5f4ba 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -71,7 +71,7 @@ jobs: zip -r ../frontend-build.zip * .vite - name: Attest Build Provenance id: attest - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # pin@v1 + uses: actions/attest-build-provenance@00014ed6ed5efc5b1ab7f7f34a39eb55d41aa4f8 # pin@v1 with: subject-path: "${{ github.workspace }}/src/backend/InvenTree/web/static/frontend-build.zip" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 167b29bc60..1387301622 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5 + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: results.sarif