diff --git a/.github/workflows/build-and-push-fleetctl-docker.yml b/.github/workflows/build-and-push-fleetctl-docker.yml index 860a45ba36..c8529b4662 100644 --- a/.github/workflows/build-and-push-fleetctl-docker.yml +++ b/.github/workflows/build-and-push-fleetctl-docker.yml @@ -20,7 +20,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Login to Docker Hub uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v1.10.0 diff --git a/.github/workflows/build-binaries.yaml b/.github/workflows/build-binaries.yaml index 7a3882c739..ef6179cde8 100644 --- a/.github/workflows/build-binaries.yaml +++ b/.github/workflows/build-binaries.yaml @@ -20,7 +20,7 @@ jobs: go-version: 1.17 - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: JS Dependency Cache id: js-cache diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 76d2f54838..46f16dae82 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/deploy-fleet-website.yml b/.github/workflows/deploy-fleet-website.yml index b22b713d90..c385759680 100644 --- a/.github/workflows/deploy-fleet-website.yml +++ b/.github/workflows/deploy-fleet-website.yml @@ -23,7 +23,7 @@ jobs: node-version: [14.x] steps: - - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Configure our access credentials for the Heroku CLI - uses: akhileshns/heroku-deploy@79ef2ae4ff9b897010907016b268fd0f88561820 # v3.6.8 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 17940508d7..662620c3c1 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -18,7 +18,7 @@ jobs: contents: read # to read files to check dead links runs-on: ubuntu-latest steps: - - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # master - uses: gaurav-nelson/github-action-markdown-link-check@58f84fd654812d0d8da4e4d4a559eda087daf8ce # v1.0.13 with: use-quiet-mode: 'yes' diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml index 7cdda85ea7..854cef1253 100644 --- a/.github/workflows/dogfood-deploy.yml +++ b/.github/workflows/dogfood-deploy.yml @@ -26,7 +26,7 @@ env: permissions: id-token: write - contents: read # This is required for actions/checkout@v2 + contents: read # This is required for actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b defaults: @@ -38,7 +38,7 @@ jobs: name: Deploy Fleet Dogfood Environment runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - uses: aws-actions/configure-aws-credentials@v1 with: role-to-assume: ${{env.AWS_IAM_ROLE}} diff --git a/.github/workflows/fleet-and-orbit.yml b/.github/workflows/fleet-and-orbit.yml index 631f0af001..14b34f38c4 100644 --- a/.github/workflows/fleet-and-orbit.yml +++ b/.github/workflows/fleet-and-orbit.yml @@ -54,7 +54,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Start tunnel env: @@ -143,7 +143,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Build Fleetctl run: make fleetctl @@ -192,7 +192,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Docker needs to be installed manually on macOS. # From https://github.com/docker/for-mac/issues/2359#issuecomment-943131345 @@ -260,7 +260,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Download pkg id: download diff --git a/.github/workflows/fleetctl-preview-latest.yml b/.github/workflows/fleetctl-preview-latest.yml index 2682b4fb81..dc744ef120 100644 --- a/.github/workflows/fleetctl-preview-latest.yml +++ b/.github/workflows/fleetctl-preview-latest.yml @@ -64,7 +64,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Build Fleetctl run: make fleetctl diff --git a/.github/workflows/generate-desktop-targets.yml b/.github/workflows/generate-desktop-targets.yml index 84cf61b43c..0881f06505 100644 --- a/.github/workflows/generate-desktop-targets.yml +++ b/.github/workflows/generate-desktop-targets.yml @@ -30,7 +30,7 @@ jobs: go-version: '^1.17.0' - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Import signing keys env: @@ -76,7 +76,7 @@ jobs: go-version: '^1.17.0' - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Generate fleet-desktop.exe run: | @@ -99,7 +99,7 @@ jobs: go-version: '^1.17.0' - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Generate desktop.tar.gz run: | diff --git a/.github/workflows/generate-osqueryd-targets.yml b/.github/workflows/generate-osqueryd-targets.yml index 64fd4b0e5e..716df65698 100644 --- a/.github/workflows/generate-osqueryd-targets.yml +++ b/.github/workflows/generate-osqueryd-targets.yml @@ -24,7 +24,7 @@ jobs: runs-on: macos-latest steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Generate osqueryd.app.tar.gz run: | @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Download and extract osqueryd for linux run: | @@ -60,7 +60,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Download osquery msi for Windows shell: bash diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 8746d54f72..4b768b95ad 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -22,7 +22,7 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a with: diff --git a/.github/workflows/goreleaser-fleet.yaml b/.github/workflows/goreleaser-fleet.yaml index f0c06c247c..a16c2b4ee9 100644 --- a/.github/workflows/goreleaser-fleet.yaml +++ b/.github/workflows/goreleaser-fleet.yaml @@ -16,7 +16,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 with: fetch-depth: 0 # Needed for goreleaser diff --git a/.github/workflows/goreleaser-orbit.yaml b/.github/workflows/goreleaser-orbit.yaml index aedf3bcfde..cf41d8d1b6 100644 --- a/.github/workflows/goreleaser-orbit.yaml +++ b/.github/workflows/goreleaser-orbit.yaml @@ -16,7 +16,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Note that goreleaser does not like the orbit- prefixed flag unless you use the closed-source # paid version. We pay for goreleaser, but using the closed source build would weaken our diff --git a/.github/workflows/goreleaser-snapshot-fleet.yaml b/.github/workflows/goreleaser-snapshot-fleet.yaml index 7527d085ca..9cc6800a6b 100644 --- a/.github/workflows/goreleaser-snapshot-fleet.yaml +++ b/.github/workflows/goreleaser-snapshot-fleet.yaml @@ -16,7 +16,7 @@ jobs: environment: Docker Hub steps: - name: Checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Login to Docker Hub uses: docker/login-action@49ed152c8eca782a232dede0303416e8f356c37b # v1.10.0 diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index fa31f3f495..dd640408f3 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -146,7 +146,7 @@ jobs: needs: [gen, login] steps: - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Install dependencies run: | @@ -207,7 +207,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Build Fleetctl run: make fleetctl diff --git a/.github/workflows/pr-helm.yaml b/.github/workflows/pr-helm.yaml index d7d2768bce..012ab1ac61 100644 --- a/.github/workflows/pr-helm.yaml +++ b/.github/workflows/pr-helm.yaml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: checkout - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: create temp dir run: mkdir -p helm-temp - name: helm template -- default values diff --git a/.github/workflows/push-osquery-perf-to-ecr.yml b/.github/workflows/push-osquery-perf-to-ecr.yml index 69cc1005c5..ffa488c0fb 100644 --- a/.github/workflows/push-osquery-perf-to-ecr.yml +++ b/.github/workflows/push-osquery-perf-to-ecr.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@05b148adc31e091bafbaf404f745055d4d3bc9d2 # v1 diff --git a/.github/workflows/release-helm.yaml b/.github/workflows/release-helm.yaml index 53e21dd159..180d60911a 100644 --- a/.github/workflows/release-helm.yaml +++ b/.github/workflows/release-helm.yaml @@ -14,7 +14,7 @@ jobs: contents: write # to push helm charts runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - uses: stefanprodan/helm-gh-pages@b43a8719cc63fdb3aa943cc57359ab19118eab3f with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 17720e1eb2..66d3d93f3a 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -23,7 +23,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0 with: persist-credentials: false diff --git a/.github/workflows/test-go.yaml b/.github/workflows/test-go.yaml index 0d1f5e478f..95a7a5d942 100644 --- a/.github/workflows/test-go.yaml +++ b/.github/workflows/test-go.yaml @@ -44,7 +44,7 @@ jobs: run: go install github.com/haveyoudebuggedit/gotestfmt/v2/cmd/gotestfmt@v2.3.2 - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Pre-starting dependencies here means they are ready to go when we need them. - name: Start Infra Dependencies diff --git a/.github/workflows/test-native-tooling-packaging.yml b/.github/workflows/test-native-tooling-packaging.yml index b5adc1f420..d5d111266c 100644 --- a/.github/workflows/test-native-tooling-packaging.yml +++ b/.github/workflows/test-native-tooling-packaging.yml @@ -41,7 +41,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: Install Go Dependencies run: make deps-go diff --git a/.github/workflows/test-packaging.yml b/.github/workflows/test-packaging.yml index d06bef8d18..2ef11d1bab 100644 --- a/.github/workflows/test-packaging.yml +++ b/.github/workflows/test-packaging.yml @@ -65,7 +65,7 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # It seems faster not to cache Go dependencies - name: Install Go Dependencies diff --git a/.github/workflows/test-website.yml b/.github/workflows/test-website.yml index 4441838b53..fd8ac96783 100644 --- a/.github/workflows/test-website.yml +++ b/.github/workflows/test-website.yml @@ -19,7 +19,7 @@ jobs: node-version: [14.x] steps: - - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Set the Node.js version - name: Use Node.js ${{ matrix.node-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 81b6bc044d..ccccdbd23e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,7 +44,7 @@ jobs: with: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 # Pre-starting dependencies here means they are ready to go when we need them. - name: Start Infra Dependencies @@ -124,7 +124,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: JS Dependency Cache id: js-cache @@ -154,7 +154,7 @@ jobs: steps: - name: Checkout Code - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2 - name: JS Dependency Cache id: js-cache diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index d64d06a68d..908d55be1d 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Clone repo - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - name: tfsec uses: tfsec/tfsec-sarif-action@5d34a982aa8927c5dd8566d25ef248d526aac1f4 diff --git a/.github/workflows/update-certs.yml b/.github/workflows/update-certs.yml index 05e5c95f57..374296987c 100644 --- a/.github/workflows/update-certs.yml +++ b/.github/workflows/update-certs.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v.24.0 + uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v.24.0 - name: Update certs