diff --git a/.github/workflows/cid-ossf.yml b/.github/workflows/cid-ossf.yml index d3b71f1..8a7fa93 100644 --- a/.github/workflows/cid-ossf.yml +++ b/.github/workflows/cid-ossf.yml @@ -1,4 +1,4 @@ -# cid-workflow-version: 0.0.16 +# cid-workflow-version: 0.0.17 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! @@ -36,8 +36,9 @@ jobs: contents: read # required in private repos steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: block allowed-endpoints: >- @@ -67,7 +68,7 @@ jobs: tuf-repo-cdn.sigstore.dev:443 api.securityscorecards.dev:443 - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false - name: OSSF Analysis diff --git a/.github/workflows/cid-pullrequest.yml b/.github/workflows/cid-pullrequest.yml index 35b7ae0..29621fc 100644 --- a/.github/workflows/cid-pullrequest.yml +++ b/.github/workflows/cid-pullrequest.yml @@ -1,4 +1,4 @@ -# cid-workflow-version: 0.0.16 +# cid-workflow-version: 0.0.17 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! @@ -98,8 +98,9 @@ jobs: if: ${{ github.event.inputs.loglevel == 'debug' }} steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} @@ -108,7 +109,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: info @@ -130,8 +131,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }} @@ -140,7 +142,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: build @@ -164,8 +166,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }} @@ -174,7 +177,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: test @@ -200,8 +203,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }} @@ -210,7 +214,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > build diff --git a/.github/workflows/cid.yml b/.github/workflows/cid.yml index f873b0b..e21c340 100644 --- a/.github/workflows/cid.yml +++ b/.github/workflows/cid.yml @@ -1,4 +1,4 @@ -# cid-workflow-version: 0.0.16 +# cid-workflow-version: 0.0.17 # This file is generated by the CID Workflow GitHub App. # DO NOT EDIT! @@ -100,8 +100,9 @@ jobs: if: ${{ github.event.inputs.loglevel == 'debug' }} steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} @@ -110,7 +111,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: info @@ -132,8 +133,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_BUILD }} @@ -142,7 +144,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: build @@ -166,8 +168,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_TEST }} @@ -176,7 +179,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: test @@ -202,8 +205,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_SCAN }} @@ -212,7 +216,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > build @@ -248,8 +252,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PACKAGE }} @@ -258,7 +263,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > build @@ -294,8 +299,9 @@ jobs: timeout-minutes: 30 steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 with: + disable-telemetry: true disable-sudo: true egress-policy: ${{ env.EGRESS_POLICY }} allowed-endpoints: ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS }} ${{ env.EGRESS_POLICY_ALLOWED_ENDPOINTS_PUBLISH }} @@ -304,7 +310,7 @@ jobs: with: version: ${{ env.CID_VERSION }} - name: checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: download artifacts > package