diff --git a/.github/workflows/custom-test.yml b/.github/workflows/custom-test.yml index 07ff8d0a..9b457af3 100644 --- a/.github/workflows/custom-test.yml +++ b/.github/workflows/custom-test.yml @@ -19,7 +19,7 @@ jobs: sigstore-python: runs-on: ubuntu-latest steps: - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: '3.11' @@ -42,7 +42,7 @@ jobs: python -m sigstore verify github --cert-identity $IDENTITY --bundle artifact.sigstore.json artifact - name: Upload the bundle for other clients to verify - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: bundle path: artifact.sigstore.json diff --git a/.github/workflows/deploy-to-gcs.yml b/.github/workflows/deploy-to-gcs.yml index e9596b60..228de963 100644 --- a/.github/workflows/deploy-to-gcs.yml +++ b/.github/workflows/deploy-to-gcs.yml @@ -23,7 +23,7 @@ jobs: tar --directory repository -xvf artifact.tar # NOTE: This gcloud project/account is NOT the tuf-on-ci online signing account - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5 with: token_format: access_token workload_identity_provider: projects/306323169285/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ef563fbd..868e4a83 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,7 +25,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 + uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.8 - env: