diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index e2523aa..488ede1 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: Upload artifact - uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33 # v3.26.6 with: sarif_file: results.sarif diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml index f7f3bd9..fb35afd 100644 --- a/.github/workflows/terraform-docs.yaml +++ b/.github/workflows/terraform-docs.yaml @@ -53,7 +53,7 @@ jobs: - name: Push verified commit if: ${{ steps.terraform-docs.outputs.num_changed != 0 }} id: push-with-sig - uses: planetscale/ghcommit-action@v0.1.6 + uses: planetscale/ghcommit-action@c7915d6c18d5ce4eb42b0eff3f10a29fe0766e4c # v0.1.44 with: commit_message: "docs(terraform): Update ${{ env.TF_DOCS_FILE }}" repo: ${{ github.repository }} diff --git a/commitlint.config.js b/commitlint.config.js index 5345a6f..56aa7ac 100644 --- a/commitlint.config.js +++ b/commitlint.config.js @@ -18,6 +18,7 @@ module.exports = { "get-workflow-token", "lint", "pr-title", + "security", "scorecard", "release", "terraform-docs",