diff --git a/.github/workflows/deps-renovate.yaml b/.github/workflows/deps-renovate.yaml index d19efb0..581f268 100644 --- a/.github/workflows/deps-renovate.yaml +++ b/.github/workflows/deps-renovate.yaml @@ -16,6 +16,6 @@ jobs: steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 - name: Validate renovate config - uses: docker://renovate/renovate@sha256:41d720418a752ca2de69effe8b3fa37c05a9eb77ab0976036a3d3fc7e63489e5 + uses: docker://renovate/renovate:slim@sha256:8ab175d0e799f6d0851c3b079994e9ed313bf9892425eb6448aaa47ad44be727 with: args: renovate-config-validator diff --git a/.github/workflows/sec-codeql.yml b/.github/workflows/sec-codeql.yml index ab32b63..0171fef 100644 --- a/.github/workflows/sec-codeql.yml +++ b/.github/workflows/sec-codeql.yml @@ -23,6 +23,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 + with: + go-version: '1.21' + cache: false - name: Setup Golang Caches uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 with: diff --git a/.github/workflows/sec-scorecard.yml b/.github/workflows/sec-scorecard.yml index 183effd..7039d6a 100644 --- a/.github/workflows/sec-scorecard.yml +++ b/.github/workflows/sec-scorecard.yml @@ -1,7 +1,3 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - name: Security - Scorecard on: # For Branch-Protection check. Only the default branch is supported. See @@ -35,6 +31,7 @@ jobs: uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 with: persist-credentials: false + repo-token: ${{ secrets.SCORECARD_TOKEN }} - name: "Run analysis" uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0