chore: tidy up ci workflows

DevOpsHiveHQ · Sep 11, 2023 · caf3a14 · caf3a14
1 parent 6985710
commit caf3a14
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 11 deletions.
diff --git a/.github/workflows/deps-renovate.yaml b/.github/workflows/deps-renovate.yaml
@@ -16,6 +16,6 @@ jobs:
     steps:
     - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
     - name: Validate renovate config
-      uses: docker://renovate/renovate@sha256:41d720418a752ca2de69effe8b3fa37c05a9eb77ab0976036a3d3fc7e63489e5
+      uses: docker://renovate/renovate:slim@sha256:8ab175d0e799f6d0851c3b079994e9ed313bf9892425eb6448aaa47ad44be727
       with:
         args: renovate-config-validator
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
@@ -43,7 +43,7 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-go-
     - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4
+      uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5
       with:
         distribution: goreleaser
         version: latest

diff --git a/.github/workflows/go-release.yml b/.github/workflows/go-release.yml
@@ -31,7 +31,7 @@ jobs:
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
     - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4
+      uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:

diff --git a/.github/workflows/sec-codeql.yml b/.github/workflows/sec-codeql.yml
@@ -23,6 +23,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+    - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4
+      with:
+        go-version: '1.21'
+        cache: false
     - name: Setup Golang Caches
       uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
       with:

diff --git a/.github/workflows/sec-scorecard.yml b/.github/workflows/sec-scorecard.yml
@@ -1,18 +1,11 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
 name: Security - Scorecard
 on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
   branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
     - cron: '38 3 * * 2'
   push:
     branches: [ "main" ]
+  workflow_dispatch:
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -55,6 +48,7 @@ jobs:
           #   - `publish_results` will always be set to `false`, regardless
           #     of the value entered here.
           publish_results: true
+          repo_token: ${{ secrets.SCORECARD_TOKEN }}
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.