Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC-090: Automated trusted workflow pinning (2024-08-19) #1028

Merged
merged 2 commits into from
Aug 20, 2024
Merged

SEC-090: Automated trusted workflow pinning (2024-08-19) #1028

merged 2 commits into from
Aug 20, 2024

Conversation

hashicorp-tsccr[bot]
Copy link
Contributor

Bumping GitHub Actions version to latest TSCCR release.

  • changes in .github/workflows/ci-go.yml
    • bump actions/upload-artifact from v4.3.5 to v4.3.6 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/10448059344

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team as a code owner August 19, 2024 06:07
@hashicorp-tsccr hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Aug 19, 2024
@SBGoods SBGoods self-assigned this Aug 19, 2024
@SBGoods SBGoods merged commit b9d3f14 into main Aug 20, 2024
30 checks passed
@SBGoods SBGoods deleted the tsccr-auto-pinning/trusted/2024-08-19 branch August 20, 2024 20:00
austinvalle pushed a commit that referenced this pull request Sep 17, 2024
@hashicorp-tsccr @SBGoods @austinvalle
SEC-090: Automated trusted workflow pinning (2024-08-19) (#1028)
600f87d 
* Result of tsccr-helper -log-level=info gha update -latest .

* Resolve linter errors and warnings

---------

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <[email protected]>
austinvalle added a commit that referenced this pull request Sep 17, 2024
@austinvalle @hashicorp-tsccr
@SBGoods @dependabot @hc-github-team-tf-provider-devex
docs: Miscellaneous doc fixes in attribute + unit tests (#1027)
7076cca 
* fix and uncomment custom type tests

* fix comments on nested attributes

* add new attribute types to package docs

* fix map docs

* fix linting errors

* SEC-090: Automated trusted workflow pinning (2024-08-19) (#1028)

* Result of tsccr-helper -log-level=info gha update -latest .

* Resolve linter errors and warnings

---------

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <[email protected]>

* build(deps): Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#1029)

Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@651471c...b9cd54a)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Result of tsccr-helper -log-level=info gha update -latest . (#1034)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>

* all: Bump minimum Go module version to 1.22 (#1033)

* all: Bump minimum Go module version to 1.22.7

* add changelog

* back to 1.22.0

* [CI] Update lock workflow file

* [CI] Update issue comment triage workflow file

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: hashicorp-tsccr[bot] <129506189+hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Service Account - Terraform Provider DevEx <100357958+hc-github-team-tf-provider-devex@users.noreply.github.com>
austinvalle added a commit that referenced this pull request Sep 17, 2024
@austinvalle @hashicorp-tsccr
@SBGoods @dependabot @hc-github-team-tf-provider-devex
docs: Miscellaneous doc fixes in attribute + unit tests (#1027)
05c4f7b 
* fix and uncomment custom type tests

* fix comments on nested attributes

* add new attribute types to package docs

* fix map docs

* fix linting errors

* SEC-090: Automated trusted workflow pinning (2024-08-19) (#1028)

* Result of tsccr-helper -log-level=info gha update -latest .

* Resolve linter errors and warnings

---------

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <[email protected]>

* build(deps): Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#1029)

Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@651471c...b9cd54a)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Result of tsccr-helper -log-level=info gha update -latest . (#1034)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>

* all: Bump minimum Go module version to 1.22 (#1033)

* all: Bump minimum Go module version to 1.22.7

* add changelog

* back to 1.22.0

* [CI] Update lock workflow file

* [CI] Update issue comment triage workflow file

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: hashicorp-tsccr[bot] <129506189+hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Service Account - Terraform Provider DevEx <100357958+hc-github-team-tf-provider-devex@users.noreply.github.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@SBGoods SBGoods SBGoods approved these changes

Assignees

@SBGoods SBGoods

Labels
SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@SBGoods