From 5944e4cf2a520f44e8286f6c65bcf20736d47a38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 2 Oct 2024 05:25:44 -0700 Subject: [PATCH] Bump the github-actions group with 3 updates Bumps the github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [bazelbuild/continuous-integration](https://github.com/bazelbuild/continuous-integration) and [github/codeql-action](https://github.com/github/codeql-action). Closes #23820. PiperOrigin-RevId: 681412302 Change-Id: I06837d15c72c2c337760b5b8e30d1773fc81fcf7 --- .github/workflows/cherry-picker.yml | 12 ++++++------ .github/workflows/issue-labeler.yml | 2 +- .github/workflows/labeler.yml | 2 +- .github/workflows/release-helper.yml | 4 ++-- .github/workflows/remove-labels.yml | 2 +- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/stale.yml | 2 +- .github/workflows/update-lockfiles.yml | 4 ++-- 8 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cherry-picker.yml b/.github/workflows/cherry-picker.yml index 04ed7d1aa78c98..3d7a970346d4c4 100644 --- a/.github/workflows/cherry-picker.yml +++ b/.github/workflows/cherry-picker.yml @@ -19,19 +19,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 with: egress-policy: audit - if: github.event.pull_request name: Run cherrypicker on closed PR - uses: bazelbuild/continuous-integration/actions/cherry_picker@40accd1e24b7d296e87b573002ed0903828c0cf0 + uses: bazelbuild/continuous-integration/actions/cherry_picker@312ab25f6994b2fac89dc6910b3ebd6cb93cfa74 with: triggered-on: closed pr-number: ${{ github.event.number }} is-prod: True - if: github.event.issue name: Run cherrypicker on closed issue - uses: bazelbuild/continuous-integration/actions/cherry_picker@40accd1e24b7d296e87b573002ed0903828c0cf0 + uses: bazelbuild/continuous-integration/actions/cherry_picker@312ab25f6994b2fac89dc6910b3ebd6cb93cfa74 with: triggered-on: closed pr-number: ${{ github.event.issue.number }} @@ -41,12 +41,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 with: egress-policy: audit - if: startsWith(github.event.issue.body, 'Forked from') name: Run cherrypicker on comment - uses: bazelbuild/continuous-integration/actions/cherry_picker@40accd1e24b7d296e87b573002ed0903828c0cf0 + uses: bazelbuild/continuous-integration/actions/cherry_picker@312ab25f6994b2fac89dc6910b3ebd6cb93cfa74 with: triggered-on: commented pr-number: ${{ github.event.issue.body }} @@ -55,7 +55,7 @@ jobs: is-prod: True - if: startsWith(github.event.issue.body, '### Commit IDs') name: Run cherrypicker on demand - uses: bazelbuild/continuous-integration/actions/cherry_picker@40accd1e24b7d296e87b573002ed0903828c0cf0 + uses: bazelbuild/continuous-integration/actions/cherry_picker@312ab25f6994b2fac89dc6910b3ebd6cb93cfa74 with: triggered-on: ondemand milestone-title: ${{ github.event.milestone.title }} diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml index 69723743da237f..097d0d025b2384 100644 --- a/.github/workflows/issue-labeler.yml +++ b/.github/workflows/issue-labeler.yml @@ -19,7 +19,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index c6d998d1a4e04b..454567aafb6911 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/release-helper.yml b/.github/workflows/release-helper.yml index 5622d625622d81..acfc9eeeb82d98 100644 --- a/.github/workflows/release-helper.yml +++ b/.github/workflows/release-helper.yml @@ -13,11 +13,11 @@ jobs: issues: write steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit - name: Run helper - uses: bazelbuild/continuous-integration/actions/release-helper@40accd1e24b7d296e87b573002ed0903828c0cf0 # master + uses: bazelbuild/continuous-integration/actions/release-helper@312ab25f6994b2fac89dc6910b3ebd6cb93cfa74 # master with: token: ${{ secrets.BAZEL_IO_TOKEN }} diff --git a/.github/workflows/remove-labels.yml b/.github/workflows/remove-labels.yml index 4302bee9f7a876..1c1880d317c084 100644 --- a/.github/workflows/remove-labels.yml +++ b/.github/workflows/remove-labels.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b09c5e2428d8ea..f919e6d2714929 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit @@ -72,6 +72,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 36c74ca83ea005..d04d06efc3e725 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: egress-policy: audit diff --git a/.github/workflows/update-lockfiles.yml b/.github/workflows/update-lockfiles.yml index d1c18fe15717b3..b4fb999d6127d9 100644 --- a/.github/workflows/update-lockfiles.yml +++ b/.github/workflows/update-lockfiles.yml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 with: egress-policy: audit - name: Update lockfile(s) on closed PR - uses: bazelbuild/continuous-integration/actions/update-lockfile@40accd1e24b7d296e87b573002ed0903828c0cf0 + uses: bazelbuild/continuous-integration/actions/update-lockfile@312ab25f6994b2fac89dc6910b3ebd6cb93cfa74 with: release-branch: ${{ github.base_ref }} is-prod: True