No public description PiperOrigin-RevId: 662810917 Change-Id: I085f3589a7b227abad9934535158f150383f7460
diff --git a/.github/workflows/cherry-picker.yml b/.github/workflows/cherry-picker.yml index c31f00a..8f056c8 100644 --- a/.github/workflows/cherry-picker.yml +++ b/.github/workflows/cherry-picker.yml
@@ -18,19 +18,19 @@ runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - if: github.event.pull_request name: Run cherrypicker on closed PR - uses: bazelbuild/continuous-integration/actions/cherry_picker@ee5ea988681e086afabfe6677eef2dc1292f6b9d + uses: bazelbuild/continuous-integration/actions/cherry_picker@53aaadea332e5840d41a1173e78680b3ca7081a0 with: triggered-on: closed pr-number: ${{ github.event.number }} is-prod: True - if: github.event.issue name: Run cherrypicker on closed issue - uses: bazelbuild/continuous-integration/actions/cherry_picker@ee5ea988681e086afabfe6677eef2dc1292f6b9d + uses: bazelbuild/continuous-integration/actions/cherry_picker@53aaadea332e5840d41a1173e78680b3ca7081a0 with: triggered-on: closed pr-number: ${{ github.event.issue.number }} @@ -40,12 +40,12 @@ runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - if: startsWith(github.event.issue.body, 'Forked from') name: Run cherrypicker on comment - uses: bazelbuild/continuous-integration/actions/cherry_picker@ee5ea988681e086afabfe6677eef2dc1292f6b9d + uses: bazelbuild/continuous-integration/actions/cherry_picker@53aaadea332e5840d41a1173e78680b3ca7081a0 with: triggered-on: commented pr-number: ${{ github.event.issue.body }} @@ -54,7 +54,7 @@ is-prod: True - if: startsWith(github.event.issue.body, '### Commit IDs') name: Run cherrypicker on demand - uses: bazelbuild/continuous-integration/actions/cherry_picker@ee5ea988681e086afabfe6677eef2dc1292f6b9d + uses: bazelbuild/continuous-integration/actions/cherry_picker@53aaadea332e5840d41a1173e78680b3ca7081a0 with: triggered-on: ondemand milestone-title: ${{ github.event.milestone.title }}
diff --git a/.github/workflows/issue-labeler.yml b/.github/workflows/issue-labeler.yml index bb32c82..46fa46a 100644 --- a/.github/workflows/issue-labeler.yml +++ b/.github/workflows/issue-labeler.yml
@@ -19,7 +19,7 @@ steps: - uses: actions/checkout@v4 - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 26ad422..8ccf68b 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml
@@ -15,7 +15,7 @@ runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit
diff --git a/.github/workflows/release-helper.yml b/.github/workflows/release-helper.yml index 82f9a68..2e59019 100644 --- a/.github/workflows/release-helper.yml +++ b/.github/workflows/release-helper.yml
@@ -13,11 +13,11 @@ issues: write steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit - name: Run helper - uses: bazelbuild/continuous-integration/actions/release-helper@ee5ea988681e086afabfe6677eef2dc1292f6b9d # master + uses: bazelbuild/continuous-integration/actions/release-helper@53aaadea332e5840d41a1173e78680b3ca7081a0 # master with: token: ${{ secrets.BAZEL_IO_TOKEN }}
diff --git a/.github/workflows/remove-labels.yml b/.github/workflows/remove-labels.yml index c8dd206..48bd280 100644 --- a/.github/workflows/remove-labels.yml +++ b/.github/workflows/remove-labels.yml
@@ -14,7 +14,7 @@ runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 5f8ee82..7855543 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml
@@ -32,7 +32,7 @@ steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit @@ -42,7 +42,7 @@ persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -64,7 +64,7 @@ # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif @@ -72,6 +72,6 @@ # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index e12d026..c0bd28a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml
@@ -23,7 +23,7 @@ steps: - name: Harden Runner - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 with: egress-policy: audit
diff --git a/.github/workflows/update-lockfiles.yml b/.github/workflows/update-lockfiles.yml index 3a61fbf..81e8087 100644 --- a/.github/workflows/update-lockfiles.yml +++ b/.github/workflows/update-lockfiles.yml
@@ -18,11 +18,11 @@ runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 + uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c with: egress-policy: audit - name: Update lockfile(s) on closed PR - uses: bazelbuild/continuous-integration/actions/update-lockfile@122ce87694d0dd505a019321a04f8e64378bddbd + uses: bazelbuild/continuous-integration/actions/update-lockfile@53aaadea332e5840d41a1173e78680b3ca7081a0 with: release-branch: ${{ github.base_ref }} is-prod: True