Merge pull request #1094 from hashicorp/tsccr-auto-pinning/trusted/20…

…24-10-14 SEC-090: Automated trusted workflow pinning (2024-10-14)
hashicorp · Oct 16, 2024 · 65c18a6 · 65c18a6
2 parents 233faa2 + 186a08d
commit 65c18a6
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 6 deletions.
diff --git a/.github/workflows/automation-open-pull-request.yaml b/.github/workflows/automation-open-pull-request.yaml
@@ -8,7 +8,7 @@ jobs:
   open-pull-request:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: "open a pull request"
         id: open-pr

diff --git a/.github/workflows/automation-release.yaml b/.github/workflows/automation-release.yaml
@@ -17,7 +17,7 @@ jobs:
       latest_tag: ${{ steps.version-number.outputs.latest_tag }}
       should_update_azurerm: ${{ steps.results.outputs.should_update_azurerm }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:
@@ -53,7 +53,7 @@ jobs:
     outputs:
       has_changes_to_push: ${{ steps.update-azurerm-provider.outputs.has_changes_to_push }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           fetch-depth: 0
 

diff --git a/.github/workflows/pr-acceptance-tests.yml b/.github/workflows/pr-acceptance-tests.yml
@@ -33,7 +33,7 @@ jobs:
     if: needs.secrets-check.outputs.available == 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - name: Azure CLI login
         run: az login --allow-no-subscriptions --output none --service-principal --tenant="${{ secrets.ARM_TENANT_ID }}" --username="${{ secrets.ARM_CLIENT_ID }}" --password="${{ secrets.ARM_CLIENT_SECRET }}"

diff --git a/.github/workflows/pr-unit-tests.yaml b/.github/workflows/pr-unit-tests.yaml
@@ -8,7 +8,7 @@ jobs:
   unit-test:
     runs-on: custom-linux-medium
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with:

diff --git a/.github/workflows/pr-validate-go-get.yaml b/.github/workflows/pr-validate-go-get.yaml
@@ -8,7 +8,7 @@ jobs:
   validate-go-get:
     runs-on: custom-linux-medium
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
       - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
         with: