1 місяць тому · 8ed41dd693
--- a/.github/workflows/build-and-publish-develop.yml
+++ b/.github/workflows/build-and-publish-develop.yml
@@ -25,7 +25,7 @@ jobs:
 
				       packages: write
			
 
				     steps:
			
 
				       - name: Checkout Repo
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				       - name: Set SHA
			
 
				         id: sha
			
 
				         run: |
			
--- a/.github/workflows/build-and-publish-release.yml
+++ b/.github/workflows/build-and-publish-release.yml
@@ -65,7 +65,7 @@ jobs:
 
				           echo "BRANCH_NAME=v${RELEASE_VERSION%.*}" >> $GITHUB_OUTPUT
			
 
				 
			
 
				       - name: Checkout Repo
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           ref: '${{ steps.branch.outputs.BRANCH_NAME }}'
			
 
				 
			
--- a/.github/workflows/build-test-image.yml
+++ b/.github/workflows/build-test-image.yml
@@ -48,7 +48,7 @@ jobs:
 
				       packages: write
			
 
				     steps:
			
 
				       - name: Checkout Repo
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           ref: ${{ github.event.merge_group.head_sha || github.event.pull_request.head.sha }}
			
 
				       - name: Set SHA
			
--- a/.github/workflows/build-test.yaml
+++ b/.github/workflows/build-test.yaml
@@ -18,7 +18,7 @@ jobs:
 
				   validate-protobuf:
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: actions/checkout@v6
			
 
				+      - uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           path: ./
			
 
				       -
			
@@ -48,7 +48,7 @@ jobs:
 
				   backend:
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: actions/checkout@v6
			
 
				+      - uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           path: ./
			
 
				 
			
--- a/.github/workflows/format-check.yaml
+++ b/.github/workflows/format-check.yaml
@@ -14,7 +14,7 @@ jobs:
 
				   format-check:
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: actions/checkout@v6
			
 
				+      - uses: actions/checkout@v6.0.2
			
 
				 
			
 
				       - name: Install Go
			
 
				         uses: actions/setup-go@v6
			
--- a/.github/workflows/golangci-lint.yaml
+++ b/.github/workflows/golangci-lint.yaml
@@ -9,7 +9,7 @@ jobs:
 
				     name: lint
			
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				-      - uses: actions/checkout@v6
			
 
				+      - uses: actions/checkout@v6.0.2
			
 
				       - uses: actions/setup-go@v6
			
 
				         with:
			
 
				           go-version: stable
			
--- a/.github/workflows/integration-testing.yaml
+++ b/.github/workflows/integration-testing.yaml
@@ -67,7 +67,7 @@ jobs:
 
				             MAINBRANCH: ${{ steps.set_image_tags.outputs.mainbranch }}
			
 
				             passed: ${{ steps.wait_for_image_ready.outputs.passed }}
			
 
				         steps:
			
 
				-          - uses: actions/checkout@v6
			
 
				+          - uses: actions/checkout@v6.0.2
			
 
				             with:
			
 
				               ref: ${{ github.event.merge_group.head.sha || github.event.pull_request.head.sha || github.ref }}
			
 
				           - name: Set OC SHA
			
--- a/.github/workflows/promote-to-demo.yaml
+++ b/.github/workflows/promote-to-demo.yaml
@@ -19,7 +19,7 @@ jobs:
 
				       image_tag: ${{ steps.tags.outputs.IMAGE_TAG }}
			
 
				     steps:
			
 
				       - name: Checkout Repo
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				       - name: Set SHA
			
 
				         id: sha
			
 
				         run: |
			
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -34,7 +34,7 @@ jobs:
 
				     steps:
			
 
				       - name: Checkout Repo (for version detection)
			
 
				         if: github.event_name == 'workflow_run'
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           fetch-depth: 0
			
 
				 
			
@@ -80,7 +80,7 @@ jobs:
 
				 
			
 
				       - name: Checkout Repo
			
 
				         if: github.event_name != 'workflow_run'
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           ref: ${{ github.event_name != 'pull_request' && steps.branch.outputs.BRANCH_NAME || '' }}
			
 
				 
			
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -34,7 +34,7 @@ jobs:
 
				 
			
 
				     steps:
			
 
				       - name: "Checkout code"
			
 
				-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
			
 
				+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
			
 
				         with:
			
 
				           persist-credentials: false
			
 
				 
			
--- a/.github/workflows/sonar.yaml
+++ b/.github/workflows/sonar.yaml
@@ -27,7 +27,7 @@ jobs:
 
				           sha: ${{ github.event.workflow_run.head_sha }}
			
 
				           target_url: 'https://sonarcloud.io/dashboard?id=opencost_opencost'
			
 
				       - name: Checkout upstream repository
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				         with:
			
 
				           repository: opencost/opencost
			
 
				           ref: develop
			
--- a/.github/workflows/vulnerability-scan.yaml
+++ b/.github/workflows/vulnerability-scan.yaml
@@ -21,7 +21,7 @@ jobs:
 
				     runs-on: ubuntu-latest
			
 
				     steps:
			
 
				       - name: Checkout code
			
 
				-        uses: actions/checkout@v6
			
 
				+        uses: actions/checkout@v6.0.2
			
 
				 
			
 
				       - name: Install Trivy
			
 
				         run: |