diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1779575..2c60032 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -137,7 +137,7 @@ jobs: - name: Set up Docker Buildx if: ${{ steps.check_image.outputs.php_versions != ''}} - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Create variants matrix if: ${{ steps.check_image.outputs.php_versions != ''}} @@ -186,11 +186,11 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Login to GHCR if: github.event_name != 'pull_request' - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -226,7 +226,7 @@ jobs: - name: Build images and push id: bake - uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0 + uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0 with: targets: ${{ steps.bake_args.outputs.targets }} provenance: true @@ -294,10 +294,10 @@ jobs: run: ls -R /tmp/digest - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Login to GHCR - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 0456792..abcf6d1 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -42,7 +42,7 @@ jobs: - ghcr.io/toshy/php:8.5-fpm-trixie-otel-grpc-ffmpeg steps: - name: Scan for vulnerabilities - uses: crazy-max/ghaction-container-scan@a0a3900b79d158c85ccf034e5368fae620a9233a # v4.0.0 + uses: crazy-max/ghaction-container-scan@ffcba8deb5cb3531954cbedbbcd0179d79edf510 # v4.1.0 with: image: ${{ matrix.image }} severity_threshold: CRITICAL