diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 1f36ef6b3..3fb323db4 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -29,7 +29,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false diff --git a/.github/workflows/agentics-maintenance.yml b/.github/workflows/agentics-maintenance.yml index ea31ab4ad..f45c68071 100644 --- a/.github/workflows/agentics-maintenance.yml +++ b/.github/workflows/agentics-maintenance.yml @@ -156,7 +156,7 @@ jobs: operation: ${{ steps.record.outputs.operation }} steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -245,7 +245,7 @@ jobs: run_url: ${{ steps.record.outputs.run_url }} steps: - name: Checkout actions folder - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: sparse-checkout: | actions @@ -291,7 +291,7 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -337,7 +337,7 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -363,7 +363,7 @@ jobs: - name: Restore activity report logs cache id: activity_report_logs_cache - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: ./.cache/gh-aw/activity-report-logs key: ${{ runner.os }}-activity-report-logs-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_id }} @@ -387,7 +387,7 @@ jobs: - name: Save activity report logs cache if: ${{ always() }} - uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/save@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: ./.cache/gh-aw/activity-report-logs key: ${{ steps.activity_report_logs_cache.outputs.cache-primary-key }} @@ -442,7 +442,7 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -468,7 +468,7 @@ jobs: - name: Restore forecast report logs cache id: forecast_report_logs_cache - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: ./.github/aw/logs key: ${{ runner.os }}-forecast-report-logs-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_id }} @@ -514,7 +514,7 @@ jobs: - name: Save forecast report logs cache if: ${{ always() }} - uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/save@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0 with: path: ./.github/aw/logs key: ${{ runner.os }}-forecast-report-logs-${{ github.repository }}-${{ github.ref_name }}-${{ github.run_id }} @@ -571,7 +571,7 @@ jobs: issues: write steps: - name: Checkout repository - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false diff --git a/.github/workflows/codeowners-folder-validation.yml b/.github/workflows/codeowners-folder-validation.yml index 26c4fb76d..eab36a6b9 100644 --- a/.github/workflows/codeowners-folder-validation.yml +++ b/.github/workflows/codeowners-folder-validation.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false diff --git a/.github/workflows/evaluation.yml b/.github/workflows/evaluation.yml index a959ec5c6..23353ca93 100644 --- a/.github/workflows/evaluation.yml +++ b/.github/workflows/evaluation.yml @@ -111,7 +111,7 @@ jobs: statuses: write steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: fetch-depth: 0 persist-credentials: false @@ -176,7 +176,7 @@ jobs: statuses: write steps: - name: Checkout base branch - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: ref: ${{ github.event.pull_request.base.sha }} fetch-depth: 0 @@ -427,7 +427,7 @@ jobs: - name: Checkout repository if: github.event_name != 'schedule' || steps.check-changes.outputs.has_changes == 'true' || github.event_name == 'workflow_dispatch' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: fetch-depth: 0 persist-credentials: false @@ -631,7 +631,7 @@ jobs: # changes are tested. For fork PRs (untrusted), always build from the # base branch to prevent untrusted code from modifying tooling. - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: ref: ${{ needs.gate.outputs.is_fork != 'true' && needs.gate.outputs.head_sha || '' }} persist-credentials: false @@ -642,14 +642,14 @@ jobs: - name: Cache validator archive id: cache-validator - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v4 with: path: skill-validator-dist.tar.gz key: ${{ steps.compute-key.outputs.cache-key }} - name: Setup .NET SDK if: steps.cache-validator.outputs.cache-hit != 'true' - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json @@ -689,19 +689,19 @@ jobs: steps: - name: Checkout skills content - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: ref: ${{ needs.gate.outputs.head_sha || '' }} persist-credentials: false - name: Setup .NET SDK - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json - name: Restore cached validator id: cache-validator - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 + uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v4 with: path: skill-validator-dist.tar.gz key: ${{ needs.build-validator.outputs.cache-key }} @@ -890,7 +890,7 @@ jobs: - name: Restore cached validator if: needs.evaluate.result != 'skipped' id: cache-validator - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 + uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v4 with: path: skill-validator-dist.tar.gz key: ${{ needs.build-validator.outputs.cache-key }} @@ -1092,7 +1092,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false @@ -1225,7 +1225,7 @@ jobs: cancel-in-progress: false steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false @@ -1335,7 +1335,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false @@ -1505,7 +1505,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository (for dashboard UI files) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false @@ -1559,7 +1559,7 @@ jobs: - name: Build AGENTVIZ SPA if: steps.check-replay.outputs.skip != 'true' - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v4 id: agentviz-cache with: path: /tmp/agentviz-dist diff --git a/.github/workflows/gh-aw-upgrade.yml b/.github/workflows/gh-aw-upgrade.yml index 12b9f3b3a..44532e137 100644 --- a/.github/workflows/gh-aw-upgrade.yml +++ b/.github/workflows/gh-aw-upgrade.yml @@ -13,7 +13,7 @@ jobs: upgrade: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Install gh-aw CLI run: curl -sL https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh | bash diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index aa97b4e5e..cc2d01af3 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/pr-triage.yml b/.github/workflows/pr-triage.yml index 80ea0c095..fcf5ecfb7 100644 --- a/.github/workflows/pr-triage.yml +++ b/.github/workflows/pr-triage.yml @@ -56,7 +56,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout scripts and CODEOWNERS - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false fetch-depth: 1 diff --git a/.github/workflows/skill-check.yml b/.github/workflows/skill-check.yml index c44482677..ae4a6b0e3 100644 --- a/.github/workflows/skill-check.yml +++ b/.github/workflows/skill-check.yml @@ -15,20 +15,20 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false - name: Cache validator archive id: cache-validator - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4 + uses: actions/cache@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v4 with: path: skill-validator-dist.tar.gz key: skill-validator-${{ runner.os }}-${{ hashFiles('eng/skill-validator/src/**', 'eng/skill-validator/Directory.Build.props', 'global.json') }} - name: Setup .NET SDK if: steps.cache-validator.outputs.cache-hit != 'true' - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json diff --git a/.github/workflows/skill-coverage.yml b/.github/workflows/skill-coverage.yml index 6c83fa31c..e85f6fd0f 100644 --- a/.github/workflows/skill-coverage.yml +++ b/.github/workflows/skill-coverage.yml @@ -112,7 +112,7 @@ jobs: # Checkout the default branch for trusted tooling (Measure-SkillCoverage.ps1), # then fetch the PR head into a separate worktree so untrusted code is never executed. - name: Checkout base branch (trusted tooling) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false diff --git a/.github/workflows/skill-validator.yml b/.github/workflows/skill-validator.yml index 4a63fb267..77407b2db 100644 --- a/.github/workflows/skill-validator.yml +++ b/.github/workflows/skill-validator.yml @@ -26,7 +26,7 @@ jobs: outputs: has_changes: ${{ steps.check.outputs.has_changes }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: fetch-depth: 0 @@ -73,10 +73,10 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: false - - uses: actions/setup-dotnet@c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7 # v5 + - uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5 with: global-json-file: global.json @@ -148,7 +148,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: persist-credentials: true diff --git a/.github/workflows/vally-evaluation.yml b/.github/workflows/vally-evaluation.yml index 25ab1e67f..900de80af 100644 --- a/.github/workflows/vally-evaluation.yml +++ b/.github/workflows/vally-evaluation.yml @@ -77,7 +77,7 @@ jobs: steps: - name: Checkout skills content - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: ref: ${{ inputs.head_sha || '' }} persist-credentials: false