diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 147e8ad8..b06e095b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ jobs: run: echo "VERSION=${GITHUB_REF##*/}" >> "${GITHUB_OUTPUT}" - name: Generate man page - uses: docker://pandoc/core:2.14.2 + uses: docker://pandoc/core:2.14.2@sha256:04e127c6642a2b9d447c26fe0ac6a5932efa8f508eda9f07da51b6e621dd7c19 id: gen-man-page with: args: >- @@ -43,12 +43,12 @@ jobs: man.md - name: Install cosign - uses: sigstore/cosign-installer@v3 + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Cross compile run: | sudo apt-get install rhash -y - go install github.com/goreleaser/goreleaser/v2@latest + go install github.com/goreleaser/goreleaser/v2@v2.16.0 ./scripts/xcompile.sh - name: Sign checksums diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 1037c73f..7dc69bda 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -73,6 +73,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: sarif_file: results.sarif diff --git a/Dockerfile.dev b/Dockerfile.dev index 04f17d41..072120df 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -2,7 +2,7 @@ FROM golang:1.26.4@sha256:68cb6d68bed024785b69195b89af7ac7a444f27791435f98647edf RUN apt-get update && \ apt-get install -y npm && \ - npm install -g npx cspell@latest + npm install -g npx cspell@10.0.1 COPY scripts/devtools.sh /opt/devtools.sh diff --git a/cspell.config.yaml b/cspell.config.yaml index 99ef61e1..38a78c2a 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -1,5 +1,5 @@ --- -$schema: https://raw.githubusercontent.com/streetsidesoftware/cspell/main/cspell.schema.json +$schema: https://raw.githubusercontent.com/streetsidesoftware/cspell/0f43abf29e5da0ecbcb08214055cdc1e3267c3ea/cspell.schema.json version: '0.2' language: en-GB dictionaryDefinitions: diff --git a/release_instructions.txt b/release_instructions.txt index c220ae28..9d919b4d 100644 --- a/release_instructions.txt +++ b/release_instructions.txt @@ -23,7 +23,7 @@ // release artifacts are signed with cosign keyless signing (Sigstore) // users can verify with: // cosign verify-blob --bundle checksums.bundle checksums -// install cosign: brew install cosign OR go install github.com/sigstore/cosign/v2/cmd/cosign@latest +// install cosign: brew install cosign OR go install github.com/sigstore/cosign/v2/cmd/cosign@v2.6.1 - snapcraft diff --git a/scripts/devtools.sh b/scripts/devtools.sh index 970516dd..31567023 100755 --- a/scripts/devtools.sh +++ b/scripts/devtools.sh @@ -1,5 +1,5 @@ #!/bin/sh set -ex -go mod download golang.org/x/tools@latest +go mod download golang.org/x/tools@v0.44.0 curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/6008b81b81c690c046ffc3fd5bce896da715d5fd/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.11.3 curl -sSfL https://raw.githubusercontent.com/securego/gosec/424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f/install.sh | sh -s v2.22.11 \ No newline at end of file diff --git a/scripts/xcompile.sh b/scripts/xcompile.sh index 44df9f30..efada51e 100755 --- a/scripts/xcompile.sh +++ b/scripts/xcompile.sh @@ -2,7 +2,7 @@ set -eo pipefail -# You may need to go install github.com/goreleaser/goreleaser/v2@latest first +# You may need to go install github.com/goreleaser/goreleaser/v2@v2.16.0 first GORELEASER="goreleaser build --clean" if [ -z "$CI" ] || [[ "${GITHUB_REF_NAME:-}" == draft-* ]]; then GORELEASER+=" --snapshot"