diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index db0e55a..04c6911 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -25,4 +25,4 @@ permissions: jobs: ci: - uses: cplieger/ci/.github/workflows/ci.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 + uses: cplieger/ci/.github/workflows/ci.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 43cc61a..0ee6eb2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,4 +16,4 @@ jobs: security-events: write contents: read actions: read - uses: cplieger/ci/.github/workflows/codeql.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 + uses: cplieger/ci/.github/workflows/codeql.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 85cc272..09e0eba 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -27,4 +27,4 @@ jobs: # NOTE: pin this @SHA to the ci release tag that first contains # coverage.yaml when cutting that tag (see ci.md "Updating and propagating"). # Renovate then tracks the `# v2` comment and bumps the digest thereafter. - uses: cplieger/ci/.github/workflows/coverage.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 + uses: cplieger/ci/.github/workflows/coverage.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 203d4c6..7273f10 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ jobs: id-token: write attestations: write security-events: write - uses: cplieger/ci/.github/workflows/release.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 + uses: cplieger/ci/.github/workflows/release.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 # Forward only the two Docker Hub publish credentials the reusable pipeline # actually declares and consumes, rather than `secrets: inherit` (which # exposes every repo secret to the reusable-workflow trust boundary). Both diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index de8ccad..55a74f1 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,4 +22,4 @@ jobs: permissions: contents: read security-events: write - uses: cplieger/ci/.github/workflows/security-scan.yaml@7230bd68a8fc108425117e3f9a0462bb89f40644 # v2 + uses: cplieger/ci/.github/workflows/security-scan.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2