diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 04c6911..d85ea67 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -25,4 +25,4 @@ permissions: jobs: ci: - uses: cplieger/ci/.github/workflows/ci.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/ci.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0ee6eb2..04f96d9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,4 +16,4 @@ jobs: security-events: write contents: read actions: read - uses: cplieger/ci/.github/workflows/codeql.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/codeql.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 09e0eba..c2707da 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -27,4 +27,4 @@ jobs: # NOTE: pin this @SHA to the ci release tag that first contains # coverage.yaml when cutting that tag (see ci.md "Updating and propagating"). # Renovate then tracks the `# v2` comment and bumps the digest thereafter. - uses: cplieger/ci/.github/workflows/coverage.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/coverage.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7273f10..05a877f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -34,7 +34,7 @@ jobs: id-token: write attestations: write security-events: write - uses: cplieger/ci/.github/workflows/release.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/release.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2 # Forward only the two Docker Hub publish credentials the reusable pipeline # actually declares and consumes, rather than `secrets: inherit` (which # exposes every repo secret to the reusable-workflow trust boundary). Both diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 55a74f1..ef593e6 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -22,4 +22,4 @@ jobs: permissions: contents: read security-events: write - uses: cplieger/ci/.github/workflows/security-scan.yaml@9bcea59545af8553e6ef20aa869d133ef5b56dea # v2 + uses: cplieger/ci/.github/workflows/security-scan.yaml@696eb4cd19badd0ea7061abedfaa2906008d5092 # v2