diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml index 8bdbab34..914872a3 100644 --- a/.github/actions/bootstrap/action.yml +++ b/.github/actions/bootstrap/action.yml @@ -16,14 +16,14 @@ runs: with: go-version-file: 'go.mod' - - uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 + - uses: docker/setup-qemu-action@96fe6ef7f33517b61c61be40b68a1882f3264fb8 # v4.2.0 if: "${{ inputs.goreleaser == 'true' }}" with: platforms: linux/arm64, linux/amd64 - name: Set up Docker Buildx if: "${{ inputs.goreleaser == 'true' }}" - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # See https://goreleaser.com/blog/supply-chain-security/ - name: installs syft for generating the SBOM with goreleaser diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9d91259c..89bd5e54 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: Log in to the Elastic Container registry - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}