diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index 0b3194e0c..404e73407 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -12,7 +12,7 @@ jobs: - name: Check out with: persist-credentials: false - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: version: v2026.5.18 diff --git a/.github/workflows/api-diff.yml b/.github/workflows/api-diff.yml index 99b7844ea..548b7139f 100644 --- a/.github/workflows/api-diff.yml +++ b/.github/workflows/api-diff.yml @@ -32,7 +32,7 @@ jobs: ${{ contains(github.event.pull_request.labels.*.name, 'breaking-api-change-accepted') }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c6be7ed7b..b686c28cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ jobs: build: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 521dab4f4..1de0ca840 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: security-events: write # required for github/codeql-action/analyze to upload SARIF steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false diff --git a/.github/workflows/generate-api-diff-baseline.yml b/.github/workflows/generate-api-diff-baseline.yml index aee2b4ee6..a3ad47e86 100644 --- a/.github/workflows/generate-api-diff-baseline.yml +++ b/.github/workflows/generate-api-diff-baseline.yml @@ -29,7 +29,7 @@ jobs: permissions: contents: read # checkout + read-only `git fetch origin main` for the verify step steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ github.ref }} persist-credentials: false @@ -90,7 +90,7 @@ jobs: permissions: contents: write # push regenerated docs/apidiffs back to the renovate branch steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ github.ref }} # zizmor: ignore[artipacked] -- needs credentials to push diff --git a/.github/workflows/generate-protobuf.yml b/.github/workflows/generate-protobuf.yml index e096b5881..e186836c8 100644 --- a/.github/workflows/generate-protobuf.yml +++ b/.github/workflows/generate-protobuf.yml @@ -14,7 +14,7 @@ jobs: permissions: contents: read # checkout + read-only `git fetch origin main` for the verify step steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ github.ref }} persist-credentials: false @@ -66,7 +66,7 @@ jobs: permissions: contents: write # push regenerated sources back to the renovate branch steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ github.ref }} # zizmor: ignore[artipacked] -- needs credentials to push diff --git a/.github/workflows/github-pages.yaml b/.github/workflows/github-pages.yaml index bd1b58a47..270cdf677 100644 --- a/.github/workflows/github-pages.yaml +++ b/.github/workflows/github-pages.yaml @@ -32,7 +32,7 @@ jobs: if: github.repository == 'prometheus/client_java' runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false fetch-tags: "true" diff --git a/.github/workflows/jmx-exporter-compatibility.yml b/.github/workflows/jmx-exporter-compatibility.yml index afdaed42d..79a1e9eb9 100644 --- a/.github/workflows/jmx-exporter-compatibility.yml +++ b/.github/workflows/jmx-exporter-compatibility.yml @@ -19,7 +19,7 @@ jobs: jmx-exporter-compatibility: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 diff --git a/.github/workflows/multi-version-test.yml b/.github/workflows/multi-version-test.yml index a0bfeef76..3545ce207 100644 --- a/.github/workflows/multi-version-test.yml +++ b/.github/workflows/multi-version-test.yml @@ -15,7 +15,7 @@ jobs: java: [17, 21, 25] steps: - name: Check out - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false diff --git a/.github/workflows/native-tests.yml b/.github/workflows/native-tests.yml index 81e4ed9b9..e21b9d94a 100644 --- a/.github/workflows/native-tests.yml +++ b/.github/workflows/native-tests.yml @@ -12,7 +12,7 @@ jobs: - name: Check out with: persist-credentials: false - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: version: v2026.5.18 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2e0732b56..6ba78b44a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: echo "${#GPG_SIGNING_KEY}" echo "${GPG_SIGNING_KEY}" | gpg --batch --import-options import-show --import - name: Checkout Plugin Repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ inputs.tag }} persist-credentials: false diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 532a3787b..6e2f53bd7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,7 +22,7 @@ jobs: id-token: write # required by scorecard-action for OIDC token steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false diff --git a/.github/workflows/test-release-build.yml b/.github/workflows/test-release-build.yml index 9e88dc430..ff9ffbdad 100644 --- a/.github/workflows/test-release-build.yml +++ b/.github/workflows/test-release-build.yml @@ -13,7 +13,7 @@ jobs: build: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: persist-credentials: false fetch-tags: "true"