From 4f9d4196dff91fa0f6cd05e6ca1e15fb72292ad5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 22:26:04 +0900 Subject: [PATCH 01/13] chore(deps): update peter-evans/create-pull-request action to v7 (#138) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/depup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml index 5a55e7f..f92d713 100644 --- a/.github/workflows/depup.yml +++ b/.github/workflows/depup.yml @@ -21,7 +21,7 @@ jobs: repo: reviewdog/reviewdog - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@v7 with: token: ${{ secrets.GITHUB_TOKEN }} title: "chore(deps): update reviewdog to ${{ steps.depup.outputs.latest }}" From 5438b9eb65de4f4d755dec89d0c9ea4ee0157e3e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 19:13:15 +0900 Subject: [PATCH 02/13] chore(deps): update terraform azurerm to ~> 3.117.0 (#133) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- testdata/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/main.tf b/testdata/main.tf index 2d384dc..3b212e2 100644 --- a/testdata/main.tf +++ b/testdata/main.tf @@ -9,7 +9,7 @@ terraform { azurerm = { source = "hashicorp/azurerm" - version = "~> 3.107.0" + version = "~> 3.117.0" } } } From 18beef5056ad7aa9336a29ff8188aae6615fc6ab Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:48:40 +0900 Subject: [PATCH 03/13] chore(deps): update terraform aws to ~> 5.79.0 (#140) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- testdata/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testdata/main.tf b/testdata/main.tf index 3b212e2..e4b2e19 100644 --- a/testdata/main.tf +++ b/testdata/main.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.74.0" + version = "~> 5.79.0" } azurerm = { From 5809a0252e6186a455df630eb2fc8e6a88c59ff0 Mon Sep 17 00:00:00 2001 From: haya14busa Date: Tue, 18 Mar 2025 14:25:04 +0900 Subject: [PATCH 04/13] Pin GitHub Actions with commit SHA using pinact (#143) --- .github/workflows/depup.yml | 6 +++--- .github/workflows/labels.yml | 2 +- .github/workflows/lint.yml | 10 +++++----- .github/workflows/release.yml | 12 ++++++------ .github/workflows/tests.yml | 8 ++++---- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml index f92d713..ac6c6a8 100644 --- a/.github/workflows/depup.yml +++ b/.github/workflows/depup.yml @@ -11,9 +11,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: haya14busa/action-depup@v1 + - uses: haya14busa/action-depup@d6b40096afad49ca676145faaba7190df29a9807 # v1.6.3 id: depup with: file: action.yml @@ -21,7 +21,7 @@ jobs: repo: reviewdog/reviewdog - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ secrets.GITHUB_TOKEN }} title: "chore(deps): update reviewdog to ${{ steps.depup.outputs.latest }}" diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml index 1ab1daf..9782494 100644 --- a/.github/workflows/labels.yml +++ b/.github/workflows/labels.yml @@ -18,6 +18,6 @@ jobs: uses: actions/checkout@master - name: Manage labels - uses: lannonbr/issue-label-manager-action@4.0.0 + uses: lannonbr/issue-label-manager-action@e8dbcd8198e86a1e98d5372e55db976fed9ba6f7 # 4.0.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index bf65cbe..185d62a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -11,16 +11,16 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: haya14busa/action-cond@v1 + - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 id: reporter with: cond: ${{ github.event_name == 'pull_request' }} if_true: "github-pr-review" if_false: "github-check" - - uses: reviewdog/action-shellcheck@v1 + - uses: reviewdog/action-shellcheck@6e0e63d1750d02d761b3df0f2c5ba9f9ac4a9ed7 # v1.29.0 with: github_token: ${{ secrets.github_token }} reporter: ${{ steps.reporter.outputs.value }} @@ -30,9 +30,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: reviewdog/action-misspell@v1 + - uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1 # v1.26.1 with: github_token: ${{ secrets.github_token }} reporter: github-check diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d8365cf..2dd40c0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,24 +15,24 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Bump version on merging Pull Requests with specific labels. # (bump:major,bump:minor,bump:patch) - id: bumpr if: "!startsWith(github.ref, 'refs/tags/')" - uses: haya14busa/action-bumpr@v1 + uses: haya14busa/action-bumpr@78ab5a104d20896c9c9122c64221b3aecf1a8cbb # v1.10.0 # Update corresponding major and minor tag. # e.g. Update v1 and v1.2 when releasing v1.2.3 - - uses: haya14busa/action-update-semver@v1 + - uses: haya14busa/action-update-semver@fb48464b2438ae82cc78237be61afb4f461265a1 # v1.2.1 if: "!steps.bumpr.outputs.skip" with: tag: ${{ steps.bumpr.outputs.next_version }} # Get tag name. - id: tag - uses: haya14busa/action-cond@v1 + uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 with: cond: "${{ startsWith(github.ref, 'refs/tags/') }}" if_true: ${{ github.ref }} @@ -52,6 +52,6 @@ jobs: if: github.event.action == 'labeled' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Post bumpr status comment - uses: haya14busa/action-bumpr@v1 + uses: haya14busa/action-bumpr@78ab5a104d20896c9c9122c64221b3aecf1a8cbb # v1.10.0 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 341cec8..9f1f779 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./ continue-on-error: true @@ -54,7 +54,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./ continue-on-error: true @@ -92,7 +92,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./ continue-on-error: true @@ -135,7 +135,7 @@ jobs: runs-on: ${{ matrix.platform }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./ continue-on-error: true From dbb1b474921bad80f5a650466e0aaa4648d464fc Mon Sep 17 00:00:00 2001 From: haya14busa Date: Tue, 18 Mar 2025 16:08:35 +0900 Subject: [PATCH 05/13] Pin reviewdog install script version with commit SHA (#144) --- script.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script.sh b/script.sh index 4b95696..6adc9aa 100755 --- a/script.sh +++ b/script.sh @@ -35,7 +35,7 @@ echo '::group::Preparing ...' echo '::endgroup::' echo "::group::🐶 Installing reviewdog (${REVIEWDOG_VERSION}) ... https://github.com/reviewdog/reviewdog" - curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${REVIEWDOG_PATH}" "${REVIEWDOG_VERSION}" 2>&1 + curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/fd59714416d6d9a1c0692d872e38e7f8448df4fc/install.sh | sh -s -- -b "${REVIEWDOG_PATH}" "${REVIEWDOG_VERSION}" 2>&1 echo '::endgroup::' echo "::group:: Installing tfsec (${INPUT_TFSEC_VERSION}) ... https://github.com/aquasecurity/tfsec" From 6910e625dc44fef73a94ff03c67f24eab60ec7fc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 16:54:21 +0900 Subject: [PATCH 06/13] chore(deps): update reviewdog/action-misspell action to v1.26.2 (#146) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 185d62a..0216078 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -32,7 +32,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1 # v1.26.1 + - uses: reviewdog/action-misspell@8494bbc332b3d00538ac7c3956a4b4e6a5c9b23d # v1.26.2 with: github_token: ${{ secrets.github_token }} reporter: github-check From 61bb70ec30a3998a8c501ed6a92660320b34e798 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 16:56:49 +0900 Subject: [PATCH 07/13] chore(deps): update haya14busa/action-depup action to v1.6.4 (#145) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/depup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/depup.yml b/.github/workflows/depup.yml index ac6c6a8..f5c5bd4 100644 --- a/.github/workflows/depup.yml +++ b/.github/workflows/depup.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: haya14busa/action-depup@d6b40096afad49ca676145faaba7190df29a9807 # v1.6.3 + - uses: haya14busa/action-depup@94a1aaf4e4923064019214b48a43276218af7ad5 # v1.6.4 id: depup with: file: action.yml From ce2ed332f38cbb37f73eb09af49e4e6a77e5374e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 22:07:10 +0900 Subject: [PATCH 08/13] chore(deps): update reviewdog/action-misspell action to v1.26.3 (#147) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 0216078..b02713c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -32,7 +32,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: reviewdog/action-misspell@8494bbc332b3d00538ac7c3956a4b4e6a5c9b23d # v1.26.2 + - uses: reviewdog/action-misspell@9daa94af4357dddb6fd3775de806bc0a8e98d3e4 # v1.26.3 with: github_token: ${{ secrets.github_token }} reporter: github-check From ba4a84d1f2e1834d8f71c984ac8292332984cb59 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 22:08:43 +0900 Subject: [PATCH 09/13] chore(deps): update reviewdog/action-shellcheck action to v1.29.3 (#148) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b02713c..f7dde1a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -20,7 +20,7 @@ jobs: if_true: "github-pr-review" if_false: "github-check" - - uses: reviewdog/action-shellcheck@6e0e63d1750d02d761b3df0f2c5ba9f9ac4a9ed7 # v1.29.0 + - uses: reviewdog/action-shellcheck@57079a832290a049f49cee90984b072c870fb7d4 # v1.29.3 with: github_token: ${{ secrets.github_token }} reporter: ${{ steps.reporter.outputs.value }} From bfb2b3ec4eb81e63d2e566378800d6d045ba35c2 Mon Sep 17 00:00:00 2001 From: haya14busa Date: Wed, 19 Mar 2025 03:24:50 +0900 Subject: [PATCH 10/13] README: Pin GitHub Actions with commit SHA using pinact (#149) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 29b0e0f..ea38799 100644 --- a/README.md +++ b/README.md @@ -108,7 +108,7 @@ jobs: steps: - name: Clone repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run tfsec with reviewdog output on the PR uses: reviewdog/action-tfsec@master From 9926ffe70f2ea3e83c6e27fd75925811a2c4e6c5 Mon Sep 17 00:00:00 2001 From: Shoma Okamoto <32533860+shmokmt@users.noreply.github.com> Date: Fri, 21 Mar 2025 15:14:10 +0900 Subject: [PATCH 11/13] Fix README (#151) do not refer to master branch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ea38799..b5eb6be 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run tfsec with reviewdog output on the PR - uses: reviewdog/action-tfsec@master + uses: reviewdog/action-tfsec@dbb1b474921bad80f5a650466e0aaa4648d464fc # v1.28.6 with: github_token: ${{ secrets.github_token }} working_directory: my_directory # Change working directory From 2439daddfdc8261231d42e46df877424ecc1c9bc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 16:28:47 +0900 Subject: [PATCH 12/13] chore(deps): update reviewdog to 0.20.3 (#141) Co-authored-by: shogo82148 <1157344+shogo82148@users.noreply.github.com> --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index c448563..6ac36db 100644 --- a/action.yml +++ b/action.yml @@ -76,7 +76,7 @@ runs: env: # We may want to allow specifying reviewdog version as # action's input, but let's start with hard coded latest stable version for reviewdog - REVIEWDOG_VERSION: v0.20.2 + REVIEWDOG_VERSION: v0.20.3 # INPUT_ is not available in Composite run steps # https://github.community/t/input-variable-name-is-not-available-in-composite-run-steps/127611 INPUT_GITHUB_TOKEN: ${{ inputs.github_token }} From 1940d1bb2f84aee53b45858a1290483b4c3d4906 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 16:29:22 +0900 Subject: [PATCH 13/13] chore(deps): update reviewdog/action-shellcheck action to v1.30.0 (#150) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f7dde1a..6db4019 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -20,7 +20,7 @@ jobs: if_true: "github-pr-review" if_false: "github-check" - - uses: reviewdog/action-shellcheck@57079a832290a049f49cee90984b072c870fb7d4 # v1.29.3 + - uses: reviewdog/action-shellcheck@5ebd09ddbe2ebb471646ce234c6c8dd18663ca7c # v1.30.0 with: github_token: ${{ secrets.github_token }} reporter: ${{ steps.reporter.outputs.value }}