3434 tailnet-integration : ${{ steps.filter.outputs.tailnet-integration }}
3535 steps :
3636 - name : Harden Runner
37- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
37+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
3838 with :
3939 egress-policy : audit
4040
@@ -155,7 +155,7 @@ jobs:
155155 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
156156 steps :
157157 - name : Harden Runner
158- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
158+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
159159 with :
160160 egress-policy : audit
161161
@@ -227,7 +227,7 @@ jobs:
227227 if : always()
228228 steps :
229229 - name : Harden Runner
230- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
230+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
231231 with :
232232 egress-policy : audit
233233
@@ -282,7 +282,7 @@ jobs:
282282 timeout-minutes : 7
283283 steps :
284284 - name : Harden Runner
285- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
285+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
286286 with :
287287 egress-policy : audit
288288
@@ -326,7 +326,7 @@ jobs:
326326 - windows-2022
327327 steps :
328328 - name : Harden Runner
329- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
329+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
330330 with :
331331 egress-policy : audit
332332
@@ -397,7 +397,7 @@ jobs:
397397 - windows-2022
398398 steps :
399399 - name : Harden Runner
400- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
400+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
401401 with :
402402 egress-policy : audit
403403
@@ -453,7 +453,7 @@ jobs:
453453 - ubuntu-latest
454454 steps :
455455 - name : Harden Runner
456- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
456+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
457457 with :
458458 egress-policy : audit
459459
@@ -521,7 +521,7 @@ jobs:
521521 timeout-minutes : 25
522522 steps :
523523 - name : Harden Runner
524- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
524+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
525525 with :
526526 egress-policy : audit
527527
@@ -569,7 +569,7 @@ jobs:
569569 timeout-minutes : 25
570570 steps :
571571 - name : Harden Runner
572- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
572+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
573573 with :
574574 egress-policy : audit
575575
@@ -618,7 +618,7 @@ jobs:
618618 timeout-minutes : 25
619619 steps :
620620 - name : Harden Runner
621- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
621+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
622622 with :
623623 egress-policy : audit
624624
@@ -677,7 +677,7 @@ jobs:
677677 timeout-minutes : 20
678678 steps :
679679 - name : Harden Runner
680- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
680+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
681681 with :
682682 egress-policy : audit
683683
@@ -703,7 +703,7 @@ jobs:
703703 timeout-minutes : 20
704704 steps :
705705 - name : Harden Runner
706- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
706+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
707707 with :
708708 egress-policy : audit
709709
@@ -735,7 +735,7 @@ jobs:
735735 name : ${{ matrix.variant.name }}
736736 steps :
737737 - name : Harden Runner
738- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
738+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
739739 with :
740740 egress-policy : audit
741741
@@ -804,7 +804,7 @@ jobs:
804804 if : needs.changes.outputs.ts == 'true' || needs.changes.outputs.ci == 'true'
805805 steps :
806806 - name : Harden Runner
807- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
807+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
808808 with :
809809 egress-policy : audit
810810
@@ -881,7 +881,7 @@ jobs:
881881
882882 steps :
883883 - name : Harden Runner
884- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
884+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
885885 with :
886886 egress-policy : audit
887887
@@ -950,7 +950,7 @@ jobs:
950950 if : always()
951951 steps :
952952 - name : Harden Runner
953- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
953+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
954954 with :
955955 egress-policy : audit
956956
@@ -1080,7 +1080,7 @@ jobs:
10801080 IMAGE : ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
10811081 steps :
10821082 - name : Harden Runner
1083- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1083+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
10841084 with :
10851085 egress-policy : audit
10861086
@@ -1137,7 +1137,7 @@ jobs:
11371137 # Setup GCloud for signing Windows binaries.
11381138 - name : Authenticate to Google Cloud
11391139 id : gcloud_auth
1140- uses : google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
1140+ uses : google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
11411141 with :
11421142 workload_identity_provider : ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }}
11431143 service_account : ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }}
@@ -1147,7 +1147,7 @@ jobs:
11471147 uses : google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
11481148
11491149 - name : Download dylibs
1150- uses : actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
1150+ uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
11511151 with :
11521152 name : dylibs
11531153 path : ./build
@@ -1264,7 +1264,7 @@ jobs:
12641264 id : attest_main
12651265 if : github.ref == 'refs/heads/main'
12661266 continue-on-error : true
1267- uses : actions/attest@a63cfcc7d1aab266ee064c58250cfc2c7d07bc31 # v2.2.1
1267+ uses : actions/attest@afd638254319277bb3d7f0a234478733e2e46a73 # v2.3.0
12681268 with :
12691269 subject-name : " ghcr.io/coder/coder-preview:main"
12701270 predicate-type : " https://slsa.dev/provenance/v1"
@@ -1301,7 +1301,7 @@ jobs:
13011301 id : attest_latest
13021302 if : github.ref == 'refs/heads/main'
13031303 continue-on-error : true
1304- uses : actions/attest@a63cfcc7d1aab266ee064c58250cfc2c7d07bc31 # v2.2.1
1304+ uses : actions/attest@afd638254319277bb3d7f0a234478733e2e46a73 # v2.3.0
13051305 with :
13061306 subject-name : " ghcr.io/coder/coder-preview:latest"
13071307 predicate-type : " https://slsa.dev/provenance/v1"
@@ -1338,7 +1338,7 @@ jobs:
13381338 id : attest_version
13391339 if : github.ref == 'refs/heads/main'
13401340 continue-on-error : true
1341- uses : actions/attest@a63cfcc7d1aab266ee064c58250cfc2c7d07bc31 # v2.2.1
1341+ uses : actions/attest@afd638254319277bb3d7f0a234478733e2e46a73 # v2.3.0
13421342 with :
13431343 subject-name : " ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}"
13441344 predicate-type : " https://slsa.dev/provenance/v1"
@@ -1426,7 +1426,7 @@ jobs:
14261426 id-token : write
14271427 steps :
14281428 - name : Harden Runner
1429- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1429+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
14301430 with :
14311431 egress-policy : audit
14321432
@@ -1436,7 +1436,7 @@ jobs:
14361436 fetch-depth : 0
14371437
14381438 - name : Authenticate to Google Cloud
1439- uses : google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
1439+ uses : google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10
14401440 with :
14411441 workload_identity_provider : projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
14421442 service_account : coder-ci@coder-dogfood.iam.gserviceaccount.com
@@ -1490,7 +1490,7 @@ jobs:
14901490 if : github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
14911491 steps :
14921492 - name : Harden Runner
1493- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1493+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
14941494 with :
14951495 egress-policy : audit
14961496
@@ -1525,7 +1525,7 @@ jobs:
15251525 if : needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
15261526 steps :
15271527 - name : Harden Runner
1528- uses : step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
1528+ uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
15291529 with :
15301530 egress-policy : audit
15311531
0 commit comments