3434 tailnet-integration : ${{ steps.filter.outputs.tailnet-integration }}
3535 steps :
3636 - name : Harden Runner
37- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
37+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
3838 with :
3939 egress-policy : audit
4040
@@ -154,7 +154,7 @@ jobs:
154154 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
155155 steps :
156156 - name : Harden Runner
157- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
157+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
158158 with :
159159 egress-policy : audit
160160
@@ -226,7 +226,7 @@ jobs:
226226 if : ${{ !cancelled() }}
227227 steps :
228228 - name : Harden Runner
229- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
229+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
230230 with :
231231 egress-policy : audit
232232
@@ -281,7 +281,7 @@ jobs:
281281 timeout-minutes : 7
282282 steps :
283283 - name : Harden Runner
284- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
284+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
285285 with :
286286 egress-policy : audit
287287
@@ -327,7 +327,7 @@ jobs:
327327 - name : Harden Runner
328328 # Harden Runner is only supported on Ubuntu runners.
329329 if : runner.os == 'Linux'
330- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
330+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
331331 with :
332332 egress-policy : audit
333333
@@ -418,7 +418,7 @@ jobs:
418418 - windows-2022
419419 steps :
420420 - name : Harden Runner
421- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
421+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
422422 with :
423423 egress-policy : audit
424424
@@ -582,7 +582,7 @@ jobs:
582582 # NOTE: this could instead be defined as a matrix strategy, but we want to
583583 # only block merging if tests on postgres 13 fail. Using a matrix strategy
584584 # here makes the check in the above `required` job rather complicated.
585- test-go-pg-16 :
585+ test-go-pg-17 :
586586 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
587587 needs :
588588 - changes
@@ -594,7 +594,7 @@ jobs:
594594 timeout-minutes : 25
595595 steps :
596596 - name : Harden Runner
597- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
597+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
598598 with :
599599 egress-policy : audit
600600
@@ -613,11 +613,11 @@ jobs:
613613 id : download-cache
614614 uses : ./.github/actions/test-cache/download
615615 with :
616- key-prefix : test-go-pg-16 -${{ runner.os }}-${{ runner.arch }}
616+ key-prefix : test-go-pg-17 -${{ runner.os }}-${{ runner.arch }}
617617
618618 - name : Test with PostgreSQL Database
619619 env :
620- POSTGRES_VERSION : " 16 "
620+ POSTGRES_VERSION : " 17 "
621621 TS_DEBUG_DISCO : " true"
622622 TEST_RETRIES : 2
623623 run : |
@@ -643,7 +643,7 @@ jobs:
643643 timeout-minutes : 25
644644 steps :
645645 - name : Harden Runner
646- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
646+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
647647 with :
648648 egress-policy : audit
649649
@@ -692,7 +692,7 @@ jobs:
692692 timeout-minutes : 25
693693 steps :
694694 - name : Harden Runner
695- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
695+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
696696 with :
697697 egress-policy : audit
698698
@@ -719,7 +719,7 @@ jobs:
719719 # c.f. discussion on https://github.com/coder/coder/pull/15106
720720 - name : Run Tests
721721 env :
722- POSTGRES_VERSION : " 16 "
722+ POSTGRES_VERSION : " 17 "
723723 run : |
724724 make test-postgres-docker
725725 DB=ci gotestsum --junitfile="gotests.xml" --packages="./..." --rerun-fails=2 --rerun-fails-abort-on-data-race -- -race -parallel 4 -p 4
@@ -751,7 +751,7 @@ jobs:
751751 timeout-minutes : 20
752752 steps :
753753 - name : Harden Runner
754- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
754+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
755755 with :
756756 egress-policy : audit
757757
@@ -777,7 +777,7 @@ jobs:
777777 timeout-minutes : 20
778778 steps :
779779 - name : Harden Runner
780- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
780+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
781781 with :
782782 egress-policy : audit
783783
@@ -809,7 +809,7 @@ jobs:
809809 name : ${{ matrix.variant.name }}
810810 steps :
811811 - name : Harden Runner
812- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
812+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
813813 with :
814814 egress-policy : audit
815815
@@ -882,7 +882,7 @@ jobs:
882882 if : needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
883883 steps :
884884 - name : Harden Runner
885- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
885+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
886886 with :
887887 egress-policy : audit
888888
@@ -902,7 +902,7 @@ jobs:
902902 # the check to pass. This is desired in PRs, but not in mainline.
903903 - name : Publish to Chromatic (non-mainline)
904904 if : github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
905- uses : chromaui/action@8536229ee904071f8edce292596f6dbe0da96b9b # v12.1.1
905+ uses : chromaui/action@c50adf8eaa8c2878af3263499a73077854de39d4 # v12.2.0
906906 env :
907907 NODE_OPTIONS : " --max_old_space_size=4096"
908908 STORYBOOK : true
@@ -934,7 +934,7 @@ jobs:
934934 # infinitely "in progress" in mainline unless we re-review each build.
935935 - name : Publish to Chromatic (mainline)
936936 if : github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
937- uses : chromaui/action@8536229ee904071f8edce292596f6dbe0da96b9b # v12.1.1
937+ uses : chromaui/action@c50adf8eaa8c2878af3263499a73077854de39d4 # v12.2.0
938938 env :
939939 NODE_OPTIONS : " --max_old_space_size=4096"
940940 STORYBOOK : true
@@ -962,7 +962,7 @@ jobs:
962962
963963 steps :
964964 - name : Harden Runner
965- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
965+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
966966 with :
967967 egress-policy : audit
968968
@@ -1031,7 +1031,7 @@ jobs:
10311031 if : always()
10321032 steps :
10331033 - name : Harden Runner
1034- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
1034+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
10351035 with :
10361036 egress-policy : audit
10371037
@@ -1161,7 +1161,7 @@ jobs:
11611161 IMAGE : ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
11621162 steps :
11631163 - name : Harden Runner
1164- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
1164+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
11651165 with :
11661166 egress-policy : audit
11671167
@@ -1345,7 +1345,7 @@ jobs:
13451345 id : attest_main
13461346 if : github.ref == 'refs/heads/main'
13471347 continue-on-error : true
1348- uses : actions/attest@afd638254319277bb3d7f0a234478733e2e46a73 # v2.3 .0
1348+ uses : actions/attest@ce27ba3b4a9a139d9a20a4a07d69fabb52f1e5bc # v2.4 .0
13491349 with :
13501350 subject-name : " ghcr.io/coder/coder-preview:main"
13511351 predicate-type : " https://slsa.dev/provenance/v1"
@@ -1382,7 +1382,7 @@ jobs:
13821382 id : attest_latest
13831383 if : github.ref == 'refs/heads/main'
13841384 continue-on-error : true
1385- uses : actions/attest@afd638254319277bb3d7f0a234478733e2e46a73 # v2.3 .0
1385+ uses : actions/attest@ce27ba3b4a9a139d9a20a4a07d69fabb52f1e5bc # v2.4 .0
13861386 with :
13871387 subject-name : " ghcr.io/coder/coder-preview:latest"
13881388 predicate-type : " https://slsa.dev/provenance/v1"
@@ -1419,7 +1419,7 @@ jobs:
14191419 id : attest_version
14201420 if : github.ref == 'refs/heads/main'
14211421 continue-on-error : true
1422- uses : actions/attest@afd638254319277bb3d7f0a234478733e2e46a73 # v2.3 .0
1422+ uses : actions/attest@ce27ba3b4a9a139d9a20a4a07d69fabb52f1e5bc # v2.4 .0
14231423 with :
14241424 subject-name : " ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}"
14251425 predicate-type : " https://slsa.dev/provenance/v1"
@@ -1507,7 +1507,7 @@ jobs:
15071507 id-token : write
15081508 steps :
15091509 - name : Harden Runner
1510- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
1510+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
15111511 with :
15121512 egress-policy : audit
15131513
@@ -1526,7 +1526,7 @@ jobs:
15261526 uses : google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
15271527
15281528 - name : Set up Flux CLI
1529- uses : fluxcd/flux2/action@b73c7f7191086ca7629840e680e71873349787f8 # v2.6.1
1529+ uses : fluxcd/flux2/action@a48f81a66c4ca9fbd993233ab99dd03a7cfbe09a # v2.6.2
15301530 with :
15311531 # Keep this and the github action up to date with the version of flux installed in dogfood cluster
15321532 version : " 2.5.1"
@@ -1571,7 +1571,7 @@ jobs:
15711571 if : github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
15721572 steps :
15731573 - name : Harden Runner
1574- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
1574+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
15751575 with :
15761576 egress-policy : audit
15771577
@@ -1606,7 +1606,7 @@ jobs:
16061606 if : needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
16071607 steps :
16081608 - name : Harden Runner
1609- uses : step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
1609+ uses : step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
16101610 with :
16111611 egress-policy : audit
16121612
0 commit comments