diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bcb2a75..012bb27 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,7 +24,7 @@ jobs: HTMLTEST_VERSION: "0.17.0" steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 persist-credentials: false # zizmor: artipacked @@ -58,7 +58,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # zizmor: artipacked - name: Setup Node @@ -78,7 +78,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # zizmor: artipacked # pipx is preinstalled on ubuntu runners. Config + dictionary: .codespellrc / .codespell-ignore. diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 468ff12..82cd815 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: submodules: recursive fetch-depth: 0 diff --git a/.github/workflows/hugo-bump.yml b/.github/workflows/hugo-bump.yml index 9f05f3e..d18300d 100644 --- a/.github/workflows/hugo-bump.yml +++ b/.github/workflows/hugo-bump.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write # open the PR steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # zizmor: artipacked - name: Check for a newer Hugo release diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 1321b94..0049ca1 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # zizmor: artipacked - name: Install Hugo (extended) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index bf19028..54c25ca 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -21,7 +21,7 @@ jobs: issues: write # open / update the tracking issue steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # zizmor: artipacked - name: Install Hugo (extended) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 4a000de..e97ba17 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -35,7 +35,7 @@ jobs: GITLEAKS_VERSION: "8.30.1" GITLEAKS_SHA256: "551f6fc83ea457d62a0d98237cbad105af8d557003051f41f3e7ca7b3f2470eb" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # scan EVERY commit, not just the tip — a secret is still a leak once pushed persist-credentials: false # zizmor: artipacked @@ -59,7 +59,7 @@ jobs: env: ZIZMOR_VERSION: "1.25.2" steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # zizmor: artipacked # pipx is preinstalled on ubuntu-24.04.