SEC-090: Automated trusted workflow pinning (2025-02-03) #1156

hashicorp-tsccr · 2025-02-03T09:36:37Z

Bumping GitHub Actions version to latest TSCCR release.

changes in .github/workflows/automation-release.yaml
- bump actions/setup-go from v5.2.0 to v5.3.0 (release notes)
- bump actions/setup-go from v5.2.0 to v5.3.0 (release notes)
changes in .github/workflows/pr-acceptance-tests.yml
- bump actions/setup-go from v5.2.0 to v5.3.0 (release notes)
changes in .github/workflows/pr-unit-tests.yaml
- bump actions/setup-go from v5.2.0 to v5.3.0 (release notes)
changes in .github/workflows/pr-validate-go-get.yaml
- bump actions/setup-go from v5.2.0 to v5.3.0 (release notes)

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

Result of tsccr-helper -log-level=info gha update .github/

f31c6ef

hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Feb 3, 2025

hashicorp-tsccr bot requested a review from a team as a code owner February 3, 2025 09:36

catriona-m approved these changes Feb 3, 2025

View reviewed changes

catriona-m merged commit ff63a78 into main Feb 3, 2025
6 checks passed

catriona-m deleted the tsccr-auto-pinning/trusted/2025-02-03 branch February 3, 2025 10:07

Provide feedback