Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC-090: Automated trusted workflow pinning (2024-09-09) #1034

Merged
merged 1 commit into from
Sep 9, 2024
Merged

SEC-090: Automated trusted workflow pinning (2024-09-09) #1034

merged 1 commit into from
Sep 9, 2024

Conversation

hashicorp-tsccr[bot]
Copy link
Contributor

Bumping GitHub Actions version to latest TSCCR release.

  • changes in .github/workflows/ci-go.yml
    • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/10767488526

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

@hashicorp-tsccr hashicorp-tsccr bot requested a review from a team as a code owner September 9, 2024 06:08
@hashicorp-tsccr hashicorp-tsccr bot added the SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs. label Sep 9, 2024
austinvalle
austinvalle approved these changes Sep 9, 2024
View reviewed changes
Copy link
Member

@austinvalle austinvalle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting! A breaking change in a minor version 😄. We don't have any workflows uploading artifacts with hidden files so we're good here 👍🏻

@austinvalle austinvalle merged commit 2ff8226 into main Sep 9, 2024
30 checks passed
@austinvalle austinvalle deleted the tsccr-auto-pinning/trusted/2024-09-09 branch September 9, 2024 13:43
austinvalle pushed a commit that referenced this pull request Sep 17, 2024
@hashicorp-tsccr @austinvalle
Result of tsccr-helper -log-level=info gha update -latest . (#1034)
2165588 
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
austinvalle added a commit that referenced this pull request Sep 17, 2024
@austinvalle @hashicorp-tsccr
@SBGoods @dependabot @hc-github-team-tf-provider-devex
docs: Miscellaneous doc fixes in attribute + unit tests (#1027)
7076cca 
* fix and uncomment custom type tests

* fix comments on nested attributes

* add new attribute types to package docs

* fix map docs

* fix linting errors

* SEC-090: Automated trusted workflow pinning (2024-08-19) (#1028)

* Result of tsccr-helper -log-level=info gha update -latest .

* Resolve linter errors and warnings

---------

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <github@simplebox.anonaddy.com>

* build(deps): Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#1029)

Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@651471c...b9cd54a)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Result of tsccr-helper -log-level=info gha update -latest . (#1034)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>

* all: Bump minimum Go module version to 1.22 (#1033)

* all: Bump minimum Go module version to 1.22.7

* add changelog

* back to 1.22.0

* [CI] Update lock workflow file

* [CI] Update issue comment triage workflow file

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: hashicorp-tsccr[bot] <129506189+hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <github@simplebox.anonaddy.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Service Account - Terraform Provider DevEx <100357958+hc-github-team-tf-provider-devex@users.noreply.github.com>
austinvalle added a commit that referenced this pull request Sep 17, 2024
@austinvalle @hashicorp-tsccr
@SBGoods @dependabot @hc-github-team-tf-provider-devex
docs: Miscellaneous doc fixes in attribute + unit tests (#1027)
05c4f7b 
* fix and uncomment custom type tests

* fix comments on nested attributes

* add new attribute types to package docs

* fix map docs

* fix linting errors

* SEC-090: Automated trusted workflow pinning (2024-08-19) (#1028)

* Result of tsccr-helper -log-level=info gha update -latest .

* Resolve linter errors and warnings

---------

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <github@simplebox.anonaddy.com>

* build(deps): Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 (#1029)

Bumps [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@651471c...b9cd54a)

---
updated-dependencies:
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Result of tsccr-helper -log-level=info gha update -latest . (#1034)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>

* all: Bump minimum Go module version to 1.22 (#1033)

* all: Bump minimum Go module version to 1.22.7

* add changelog

* back to 1.22.0

* [CI] Update lock workflow file

* [CI] Update issue comment triage workflow file

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

* [CI] terraform-devex-repos automation

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: hashicorp-tsccr[bot] <129506189+hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
Co-authored-by: Selena Goods <github@simplebox.anonaddy.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Service Account - Terraform Provider DevEx <100357958+hc-github-team-tf-provider-devex@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@austinvalle austinvalle austinvalle approved these changes

Assignees
No one assigned
Labels
SEC-090/Pinning/Trusted Automated TSCCR pinning PR to trusted SHAs.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@austinvalle