diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index 6e9aa4f9c..41b8dd89e 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -19,7 +19,7 @@ jobs: runs-on: [ ubuntu-latest ] steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/CleanupTempRepos.yaml b/.github/workflows/CleanupTempRepos.yaml index ca647c6ec..010ddb452 100644 --- a/.github/workflows/CleanupTempRepos.yaml +++ b/.github/workflows/CleanupTempRepos.yaml @@ -22,7 +22,7 @@ jobs: githubOwner: ${{ steps.check.outputs.githubOwner }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: needs: [ Check ] steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/Deploy.yaml b/.github/workflows/Deploy.yaml index 800ef733f..7d4457b37 100644 --- a/.github/workflows/Deploy.yaml +++ b/.github/workflows/Deploy.yaml @@ -53,7 +53,7 @@ jobs: defaultBcContainerHelperVersion: ${{ steps.CreateInputs.outputs.defaultBcContainerHelperVersion }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -78,7 +78,7 @@ jobs: needs: [ Inputs ] steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -115,7 +115,7 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/E2E.yaml b/.github/workflows/E2E.yaml index 107835c9a..1416eb29c 100644 --- a/.github/workflows/E2E.yaml +++ b/.github/workflows/E2E.yaml @@ -52,7 +52,7 @@ jobs: githubOwner: ${{ steps.check.outputs.githubOwner }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -101,7 +101,7 @@ jobs: appSourceAppRepo: ${{ steps.setup.outputs.appSourceAppRepo }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -125,7 +125,7 @@ jobs: scenarios: ${{ steps.Analyze.outputs.scenarios }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -206,7 +206,7 @@ jobs: strategy: ${{ fromJson(needs.Analyze.outputs.scenarios) }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -242,7 +242,7 @@ jobs: strategy: ${{ fromJson(needs.Analyze.outputs.scenarios) }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -278,7 +278,7 @@ jobs: strategy: ${{ fromJson(needs.Analyze.outputs.publictestruns) }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -326,7 +326,7 @@ jobs: strategy: ${{ fromJson(needs.Analyze.outputs.privatetestruns) }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -375,7 +375,7 @@ jobs: strategy: ${{ fromJson(needs.Analyze.outputs.releases) }} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -420,7 +420,7 @@ jobs: if: always() && (!Cancelled()) && (needs.SetupRepositories.result == 'Success') && (needs.TestAlGoPublic.result == 'Success' || needs.TestAlGoPublic.result == 'Skipped') && (needs.TestAlGoPrivate.result == 'Success' || needs.TestAlGoPrivate.result == 'Skipped') && (needs.TestAlGoUpgrade.result == 'Success' || needs.TestAlGoUpgrade.result == 'Skipped') && (needs.Scenario.result == 'Success' || needs.Scenario.result == 'Skipped') steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/powershell.yaml b/.github/workflows/powershell.yaml index 58201b699..2ef7a0d35 100644 --- a/.github/workflows/powershell.yaml +++ b/.github/workflows/powershell.yaml @@ -21,7 +21,7 @@ jobs: security-events: write # for github/codeql-action/upload-sarif to upload SARIF results steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -37,6 +37,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 0c6d82000..d953defeb 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -14,7 +14,7 @@ jobs: runs-on: windows-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index 06426be63..c43ca8340 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -28,7 +28,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -36,6 +36,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/Actions/Github-Helper.psm1 b/Actions/Github-Helper.psm1 index 55ede9fac..350b8eeec 100644 --- a/Actions/Github-Helper.psm1 +++ b/Actions/Github-Helper.psm1 @@ -158,7 +158,7 @@ function GetDependencies { Write-Host "$($_.FullName) found from previous job" } } - elseif ($mask -notlike '*TestApps') { + elseif ($mask -like '*Apps') { Write-Host "$project not built, downloading from artifacts" $missingProjects += @($project) } diff --git a/Templates/AppSource App/.github/workflows/_BuildALGoProject.yaml b/Templates/AppSource App/.github/workflows/_BuildALGoProject.yaml index 3d2327b00..4e61dafb6 100644 --- a/Templates/AppSource App/.github/workflows/_BuildALGoProject.yaml +++ b/Templates/AppSource App/.github/workflows/_BuildALGoProject.yaml @@ -173,7 +173,7 @@ jobs: suffix: ${{ inputs.artifactsNameSuffix }} - name: Publish artifacts - apps - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.artifactsRetentionDays >= 0 with: name: ${{ steps.calculateArtifactsNames.outputs.AppsArtifactsName }} @@ -182,7 +182,7 @@ jobs: retention-days: ${{ inputs.artifactsRetentionDays }} - name: Publish artifacts - dependencies - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.artifactsRetentionDays >= 0 && env.generateDependencyArtifact == 'True' with: name: ${{ steps.calculateArtifactsNames.outputs.DependenciesArtifactsName }} @@ -191,7 +191,7 @@ jobs: retention-days: ${{ inputs.artifactsRetentionDays }} - name: Publish artifacts - test apps - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.artifactsRetentionDays >= 0 with: name: ${{ steps.calculateArtifactsNames.outputs.TestAppsArtifactsName }} @@ -200,7 +200,7 @@ jobs: retention-days: ${{ inputs.artifactsRetentionDays }} - name: Publish artifacts - build output - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/BuildOutput.txt',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.BuildOutputArtifactsName }} @@ -208,7 +208,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - container event log - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (failure()) && (hashFiles(format('{0}/ContainerEventLog.evtx',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.ContainerEventLogArtifactsName }} @@ -216,7 +216,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/.buildartifacts/TestResults.xml',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.TestResultsArtifactsName }} @@ -224,7 +224,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - bcpt test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/.buildartifacts/bcptTestResults.json',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.BcptTestResultsArtifactsName }} @@ -232,7 +232,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - page scripting test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/.buildartifacts/PageScriptingTestResults.xml',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.PageScriptingTestResultsArtifactsName }} @@ -240,7 +240,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - page scripting test result details - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) with: name: ${{ steps.calculateArtifactsNames.outputs.PageScriptingTestResultDetailsArtifactsName }} diff --git a/Templates/Per Tenant Extension/.github/workflows/_BuildALGoProject.yaml b/Templates/Per Tenant Extension/.github/workflows/_BuildALGoProject.yaml index 3d2327b00..4e61dafb6 100644 --- a/Templates/Per Tenant Extension/.github/workflows/_BuildALGoProject.yaml +++ b/Templates/Per Tenant Extension/.github/workflows/_BuildALGoProject.yaml @@ -173,7 +173,7 @@ jobs: suffix: ${{ inputs.artifactsNameSuffix }} - name: Publish artifacts - apps - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.artifactsRetentionDays >= 0 with: name: ${{ steps.calculateArtifactsNames.outputs.AppsArtifactsName }} @@ -182,7 +182,7 @@ jobs: retention-days: ${{ inputs.artifactsRetentionDays }} - name: Publish artifacts - dependencies - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.artifactsRetentionDays >= 0 && env.generateDependencyArtifact == 'True' with: name: ${{ steps.calculateArtifactsNames.outputs.DependenciesArtifactsName }} @@ -191,7 +191,7 @@ jobs: retention-days: ${{ inputs.artifactsRetentionDays }} - name: Publish artifacts - test apps - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.artifactsRetentionDays >= 0 with: name: ${{ steps.calculateArtifactsNames.outputs.TestAppsArtifactsName }} @@ -200,7 +200,7 @@ jobs: retention-days: ${{ inputs.artifactsRetentionDays }} - name: Publish artifacts - build output - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/BuildOutput.txt',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.BuildOutputArtifactsName }} @@ -208,7 +208,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - container event log - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (failure()) && (hashFiles(format('{0}/ContainerEventLog.evtx',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.ContainerEventLogArtifactsName }} @@ -216,7 +216,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/.buildartifacts/TestResults.xml',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.TestResultsArtifactsName }} @@ -224,7 +224,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - bcpt test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/.buildartifacts/bcptTestResults.json',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.BcptTestResultsArtifactsName }} @@ -232,7 +232,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - page scripting test results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) && (hashFiles(format('{0}/.buildartifacts/PageScriptingTestResults.xml',inputs.project)) != '') with: name: ${{ steps.calculateArtifactsNames.outputs.PageScriptingTestResultsArtifactsName }} @@ -240,7 +240,7 @@ jobs: if-no-files-found: ignore - name: Publish artifacts - page scripting test result details - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: (success() || failure()) with: name: ${{ steps.calculateArtifactsNames.outputs.PageScriptingTestResultDetailsArtifactsName }} diff --git a/Templates/Per Tenant Extension/.github/workflows/_BuildPowerPlatformSolution.yaml b/Templates/Per Tenant Extension/.github/workflows/_BuildPowerPlatformSolution.yaml index ed7406910..1128a057a 100644 --- a/Templates/Per Tenant Extension/.github/workflows/_BuildPowerPlatformSolution.yaml +++ b/Templates/Per Tenant Extension/.github/workflows/_BuildPowerPlatformSolution.yaml @@ -88,7 +88,7 @@ jobs: suffix: ${{ inputs.artifactsNameSuffix }} - name: Publish artifacts - Power Platform Solution - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: inputs.publishArtifacts with: name: ${{ steps.calculateArtifactsNames.outputs.PowerPlatformSolutionArtifactsName }}