elastic · v1v · Mar 26, 2025 · mashhurs · Mar 28, 2025 · v1v
diff --git a/.github/workflows/add-docs-preview-link.yml b/.github/workflows/add-docs-preview-link.yml
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     steps:
       - id: wait-for-status
-        uses: autotelic/action-wait-for-status-check@v1
+        uses: autotelic/action-wait-for-status-check@607b73db78acfa726172baadcf6a145d0b5c8612 # v1.0.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           owner: elastic
@@ -26,8 +26,8 @@ jobs:
           intervalSeconds: 30
       - name: Add Docs Preview link in PR Comment
         if: steps.wait-for-status.outputs.state == 'success'
-        uses: thollander/actions-comment-pull-request@v1
+        uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1
         with:
           message: |
             :page_with_curl: **DOCS PREVIEW** :sparkles: https://logstash_bk_${{ github.event.number }}.docs-preview.app.elstc.co/diff
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/critical_vulnerability_scan.yml b/.github/workflows/critical_vulnerability_scan.yml
@@ -17,7 +17,7 @@ jobs:
       - run: tar -zxf ../build/logstash-*.tar.gz
         working-directory: ./scan
       - name: scan image
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
         with:
           path: "./scan"
           fail-build: true

diff --git a/.github/workflows/gen_release_notes.yml b/.github/workflows/gen_release_notes.yml
@@ -22,11 +22,11 @@ jobs:
   main:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
     - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@7886c6653556e1164c58a7603d88286b5f708293 # v1.228.0
       with:
         ruby-version: '3.0'
     - run: git config --global user.email "43502315+logstashmachine@users.noreply.github.com"

diff --git a/.github/workflows/lint_docs.yml b/.github/workflows/lint_docs.yml
@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 16.13.2
           cache: npm
@@ -38,7 +38,7 @@ jobs:
           echo "::set-output name=LINT_RESULT::$LINT"
 
       - name: Add PR comment
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -58,7 +58,7 @@ jobs:
             }
 
       - name: Throw error if linter fails
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             const report = `${{ steps.run_docs_lint.outputs.LINT_RESULT }}`

diff --git a/.github/workflows/pr_backporter.yml b/.github/workflows/pr_backporter.yml
@@ -13,15 +13,15 @@ jobs:
     if: github.event.issue.pull_request
     runs-on: ubuntu-latest
     steps:
-      - uses: actions-ecosystem/action-regex-match@v2
+      - uses: actions-ecosystem/action-regex-match@9e6c4fb3d5e898f505be7a1fb6e7b0a278f6665b # v2.0.2
         id: regex-match
         with:
           text: ${{ github.event.comment.body }}
           regex: '^@logstashmachine backport (main|[x0-9\.]+)$'
       - if: ${{ steps.regex-match.outputs.group1 == '' }}
         run: exit 1
       - name: Fetch logstash-core team member list
-        uses: tspascoal/get-user-teams-membership@v1
+        uses: tspascoal/get-user-teams-membership@39b5264024b7c3bd7480de2f2c8d3076eed49ec5 # v1.0.4
         id: checkUserMember
         with: 
           username: ${{ github.actor }}
@@ -32,14 +32,14 @@ jobs:
         if: ${{ steps.checkUserMember.outputs.isTeamMember == 'false' }}
         run: exit 1
       - name: checkout repo content
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           ref: 'main'
       - run: git config --global user.email "43502315+logstashmachine@users.noreply.github.com"
       - run: git config --global user.name "logstashmachine"
       - name: setup python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: 3.8
       - run: |