diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index d986108f087..6ff05de03d9 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -89,7 +89,7 @@ jobs: fetch-depth: 0 - name: Set up Docker Builder - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Login to GitHub Container Registry uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 @@ -161,7 +161,7 @@ jobs: - name: Build and push amd64 image id: build # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY. - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . platforms: linux/amd64 @@ -179,7 +179,7 @@ jobs: id: build-browser if: steps.tags.outputs.browser != '' # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY. - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . platforms: linux/amd64 @@ -280,7 +280,7 @@ jobs: fetch-depth: 0 - name: Set up Docker Builder - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Login to GitHub Container Registry uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 @@ -352,7 +352,7 @@ jobs: - name: Build and push arm64 image id: build # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY. - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . platforms: linux/arm64 @@ -370,7 +370,7 @@ jobs: id: build-browser if: steps.tags.outputs.browser != '' # WARNING: KEEP THE OFFICIAL DOCKER ACTION HERE; DO NOT SWITCH THIS BACK TO BLACKSMITH BLINDLY. - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . platforms: linux/arm64 @@ -562,7 +562,7 @@ jobs: fetch-depth: 1 - name: Set up Docker Builder - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Login to GitHub Container Registry uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 diff --git a/.github/workflows/docs-agent.yml b/.github/workflows/docs-agent.yml index a939f9c0af6..6df42c682a6 100644 --- a/.github/workflows/docs-agent.yml +++ b/.github/workflows/docs-agent.yml @@ -149,7 +149,7 @@ jobs: - name: Run Codex docs agent if: steps.gate.outputs.run_agent == 'true' - uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 + uses: openai/codex-action@e0fdf01220eb9a88167c4898839d273e3f2609d1 env: DOCS_AGENT_BASE_SHA: ${{ steps.gate.outputs.review_base_sha }} DOCS_AGENT_HEAD_SHA: ${{ steps.gate.outputs.review_head_sha }} diff --git a/.github/workflows/mantis-telegram-desktop-proof.yml b/.github/workflows/mantis-telegram-desktop-proof.yml index a0f7ab6f4ba..b3c60d39a62 100644 --- a/.github/workflows/mantis-telegram-desktop-proof.yml +++ b/.github/workflows/mantis-telegram-desktop-proof.yml @@ -445,7 +445,7 @@ jobs: sudo chown -R codex:codex "$GITHUB_WORKSPACE" - name: Run Codex Mantis Telegram agent - uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 + uses: openai/codex-action@e0fdf01220eb9a88167c4898839d273e3f2609d1 env: BASELINE_REF: ${{ needs.resolve_request.outputs.baseline_ref }} BASELINE_SHA: ${{ needs.validate_refs.outputs.baseline_revision }} diff --git a/.github/workflows/sandbox-common-smoke.yml b/.github/workflows/sandbox-common-smoke.yml index e7c529443dd..aa92a617cf6 100644 --- a/.github/workflows/sandbox-common-smoke.yml +++ b/.github/workflows/sandbox-common-smoke.yml @@ -35,7 +35,7 @@ jobs: submodules: false - name: Set up Docker Builder - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Build minimal sandbox base (USER sandbox) shell: bash diff --git a/.github/workflows/test-performance-agent.yml b/.github/workflows/test-performance-agent.yml index 2311912dba2..0ec19bd4399 100644 --- a/.github/workflows/test-performance-agent.yml +++ b/.github/workflows/test-performance-agent.yml @@ -129,7 +129,7 @@ jobs: - name: Run Codex test performance agent if: steps.gate.outputs.run_agent == 'true' - uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 + uses: openai/codex-action@e0fdf01220eb9a88167c4898839d273e3f2609d1 with: openai-api-key: ${{ secrets.OPENCLAW_TEST_PERF_AGENT_OPENAI_API_KEY || secrets.OPENAI_API_KEY }} prompt-file: .github/codex/prompts/test-performance-agent.md