diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index f9f97c19..37e68070 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -13,10 +13,11 @@ jobs: name: lint-pr-changes runs-on: ubuntu-latest steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: '1.26.0' - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + go-version-file: go.mod + check-latest: true - name: golangci-lint # Pinned to commit SHA for supply chain security (CWE-829) # Verify: gh api repos/golangci/golangci-lint-action/git/ref/tags/v9 --jq '.object.sha' diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 1f1af8e7..edeed249 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -16,7 +16,8 @@ jobs: - name: Setup go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: - go-version: '1.26.0' + go-version-file: go.mod + check-latest: true - name: Run tests against Linux SQL run: | go version diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index d23f59c7..0b73e4c3 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -30,9 +30,10 @@ jobs: uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: go.mod + check-latest: true - name: Install govulncheck - run: go install golang.org/x/vuln/cmd/govulncheck@latest + run: go install golang.org/x/vuln/cmd/govulncheck@v1.1.4 - name: Run govulncheck run: govulncheck ./... diff --git a/go.mod b/go.mod index bf6bcd19..625f6f3d 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/microsoft/go-sqlcmd go 1.26 +toolchain go1.26.4 + require ( github.com/alecthomas/chroma/v2 v2.26.1 github.com/billgraziano/dpapi v0.5.0