From 6d0264e96720dc5ac82482d798010103469be546 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Sep 2023 05:28:50 +0000
Subject: [PATCH] deps(actions): pin actions/download-artifact and
 actions/upload-artifact (#2332)

* deps(actions): pin actions/download-artifact to v3.0.2
* deps(actions): upgrade and pin actions/upload-artifact to v3.1.3
---------

Co-authored-by: Julio <1953782+julio-lopez@users.noreply.github.com>
---
 .github/workflows/main.yaml          | 12 ++++++------
 .github/workflows/ossf-scorecard.yml |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index 388c65df76..178dfb11b0 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -13,7 +13,7 @@ jobs:
     - run: make go-mod-tidy
     - run: make go-mod-download
     - run: tar -cvf ./src.tar.gz ./ # preserve file permissions
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
       with:
         name: src
         path: ./src.tar.gz
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-20.04
     needs: gomod
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - run: tar -xvf ./src.tar.gz
@@ -34,7 +34,7 @@ jobs:
       matrix:
         testSuite: [test, integration-test, helm-test]
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - uses: helm/kind-action@v1.8.0
@@ -58,7 +58,7 @@ jobs:
       matrix:
         bin: [controller, kanctl, kando]
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - run: tar -xvf ./src.tar.gz
@@ -67,7 +67,7 @@ jobs:
     runs-on: ubuntu-20.04
     needs: gomod
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - run: tar -xvf ./src.tar.gz
@@ -79,7 +79,7 @@ jobs:
     permissions:
       packages: write
     steps:
-    - uses: actions/download-artifact@v3
+    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
       with:
         name: src
     - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 10e01da2bb..09b13c2848 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -44,7 +44,7 @@ jobs:
           sarif_file: results.sarif
       -
         name: "Upload analysis results as 'Job Artifact'"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif