diff --git a/.github/workflows/bpf-unit-tests.yml b/.github/workflows/bpf-unit-tests.yml index 7fac74df6e7..f942f1331c8 100644 --- a/.github/workflows/bpf-unit-tests.yml +++ b/.github/workflows/bpf-unit-tests.yml @@ -17,10 +17,10 @@ jobs: os: [ ubuntu-22.04, actuated-arm64-4cpu-8gb ] steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index 3cd05ee06b4..ac3035b2e5d 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -25,7 +25,7 @@ jobs: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Getting image tag id: tag @@ -37,13 +37,13 @@ jobs: fi - name: Checkout source code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false fetch-depth: 0 - name: Preview build Clang image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: provenance: false context: . @@ -71,10 +71,10 @@ jobs: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Login to quay.io - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: quay.io username: ${{ secrets.QUAY_CLANG_RELEASE_USERNAME }} @@ -90,13 +90,13 @@ jobs: fi - name: Checkout Source Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false fetch-depth: 0 - name: Release Build clang - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 id: docker_build_release with: provenance: false @@ -118,7 +118,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -168,7 +168,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: image-digest clang path: image-digest @@ -186,7 +186,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: image-digest/ diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml index 4b359dfca60..2f55bf746ba 100644 --- a/.github/workflows/build-deploy-docs.yaml +++ b/.github/workflows/build-deploy-docs.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -80,5 +80,5 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@decdde0ac072f6dcbe43649d82d9c635fff5b4e4 # v4.0.4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index 0f7f5aa5172..dc5f1e56b3e 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -42,10 +42,10 @@ jobs: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Login to quay.io for CI - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_CI }} @@ -68,7 +68,7 @@ jobs: fi - name: Checkout main branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false ref: ${{ github.event.repository.default_branch }} @@ -81,7 +81,7 @@ jobs: # Warning: since this is a privileged workflow, subsequent workflow job # steps must take care not to execute untrusted code. - name: Checkout pull request branch (NOT TRUSTED) - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false ref: ${{ steps.tag.outputs.tag }} @@ -91,7 +91,7 @@ jobs: uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -107,7 +107,7 @@ jobs: # main branch pushes - name: CI Build (main) if: ${{ github.event_name == 'push' }} - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 id: docker_build_ci_main with: provenance: false @@ -162,7 +162,7 @@ jobs: # PR updates - name: CI Build (PR) if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 id: docker_build_ci_pr with: provenance: false @@ -215,7 +215,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -233,7 +233,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: image-digest/ diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index 925301f1a11..77669e0a45e 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -35,10 +35,10 @@ jobs: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Login to quay.io - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} @@ -50,7 +50,7 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false fetch-depth: 0 @@ -60,7 +60,7 @@ jobs: echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 id: docker_build_release with: provenance: false @@ -88,7 +88,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -147,7 +147,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -165,7 +165,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: image-digest/ @@ -189,10 +189,10 @@ jobs: steps: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Checkout Source Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false fetch-depth: 0 @@ -203,7 +203,7 @@ jobs: run: echo "tag=$(make version)" >> $GITHUB_OUTPUT - name: Login to Docker Hub - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME_CI }} password: ${{ secrets.DOCKER_HUB_PASSWORD_CI }} @@ -216,7 +216,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: release/ @@ -229,10 +229,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - name: Getting version tag id: tag @@ -242,20 +242,20 @@ jobs: run: make cli-release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-amd64.tar.gz - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-${{ steps.tag.outputs.tag }}-amd64 path: release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-arm64.tar.gz - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-${{ steps.tag.outputs.tag }}-arm64 path: release - name: Create Release id: create_release - uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 + uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 with: token: ${{ secrets.GITHUB_TOKEN }} tag_name: ${{ github.ref }} diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index c9a05588a14..b49ca801844 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -15,13 +15,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - name: Links Checker id: lychee - uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3 + uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index 79a2a1b5f05..5d5bbfedb5f 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -16,7 +16,7 @@ jobs: PATCH_FILE: "additions.patch" steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -54,7 +54,7 @@ jobs: - name: Check new links id: lychee - uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3 + uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/checkpatch.yaml b/.github/workflows/checkpatch.yaml index bde5b92633d..c9bc8da64c7 100644 --- a/.github/workflows/checkpatch.yaml +++ b/.github/workflows/checkpatch.yaml @@ -13,7 +13,7 @@ jobs: # should revisit it (and maybe update cilium-checkpatch). if: ${{ github.event.pull_request.user.login != 'cilium-renovate[bot]' }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - name: Run checkpatch.pl diff --git a/.github/workflows/digestcheck.yaml b/.github/workflows/digestcheck.yaml index 15f9e148f84..873dd265de5 100644 --- a/.github/workflows/digestcheck.yaml +++ b/.github/workflows/digestcheck.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install crane env: diff --git a/.github/workflows/generated-files.yaml b/.github/workflows/generated-files.yaml index 7213a084bf5..e48bef55f25 100644 --- a/.github/workflows/generated-files.yaml +++ b/.github/workflows/generated-files.yaml @@ -14,9 +14,9 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index 3a472941ae1..a3884cab38f 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -18,12 +18,12 @@ jobs: os: [ ubuntu-20.04, actuated-arm64-4cpu-8gb ] steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -71,7 +71,7 @@ jobs: - name: Upload Tetragon logs if: failure() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-json path: /tmp/tetragon.gotest* @@ -79,7 +79,7 @@ jobs: - name: Upload bugtool dumps if: failure() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-bugtool path: /tmp/tetragon-bugtool* diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index 64e7c903dc8..68bce99120b 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -26,11 +26,11 @@ jobs: steps: - name: Checkout code if: ${{ !github.event.pull_request }} - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false - name: Check code changes - uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: go-changes with: base: ${{ github.event.pull_request.base.sha }} @@ -50,18 +50,18 @@ jobs: security-events: write steps: - name: Checkout repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false fetch-depth: 1 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' - name: Initialize CodeQL - uses: github/codeql-action/init@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 + uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 diff --git a/.github/workflows/lint-helm.yaml b/.github/workflows/lint-helm.yaml index 4bd12d7195c..e51c7216d3c 100644 --- a/.github/workflows/lint-helm.yaml +++ b/.github/workflows/lint-helm.yaml @@ -16,7 +16,7 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Run install/kubernetes run: | make -C install/kubernetes diff --git a/.github/workflows/packages-e2e-tests.yaml b/.github/workflows/packages-e2e-tests.yaml index 64296fbbe26..9f222b92113 100644 --- a/.github/workflows/packages-e2e-tests.yaml +++ b/.github/workflows/packages-e2e-tests.yaml @@ -28,10 +28,10 @@ jobs: steps: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Checkout Source Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Getting version tag id: tag @@ -59,7 +59,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} @@ -84,14 +84,14 @@ jobs: steps: - name: Checkout Source Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Getting version tag id: tag run: echo "tag=$(make version)" >> $GITHUB_OUTPUT - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} diff --git a/.github/workflows/podinfo-test.yaml b/.github/workflows/podinfo-test.yaml index b655680b964..4994391cf7d 100644 --- a/.github/workflows/podinfo-test.yaml +++ b/.github/workflows/podinfo-test.yaml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 40 steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set Up Job Variables id: vars @@ -36,13 +36,13 @@ jobs: echo "operatorImage=quay.io/cilium/tetragon-operator-ci:${SHA}" >> $GITHUB_OUTPUT - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' - name: Install Kind and create cluster - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 - name: Pull Tetragon Images uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 diff --git a/.github/workflows/renovate-config-validator.yaml b/.github/workflows/renovate-config-validator.yaml index 09e13d03780..a411cf3ccf6 100644 --- a/.github/workflows/renovate-config-validator.yaml +++ b/.github/workflows/renovate-config-validator.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout configuration - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 # this step uses latest renovate slim release - name: Validate configuration diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index e015065f392..b5a5be90729 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -37,7 +37,7 @@ jobs: # transfer the docker CLI plugin binary. - name: Cache Buildx CLI plugin download id: cache-buildx - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: /tmp/docker-buildx key: ${{ runner.os }}-${{ env.buildx_version }}-buildx @@ -60,10 +60,10 @@ jobs: # renovate clones the repository again in its container fs but it needs # the renovate configuration to start. - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Self-hosted Renovate - uses: renovatebot/github-action@2d90417499f45ff78a09586f7b9874b19817dba3 # v40.1.0 + uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 env: # default to DEBUG log level, this is always useful LOG_LEVEL: ${{ github.event.inputs.renovate_log_level_debug == 'false' && 'INFO' || 'DEBUG' }} diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml index dda5da61ae1..8edfe58c185 100644 --- a/.github/workflows/run-e2e-tests.yaml +++ b/.github/workflows/run-e2e-tests.yaml @@ -26,10 +26,10 @@ jobs: operatorImage: ${{ steps.vars.outputs.operatorImage }} steps: - name: Checkout Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: go.mod @@ -79,12 +79,12 @@ jobs: package: ${{fromJson(needs.prepare.outputs.packages)}} steps: - name: Checkout Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -118,7 +118,7 @@ jobs: - name: Upload Tetragon Logs if: failure() || cancelled() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-logs-${{ matrix.os }}-${{ matrix.package.s }} path: /tmp/tetragon.e2e.* diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 048c44114ed..97183b916a7 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Ensure No Binary Files Checked In run: | @@ -34,10 +34,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -45,7 +45,7 @@ jobs: cache: false - name: Run golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 + uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4.0.1 with: # renovate: datasource=docker depName=docker.io/golangci/golangci-lint version: v1.59.0 @@ -55,10 +55,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -85,10 +85,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -103,7 +103,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Build CLI release binaries run: make cli-release diff --git a/.github/workflows/validate-crd.yaml b/.github/workflows/validate-crd.yaml index e2d89ad3225..d294d194796 100644 --- a/.github/workflows/validate-crd.yaml +++ b/.github/workflows/validate-crd.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/veristat-compare.yaml b/.github/workflows/veristat-compare.yaml index 99a622c2cdb..5f1b8df32cf 100644 --- a/.github/workflows/veristat-compare.yaml +++ b/.github/workflows/veristat-compare.yaml @@ -9,12 +9,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: branch - name: Checkout base ref - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: base ref: ${{ github.base_ref }} diff --git a/.github/workflows/veristat.yaml b/.github/workflows/veristat.yaml index e83193e8313..fe66c39326f 100644 --- a/.github/workflows/veristat.yaml +++ b/.github/workflows/veristat.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Build BPF programs run: make tetragon-bpf diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml index 4b664763aa5..a2e055cfbe7 100644 --- a/.github/workflows/vmtests.yml +++ b/.github/workflows/vmtests.yml @@ -19,12 +19,12 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: # renovate: datasource=golang-version depName=go go-version: '1.22.3' @@ -56,7 +56,7 @@ jobs: tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon - name: upload build - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-build path: /tmp/tetragon.tar @@ -103,7 +103,7 @@ jobs: sudo chmod go+rX -R /boot/ - name: download build data - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-build @@ -150,7 +150,7 @@ jobs: - name: Upload test results on failure or cancelation if: failure() || cancelled() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-*