diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index 1b5073ec0dc..3ff1ac19892 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -168,7 +168,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: image-digest clang path: image-digest @@ -186,7 +186,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: path: image-digest/ diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml index 755af410cb5..ae5dc1300bf 100644 --- a/.github/workflows/build-deploy-docs.yaml +++ b/.github/workflows/build-deploy-docs.yaml @@ -35,7 +35,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: '18' cache: 'npm' @@ -55,7 +55,7 @@ jobs: - name: Upload artifact if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' - uses: actions/upload-pages-artifact@0252fc4ba7626f0298f0cf00902a25c6afc77fa8 # v3.0.0 + uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1 with: path: docs/public @@ -78,5 +78,5 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@7a9bd943aa5e5175aeb8502edcc6c1c02d398e10 # v4.0.2 + uses: actions/deploy-pages@decdde0ac072f6dcbe43649d82d9c635fff5b4e4 # v4.0.4 diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index 98a69c8f678..25e751530e9 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -215,7 +215,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -233,7 +233,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: path: image-digest/ diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index 12e5ca73509..987f93074f1 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -147,7 +147,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -165,7 +165,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: path: image-digest/ @@ -213,7 +213,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: release/ @@ -239,13 +239,13 @@ jobs: run: make cli-release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-amd64.tar.gz - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: tetragon-${{ steps.tag.outputs.tag }}-amd64 path: release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-arm64.tar.gz - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: tetragon-${{ steps.tag.outputs.tag }}-arm64 path: release diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index 1081d138dd6..c9a05588a14 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -21,7 +21,7 @@ jobs: - name: Links Checker id: lychee - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 + uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index bb1a5bf0ec9..d09f0361ab2 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -55,7 +55,7 @@ jobs: - name: Links Checker id: lychee - uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 + uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index d85e01addf5..7840e6839ba 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -71,7 +71,7 @@ jobs: - name: Upload Tetragon logs if: failure() - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-json path: /tmp/tetragon.gotest* @@ -79,7 +79,7 @@ jobs: - name: Upload bugtool dumps if: failure() - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-bugtool path: /tmp/tetragon-bugtool* diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index 4ff0cfe9fd5..446d7def192 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -30,7 +30,7 @@ jobs: with: persist-credentials: false - name: Check code changes - uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0 + uses: dorny/paths-filter@ebc4d7e9ebcb0b1eb21480bb8f43113e996ac77a # v3.0.1 id: go-changes with: base: ${{ github.event.pull_request.base.sha }} @@ -60,8 +60,8 @@ jobs: # renovate: datasource=golang-version depName=go go-version: '1.22.0' - name: Initialize CodeQL - uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + uses: github/codeql-action/init@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 + uses: github/codeql-action/analyze@e675ced7a7522a761fc9c8eb26682c8b27c42b2b # v3.24.1 diff --git a/.github/workflows/packages-e2e-tests.yaml b/.github/workflows/packages-e2e-tests.yaml index 2dfcc2bc35a..a18e703d92a 100644 --- a/.github/workflows/packages-e2e-tests.yaml +++ b/.github/workflows/packages-e2e-tests.yaml @@ -57,7 +57,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} @@ -89,7 +89,7 @@ jobs: run: echo "tag=$(make version)" >> $GITHUB_OUTPUT - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} diff --git a/.github/workflows/podinfo-test.yaml b/.github/workflows/podinfo-test.yaml index b2c80d7036c..0cdefdd1e5f 100644 --- a/.github/workflows/podinfo-test.yaml +++ b/.github/workflows/podinfo-test.yaml @@ -42,7 +42,7 @@ jobs: go-version: '1.22.0' - name: Install Kind and create cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 - name: Pull Tetragon Images uses: nick-fields/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index f81ff4eea0a..877c57f9443 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -63,7 +63,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@42c1d3cb1d1ca891765626ba71cdff5e757258de # v40.0.2 + uses: renovatebot/github-action@2d90417499f45ff78a09586f7b9874b19817dba3 # v40.1.0 env: # default to DEBUG log level, this is always useful LOG_LEVEL: ${{ github.event.inputs.renovate_log_level_debug == 'false' && 'INFO' || 'DEBUG' }} diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml index f11c812a34d..8e0127fc971 100644 --- a/.github/workflows/run-e2e-tests.yaml +++ b/.github/workflows/run-e2e-tests.yaml @@ -82,7 +82,7 @@ jobs: - name: Upload Tetragon Logs if: failure() || cancelled() - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-logs path: /tmp/tetragon.e2e.* diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml index 3b8dae83690..dae6e08f4c8 100644 --- a/.github/workflows/vmtests.yml +++ b/.github/workflows/vmtests.yml @@ -56,7 +56,7 @@ jobs: tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon - name: upload build - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-build path: /tmp/tetragon.tar @@ -101,7 +101,7 @@ jobs: sudo chmod go+rX -R /boot/ - name: download build data - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: tetragon-build @@ -148,7 +148,7 @@ jobs: - name: Upload test results on failure or cancelation if: failure() || cancelled() - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-*