Merge remote-tracking branch 'upstream/main'

helios · Oct 31, 2022 · 62514af · 62514af
2 parents 48d9cec + 9722d23
commit 62514af
Show file tree

Hide file tree

Showing 153 changed files with 9,947 additions and 6,334 deletions.
diff --git a/.github/workflows/ci-all-in-one-build.yml b/.github/workflows/ci-all-in-one-build.yml
@@ -11,29 +11,34 @@ jobs:
   all-in-one:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
       with:
-        node-version: '10'
+        node-version: '16'
 
     - name: Export BRANCH variable
       uses: ./.github/actions/setup-branch
 
     - name: Install tools
       run: make install-ci
 
-    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
 
     - name: Build, test, and publish all-in-one image
       run: bash scripts/build-all-in-one-image.sh

diff --git a/.github/workflows/ci-build-binaries.yml b/.github/workflows/ci-build-binaries.yml
@@ -29,17 +29,22 @@ jobs:
         #   task: build-binaries-ppc64le
     name: build binaries for ${{ matrix.platform.name }}
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Export BRANCH variable
       uses: ./.github/actions/setup-branch

diff --git a/.github/workflows/ci-cassandra.yml b/.github/workflows/ci-cassandra.yml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   cassandra:
     runs-on: ubuntu-latest
@@ -23,11 +26,16 @@ jobs:
           schema: v004
     name: ${{ matrix.version.distribution }} ${{ matrix.version.major }}
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Run cassandra integration tests
       run: bash scripts/cassandra-integration-test.sh ${{ matrix.version.image }} ${{ matrix.version.schema }}
diff --git a/.github/workflows/ci-crossdock.yml b/.github/workflows/ci-crossdock.yml
@@ -10,35 +10,35 @@ on:
 jobs:
   crossdock:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        steps:
-        - name: crossdock
-          cmd: bash scripts/build-crossdock.sh
-    name: ${{ matrix.steps.name }}
+
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Export BRANCH variable
       uses: ./.github/actions/setup-branch
 
     - name: Install tools
       run: make install-ci
-
-    - uses: docker/setup-qemu-action@v2
 
-    - name: Build, test, and publish ${{ matrix.steps.name }} image
-      run: ${{ matrix.steps.cmd }}
+    - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
+
+    - name: Build, test, and publish crossdock image
+      run: bash scripts/build-crossdock.sh
       env:
         DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
         QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}

diff --git a/.github/workflows/ci-docker-build.yml b/.github/workflows/ci-docker-build.yml
@@ -13,29 +13,34 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516
       with:
-        node-version: '10'
+        node-version: '16'
 
     - name: Export BRANCH variable
       uses: ./.github/actions/setup-branch
 
     - name: Install tools
       run: make install-ci
 
-    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
 
     - name: Build and upload all docker images
       run: bash scripts/build-upload-docker-images.sh

diff --git a/.github/workflows/ci-elasticsearch.yml b/.github/workflows/ci-elasticsearch.yml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   elasticsearch:
     runs-on: ubuntu-latest
@@ -24,22 +27,27 @@ jobs:
           distribution: elasticsearch
     name: ${{ matrix.version.distribution }} ${{ matrix.version.major }}
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Install tools
       run: make install-ci
 
-    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
 
     - name: Run elasticsearch integration tests
       run: bash scripts/es-integration-test.sh ${{ matrix.version.distribution }} ${{ matrix.version.image }}
diff --git a/.github/workflows/ci-grpc-badger.yml b/.github/workflows/ci-grpc-badger.yml
@@ -7,15 +7,23 @@ on:
   pull_request:
     branches: [main]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   grpc-and-badger:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Run Badger storage integration tests
       run: make badger-storage-integration-test

diff --git a/.github/workflows/ci-hotrod.yml b/.github/workflows/ci-hotrod.yml
@@ -11,25 +11,30 @@ jobs:
   hotrod:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Export BRANCH variable
       uses: ./.github/actions/setup-branch
 
     - name: Install tools
       run: make install-ci
 
-    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
 
     - name: Build, test, and publish hotrod image
       run: bash scripts/hotrod-integration-test.sh

diff --git a/.github/workflows/ci-kafka.yml b/.github/workflows/ci-kafka.yml
@@ -7,15 +7,23 @@ on:
   pull_request:
     branches: [main]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   kafka:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Run kafka integration tests
       run: bash scripts/kafka-integration-test.sh

diff --git a/.github/workflows/ci-opensearch.yml b/.github/workflows/ci-opensearch.yml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches: [main]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   opensearch:
     runs-on: ubuntu-latest
@@ -16,24 +19,32 @@ jobs:
         - major: 1.x
           image: 1.0.0
           distribution: opensearch
+        - major: 2.x
+          image: 2.3.0
+          distribution: opensearch
     name: ${{ matrix.version.distribution }} ${{ matrix.version.major }}
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
     - name: Fetch git tags
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Install tools
       run: make install-ci
 
-    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18
 
     - name: Run opensearch integration tests
       run: bash scripts/es-integration-test.sh ${{ matrix.version.distribution }} ${{ matrix.version.image }}
diff --git a/.github/workflows/ci-protogen-tests.yml b/.github/workflows/ci-protogen-tests.yml
@@ -7,17 +7,25 @@ on:
   pull_request:
     branches: [main]
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   protogen:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - name: Harden Runner
+      uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34
+      with:
+        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
       with:
         submodules: true
 
-    - uses: actions/setup-go@v3
+    - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
 
     - name: Run protogen validation
       run: make proto && git diff --name-status --exit-code