diff --git a/.github/archive/trigger-submodule-update.yaml b/.github/archive/trigger-submodule-update.yaml index e233a7630..fbb3bffb6 100644 --- a/.github/archive/trigger-submodule-update.yaml +++ b/.github/archive/trigger-submodule-update.yaml @@ -12,7 +12,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set Git refname id: set-git-refname diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index afe81e850..97f86889a 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -67,13 +67,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2.9.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Set up Cosign uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 @@ -84,7 +84,7 @@ jobs: - name: Gather build metadata id: meta - uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: ${{ steps.image-name.outputs.value }} flavor: | @@ -111,7 +111,7 @@ jobs: if_false: type=oci,dest=image.tar - name: Login to GitHub Container Registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -120,7 +120,7 @@ jobs: - name: Build and push image id: build - uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7 @@ -220,7 +220,7 @@ jobs: output: trivy-results.sarif - name: Upload Trivy scan results as artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "[${{ github.job }}] Trivy scan results" path: trivy-results.sarif @@ -248,7 +248,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 @@ -288,13 +288,13 @@ jobs: echo "package=${{ steps.chart-name.outputs.value }}-${{ steps.version.outputs.value }}.tgz" >> "$GITHUB_OUTPUT" - name: Upload chart as artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "[${{ github.job }}] Helm chart" path: ${{ steps.build.outputs.package }} - name: Login to GitHub Container Registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -372,7 +372,7 @@ jobs: output: trivy-results.sarif - name: Upload Trivy scan results as artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "[${{ github.job }}] Trivy scan results" path: trivy-results.sarif @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Helm uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 @@ -445,7 +445,7 @@ jobs: echo "package=${{ github.workspace }}/${{ env.subchartName }}-${{ steps.version.outputs.value }}.tgz" >> "$GITHUB_OUTPUT" - name: Upload chart as artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "[${{ github.job }}] Helm chart" path: ${{ steps.build.outputs.package }} @@ -495,7 +495,7 @@ jobs: output: trivy-results.sarif - name: Upload Trivy scan results as artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "[${{ github.job }}] Trivy scan results" path: trivy-results.sarif diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 313836726..9a8bc4b61 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,10 +14,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '1.23' @@ -31,7 +31,7 @@ jobs: run: make generate-test-coverage - name: Test Coverage - uses: vladopajic/go-test-coverage@v2 + uses: vladopajic/go-test-coverage@72cd73a57f1fc4c77c41952f0f1c81c3a69e3c17 # v2.10.5 with: config: ./.testcoverage.yml @@ -41,10 +41,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '1.23' @@ -59,15 +59,15 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '1.23' - name: Cache licenses - uses: actions/cache@v3 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: key: licensei-v2-${{ hashFiles('go.sum') }} path: | diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 7d95c33d1..39417ebef 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -17,13 +17,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Build and export - uses: docker/build-push-action@v4 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . tags: controller:local @@ -35,7 +35,7 @@ jobs: GO_BUILD_FLAGS=-cover -covermode=atomic - name: Upload artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: controller path: /tmp/controller.tar @@ -52,10 +52,10 @@ jobs: steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Download artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: controller path: /tmp @@ -66,7 +66,7 @@ jobs: docker image ls -a - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ env.GO_VERSION }} @@ -76,7 +76,7 @@ jobs: version: ${{ env.KUBECTL_VERSION }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run e2e tests run: make test-e2e-ci @@ -85,13 +85,13 @@ jobs: # SHARDS: ${{ matrix.SHARDS }} - name: Test Coverage - uses: vladopajic/go-test-coverage@v2 + uses: vladopajic/go-test-coverage@72cd73a57f1fc4c77c41952f0f1c81c3a69e3c17 # v2.10.5 with: profile: ./build/_test_coverage/coverage_e2e.out - name: Archive Test Results if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: go-e2e-test-cluster-logs path: build/_test @@ -108,10 +108,10 @@ jobs: steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Download artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: controller path: /tmp @@ -122,12 +122,12 @@ jobs: docker image ls -a - name: Set up kubectl - uses: azure/setup-kubectl@v3 + uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0 with: version: ${{ env.KUBECTL_VERSION }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # See https://github.com/kubernetes-sigs/kind/releases/tag/v0.20.0 - name: Determine KinD node image version @@ -166,7 +166,7 @@ jobs: - name: Archive Test Results if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: script-e2e-test-cluster-logs-${{ matrix.kube }} path: build/_test