diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c738679d..3ef545ed 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,4 +6,19 @@ updates: interval: "weekly" labels: - "kind/cleanup" - - "area/dependency" \ No newline at end of file + - "area/dependency" + groups: + gomod: + update-types: + - "patch" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + groups: + actions: + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d6d3bcac..b1dc41ae 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,18 +25,18 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: languages: ${{ matrix.language }} # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines # and modify them (or add more) to build your code if your project @@ -47,4 +47,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 diff --git a/.github/workflows/dependabot_bundler.yml b/.github/workflows/dependabot_bundler.yml index 9658e320..93446f83 100644 --- a/.github/workflows/dependabot_bundler.yml +++ b/.github/workflows/dependabot_bundler.yml @@ -13,13 +13,15 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: "${{ github.workspace }}/go.mod" + check-latest: true + cache: false - name: Cache go-build and mod - uses: actions/cache@v2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: | ~/.cache/go-build/ diff --git a/.github/workflows/deploy-docs.yaml b/.github/workflows/deploy-docs.yaml index 764077b0..0679cedc 100644 --- a/.github/workflows/deploy-docs.yaml +++ b/.github/workflows/deploy-docs.yaml @@ -11,27 +11,30 @@ jobs: if: github.event_name != 'push' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - uses: actions/setup-node@v1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: "16.x" - - uses: actions/setup-go@v3 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: "${{ github.workspace }}/go.mod" + check-latest: true + cache: false - name: Build docs run: make docs-build + release: if: ${{ github.event_name != 'pull_request' && github.repository_owner == 'liquidmetal-dev' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - uses: actions/setup-node@v1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: "16.x" - - uses: actions/setup-go@v3 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: "${{ github.workspace }}/go.mod" - - uses: webfactory/ssh-agent@v0.5.0 + - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0 with: ssh-private-key: ${{ secrets.BOT_DEPLOY_KEY }} - name: Release to GitHub Pages diff --git a/.github/workflows/fork.yaml b/.github/workflows/fork.yaml index 383835cb..09036f0d 100644 --- a/.github/workflows/fork.yaml +++ b/.github/workflows/fork.yaml @@ -12,7 +12,7 @@ jobs: issues: write steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ssh-key: ${{ secrets.LIQUIDMETALBOT_TOKEN }} fetch-depth: 0 @@ -28,7 +28,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Create Issue if: ${{ env.NEW_VERSION != '' }} - uses: imjohnbo/issue-bot@v3 + uses: imjohnbo/issue-bot@572eed14422c4d6ca37e870f97e7da209422f5bd # v3 id: issue with: title: "Bump firecracker version to ${{ env.NEW_VERSION }}" @@ -64,7 +64,7 @@ jobs: labels: "area/firecracker, area/dependency, kind/feature, priority/critical-urgent" - name: Notify slack on creation success if: ${{ success() && env.NEW_VERSION != '' }} - uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a + uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a # v1.1.0 with: slack_token: ${{ secrets.SLACK_TOKEN }} message: "There is a new version of Firecracker, complete the todo list here: ." @@ -77,7 +77,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Notify slack on failure - uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a + uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a # v1.1.0 with: slack_token: ${{ secrets.SLACK_TOKEN }} message: "There is a new firecracker version, but the 'Bump Firecracker' issue failed :sad-parrot: ." diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b6869f34..5f8aab37 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -7,9 +7,11 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-go@v3 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: '${{ github.workspace }}/go.mod' + check-latest: true + cache: false - name: Lint run: make lint diff --git a/.github/workflows/nightly_e2e.yml b/.github/workflows/nightly_e2e.yml index 54e29197..f51c452c 100644 --- a/.github/workflows/nightly_e2e.yml +++ b/.github/workflows/nightly_e2e.yml @@ -13,11 +13,11 @@ jobs: PROJECT_NAME: "flintlock_nightly_e2e" name: e2e tests steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Get branch name id: branch-name - uses: tj-actions/branch-names@v5 + uses: tj-actions/branch-names@6871f53176ad61624f978536bbf089c574dc19a2 # v8.0.1 - name: Run tests env: @@ -34,7 +34,7 @@ jobs: test/tools/run.py run-e2e -c e2e-config.yaml - name: Notify slack on failure - uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a + uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a # v1.1.0 if: ${{ failure() }} with: slack_token: ${{ secrets.SLACK_TOKEN }} @@ -44,7 +44,7 @@ jobs: verbose: false - name: Notify slack on success - uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a + uses: actions-ecosystem/action-slack-notifier@fc778468d09c43a6f4d1b8cccaca59766656996a # v1.1.0 if: ${{ success() }} with: slack_token: ${{ secrets.SLACK_TOKEN }} @@ -54,7 +54,7 @@ jobs: verbose: false - name: Cleanup project - uses: weaveworks/metal-janitor-action@27a0594c5c92d85585b553fc0c5ef2a3de7bec95 + uses: weaveworks/metal-janitor-action@27a0594c5c92d85585b553fc0c5ef2a3de7bec95 # main with: metal_auth_token: ${{ secrets.METAL_AUTH_TOKEN }} project_names: ${{ env.PROJECT_NAME }} diff --git a/.github/workflows/pr_size.yml b/.github/workflows/pr_size.yml index 4fb36e57..30b829b9 100644 --- a/.github/workflows/pr_size.yml +++ b/.github/workflows/pr_size.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest name: Label the PR size steps: - - uses: codelytv/pr-size-labeler@v1 + - uses: codelytv/pr-size-labeler@56f6f0fc35c7cc0f72963b8467729e1120cb4bed # v1.10.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} xs_max_size: '50' diff --git a/.github/workflows/pr_type.yml b/.github/workflows/pr_type.yml index df219282..20424e22 100644 --- a/.github/workflows/pr_type.yml +++ b/.github/workflows/pr_type.yml @@ -14,7 +14,7 @@ jobs: name: Check for PR kind runs-on: ubuntu-latest steps: - - uses: docker://agilepathway/pull-request-label-checker:latest + - uses: docker://index.docker.io/agilepathway/pull-request-label-checker:latest@sha256:50540ac95f572ef27f2181130edd273f9ed75304f602fb43a8dd7e8ebf65fcca # latest with: one_of: kind/bug,kind/documentation,kind/feature,kind/regression,kind/refactor,kind/cleanup,kind/chore repo_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 93d1d7b3..a09dae4d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,17 +27,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v3 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: '${{ github.workspace }}/go.mod' + check-latest: true + cache: false - name: Build binaries run: make build-release - name: Store flintlock binaries - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: flintlock-binaries path: bin/* @@ -49,16 +51,16 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Download flintlock binaries - uses: actions/download-artifact@v2 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: flintlock-binaries path: bin - name: Release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: prerelease: false draft: true diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index dc4b3a36..4c51a159 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-issue-stale: 180 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ae6837a6..9044d20d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,11 +7,13 @@ jobs: name: test runs-on: ubuntu-latest steps: - - uses: yitsushi/devmapper-containerd-action@v1.0.1 - - uses: actions/checkout@v3 - - uses: actions/setup-go@v3 + - uses: yitsushi/devmapper-containerd-action@628cd44c88379567d478f3638a2251d4c373a0e8 # v1.0.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: '${{ github.workspace }}/go.mod' + check-latest: true + cache: false - name: Build run: make build - name: Build e2e