diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 63ecaf79..13915545 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -13,6 +13,11 @@ updates: prefix: "build" include: "scope" groups: + non-breaking: + exclude-patterns: + - "github.com/containerd/nerdctl/v2" + - "github.com/docker/docker" + - "github.com/docker/cli" docker: patterns: - "github.com/docker/docker" diff --git a/.github/workflows/build-and-test-deb.yaml b/.github/workflows/build-and-test-deb.yaml index 26b371d6..78df5349 100644 --- a/.github/workflows/build-and-test-deb.yaml +++ b/.github/workflows/build-and-test-deb.yaml @@ -79,7 +79,7 @@ jobs: timeout-minutes: 60 steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.DEB_ROLE_PROD }} role-session-name: ubuntu-deb diff --git a/.github/workflows/build-and-test-msi.yaml b/.github/workflows/build-and-test-msi.yaml index 64de3fc9..e4680743 100644 --- a/.github/workflows/build-and-test-msi.yaml +++ b/.github/workflows/build-and-test-msi.yaml @@ -96,7 +96,7 @@ jobs: persist-credentials: false submodules: recursive - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.WINDOWS_ROLE }} role-session-name: windows-msi @@ -152,7 +152,7 @@ jobs: throw "Failed after $maxRetries attempts." } - name: configure aws credentials for upload signed MSI to installer bucket - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: windows-msi @@ -210,7 +210,7 @@ jobs: echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: msi-test diff --git a/.github/workflows/build-pkg.yaml b/.github/workflows/build-pkg.yaml index 98fe1ce7..1ab09b07 100644 --- a/.github/workflows/build-pkg.yaml +++ b/.github/workflows/build-pkg.yaml @@ -68,7 +68,7 @@ jobs: shell: zsh {0} - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: dependency-upload-session diff --git a/.github/workflows/e2e-linux.yaml b/.github/workflows/e2e-linux.yaml index 8b1f5e10..875ecf6b 100644 --- a/.github/workflows/e2e-linux.yaml +++ b/.github/workflows/e2e-linux.yaml @@ -68,7 +68,7 @@ jobs: has_creds=${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]' }} echo "has_creds=$has_creds" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 # this action requires node20, skip on AL2 if: ${{ steps.vars.outputs.has_creds == 'true' && (!(startsWith(inputs.os, 'amazon') && inputs.version == '2' ))}} with: diff --git a/.github/workflows/e2e-macos.yaml b/.github/workflows/e2e-macos.yaml index d3ca99cc..d08cfff0 100644 --- a/.github/workflows/e2e-macos.yaml +++ b/.github/workflows/e2e-macos.yaml @@ -61,7 +61,7 @@ jobs: has_creds=${{ (github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name) && github.actor != 'dependabot[bot]' }} echo "has_creds=$has_creds" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 if: ${{ steps.vars.outputs.has_creds == 'true' }} with: role-to-assume: ${{ secrets.ROLE }} diff --git a/.github/workflows/e2e-windows.yaml b/.github/workflows/e2e-windows.yaml index 009ed92c..01a878f2 100644 --- a/.github/workflows/e2e-windows.yaml +++ b/.github/workflows/e2e-windows.yaml @@ -62,7 +62,7 @@ jobs: echo "has_creds=$has_creds" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append exit 0 # if $has_creds is false, powershell will exit with code 1 and this step will fail - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 if: env.has_creds == 'true' with: role-to-assume: ${{ secrets.ROLE }} diff --git a/.github/workflows/release-automation.yaml b/.github/workflows/release-automation.yaml index 1ab83738..9ddb10a6 100644 --- a/.github/workflows/release-automation.yaml +++ b/.github/workflows/release-automation.yaml @@ -104,7 +104,7 @@ jobs: contents: read steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: update-latest-version-in-s3 @@ -131,7 +131,7 @@ jobs: contents: read steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ vars.AWS_RELEASE_TRIGGER_ROLE }} role-session-name: upload-release-definition-to-s3 diff --git a/.github/workflows/sync-submodules-and-deps.yaml b/.github/workflows/sync-submodules-and-deps.yaml index 8a11ce3b..953fb2f0 100644 --- a/.github/workflows/sync-submodules-and-deps.yaml +++ b/.github/workflows/sync-submodules-and-deps.yaml @@ -25,7 +25,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: aws-region: ${{ secrets.REGION }} role-to-assume: ${{ secrets.ROLE }} diff --git a/.github/workflows/test-pkg.yaml b/.github/workflows/test-pkg.yaml index 4dc9bb33..8bcdfd08 100644 --- a/.github/workflows/test-pkg.yaml +++ b/.github/workflows/test-pkg.yaml @@ -68,7 +68,7 @@ jobs: sudo pkill '^socket_vmnet' fi - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: download-installer-session diff --git a/.github/workflows/upload-build-to-S3.yaml b/.github/workflows/upload-build-to-S3.yaml index 25205c86..dfd03466 100644 --- a/.github/workflows/upload-build-to-S3.yaml +++ b/.github/workflows/upload-build-to-S3.yaml @@ -84,7 +84,7 @@ jobs: persist-credentials: false - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: dependency-upload-session diff --git a/.github/workflows/upload-deb-to-release.yaml b/.github/workflows/upload-deb-to-release.yaml index 11210779..77953532 100644 --- a/.github/workflows/upload-deb-to-release.yaml +++ b/.github/workflows/upload-deb-to-release.yaml @@ -47,7 +47,7 @@ jobs: timeout-minutes: 10 steps: - name: Configure Signing AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.DEB_ROLE_PROD }} role-session-name: ubuntu-deb @@ -98,7 +98,7 @@ jobs: KEY_ID=$(sudo gpg --import pool/main/f/runfinch-finch/publickey.pem 2>&1 | grep "gpg: key" | cut -d' ' -f3 | cut -d':' -f1) sudo gpg --import pool/main/f/runfinch-finch/publickey.pem && sudo gpg --export --armor $KEY_ID > GPG_KEY.pub - name: Configure Artifacts AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: ubuntu-deb-create-release @@ -136,7 +136,7 @@ jobs: done } >> dists/noble/Release - name: Configure Signing AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.DEB_ROLE_PROD }} role-session-name: ubuntu-deb @@ -168,7 +168,7 @@ jobs: mv Release.gpg dists/noble/ mv Release dists/noble/ - name: Configure Artifacts AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: ubuntu-deb-create-release diff --git a/.github/workflows/upload-installer-to-release.yaml b/.github/workflows/upload-installer-to-release.yaml index a32e9d36..af7672bd 100644 --- a/.github/workflows/upload-installer-to-release.yaml +++ b/.github/workflows/upload-installer-to-release.yaml @@ -34,7 +34,7 @@ jobs: timeout-minutes: 2 steps: - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: download-installer-session diff --git a/.github/workflows/upload-msi-to-release.yaml b/.github/workflows/upload-msi-to-release.yaml index d74900c0..4144d219 100644 --- a/.github/workflows/upload-msi-to-release.yaml +++ b/.github/workflows/upload-msi-to-release.yaml @@ -44,7 +44,7 @@ jobs: timeout-minutes: 2 steps: - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: ${{ secrets.ROLE }} role-session-name: download-installer-session diff --git a/.github/workflows/upload-test-report.yaml b/.github/workflows/upload-test-report.yaml index 7a782e41..2d12bb74 100644 --- a/.github/workflows/upload-test-report.yaml +++ b/.github/workflows/upload-test-report.yaml @@ -46,7 +46,7 @@ jobs: is_al2=${{ (startsWith(inputs.os, 'amazon') && inputs.version == '2' ) }} echo "is_al2=$is_al2" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 if: | steps.linux2.outputs.is_al2 == 'false' && inputs.has-creds == 'true' diff --git a/.github/workflows/upload-verified-artifacts-to-s3.yaml b/.github/workflows/upload-verified-artifacts-to-s3.yaml index e61836c9..88b20cce 100644 --- a/.github/workflows/upload-verified-artifacts-to-s3.yaml +++ b/.github/workflows/upload-verified-artifacts-to-s3.yaml @@ -23,7 +23,7 @@ jobs: submodules: recursive - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: aws-region: ${{ secrets.REGION }} role-to-assume: ${{ secrets.ROLE }}