chore: dependency updates

.github/workflows/chart-test.yml

@@ -5,19 +5,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
         with:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v1
-        with:
-          version: v3.8.1
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
 
       - uses: actions/setup-python@v6
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.2.1
+        uses: helm/chart-testing-action@v2
 
       - name: Run chart-testing (lint)
-        run: ct lint --target-branch main
+        run: ct lint --target-branch main

.github/workflows/e2e.yml

@@ -5,15 +5,20 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        k3s_version: ["v1.26.11+k3s2","v1.27.8+k3s2","v1.28.4+k3s2","v1.29.2+k3s1"]
+        k3s_version:
+          - v1.35.0+k3s1
+          - v1.34.3+k3s1
+          - v1.33.7+k3s1
+          - v1.32.11+k3s1
+          - v1.31.14+k3s1
     steps:
-    - name: Setup Kubernetes
-      run: curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="${{ matrix.k3s_version }}" K3S_KUBECONFIG_MODE=777 sh -
-    - name: Checkout
-      uses: actions/checkout@v4
-    - name: Setup Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.23'
-    - name: Run tests
-      run: make e2e KUBECONFIG=/etc/rancher/k3s/k3s.yaml node=$(kubectl --kubeconfig=/etc/rancher/k3s/k3s.yaml get no --no-headers | awk '{print $1}' | tail -1)
+      - name: Setup Kubernetes
+        run: curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="${{ matrix.k3s_version }}" K3S_KUBECONFIG_MODE=777 sh -
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - name: Setup Go
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
+        with:
+          go-version: '1.23'
+      - name: Run tests
+        run: make e2e KUBECONFIG=/etc/rancher/k3s/k3s.yaml node=$(kubectl --kubeconfig=/etc/rancher/k3s/k3s.yaml get no --no-headers | awk '{print $1}' | tail -1)

.github/workflows/govulncheck.yml

@@ -5,9 +5,9 @@ jobs:
     name: test
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        stable: 'false'
-        go-version: '1.24'
-    - run: go run golang.org/x/vuln/cmd/govulncheck@latest ./...
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
+        with:
+          stable: 'false'
+          go-version: '1.24'
+      - run: go run golang.org/x/vuln/cmd/govulncheck@latest ./...

.github/workflows/release-chart.yml

@@ -1,26 +1,26 @@
 on:
   push:
     branches:
-    - main
+      - main
 
 jobs:
   release:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
         with:
           fetch-depth: 0
       - name: Configure Git
         run: |
           git config user.name "${GITHUB_ACTOR}"
           git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
       - name: Install Helm
-        uses: azure/setup-helm@v1
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
         with:
           version: v3.4.2
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.1.0
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
         env:
           CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
+          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"

.github/workflows/release.yaml

@@ -1,7 +1,7 @@
 on:
   push:
     tags:
-    - v*
+      - v*
 
 permissions:
   contents: write
@@ -16,91 +16,91 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: Set up Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.23'
-    - name: Remove Git Tags with Charts
-      run: git tag -d $(git tag -l "helm-chart-*")
-    - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@v5
-      with:
-        distribution: goreleaser
-        version: latest
-        # args: build --clean --skip=validate --snapshot
-        args: release --clean
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - run: cp Dockerfile ./dist/aks-node-termination-handler_linux_amd64_v1/Dockerfile
-    - run: cp Dockerfile ./dist/aks-node-termination-handler_linux_arm64/Dockerfile
-    - run: cp Dockerfile.windows ./dist/aks-node-termination-handler_windows_amd64_v1/Dockerfile
-    - run: tar -cvf release.tar ./dist
-    - uses: actions/upload-artifact@v4
-      with:
-        name: release
-        retention-days: 1
-        path: release.tar
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
+        with:
+          go-version: '1.23'
+      - name: Remove Git Tags with Charts
+        run: git tag -d $(git tag -l "helm-chart-*")
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          # args: build --clean --skip=validate --snapshot
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: cp Dockerfile ./dist/aks-node-termination-handler_linux_amd64_v1/Dockerfile
+      - run: cp Dockerfile ./dist/aks-node-termination-handler_linux_arm64/Dockerfile
+      - run: cp Dockerfile.windows ./dist/aks-node-termination-handler_windows_amd64_v1/Dockerfile
+      - run: tar -cvf release.tar ./dist
+      - uses: actions/upload-artifact@v4
+        with:
+          name: release
+          retention-days: 1
+          path: release.tar
 
   publish-linux-amd64:
     runs-on: ubuntu-latest
     needs: build
     steps:
-    - uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-    - uses: actions/download-artifact@v4
-    - run: tar xvf ./release/release.tar
-    - run: "docker build --pull --push --platform linux/amd64 -t ${{ env.IMAGE }}-linux-amd64 ."
-      working-directory: ./dist/aks-node-termination-handler_linux_amd64_v1
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - uses: actions/download-artifact@v4
+      - run: tar xvf ./release/release.tar
+      - run: "docker build --pull --push --platform linux/amd64 -t ${{ env.IMAGE }}-linux-amd64 ."
+        working-directory: ./dist/aks-node-termination-handler_linux_amd64_v1
 
   publish-linux-arm64:
     runs-on: ubuntu-latest
     needs: build
     steps:
-    - uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-    - uses: docker/setup-qemu-action@v2
-    - uses: docker/setup-buildx-action@v2
-    - uses: actions/download-artifact@v4
-    - run: tar xvf ./release/release.tar
-    - run: "docker build --pull --push --platform linux/arm64 -t ${{ env.IMAGE }}-linux-arm64 ."
-      working-directory: ./dist/aks-node-termination-handler_linux_arm64
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+      - uses: actions/download-artifact@v4
+      - run: tar xvf ./release/release.tar
+      - run: "docker build --pull --push --platform linux/arm64 -t ${{ env.IMAGE }}-linux-arm64 ."
+        working-directory: ./dist/aks-node-termination-handler_linux_arm64
 
   publish-windows-amd64:
     runs-on: windows-latest
     strategy:
       matrix:
-        windows-version: [ 'ltsc2019', 'ltsc2022' ]
+        windows-version: ['ltsc2019', 'ltsc2022', 'ltsc2025']
     needs: build
     steps:
-    - uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-    - uses: actions/download-artifact@v4
-    - run: tar xvf ./release/release.tar
-    - run: "docker build --build-arg WINDOWS_VERSION=${{ matrix.windows-version }} --pull --platform windows/amd64 -t ${{ env.IMAGE }}-windows-${{ matrix.windows-version }}-amd64 ."
-      working-directory: ./dist/aks-node-termination-handler_windows_amd64_v1
-    - run: docker push ${{ env.IMAGE }}-windows-${{ matrix.windows-version }}-amd64
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - uses: actions/download-artifact@v4
+      - run: tar xvf ./release/release.tar
+      - run: "docker build --build-arg WINDOWS_VERSION=${{ matrix.windows-version }} --pull --platform windows/amd64 -t ${{ env.IMAGE }}-windows-${{ matrix.windows-version }}-amd64 ."
+        working-directory: ./dist/aks-node-termination-handler_windows_amd64_v1
+      - run: docker push ${{ env.IMAGE }}-windows-${{ matrix.windows-version }}-amd64
 
   publish-manifest:
     runs-on: ubuntu-latest
     needs: [publish-linux-amd64, publish-linux-arm64, publish-windows-amd64]
     steps:
-    - uses: docker/login-action@v3
-      with:
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-    - run: docker manifest create ${{ env.IMAGE }} ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-ltsc2022-amd64
-    - run: docker manifest push ${{ env.IMAGE }}
-    - run: docker manifest create ${{ env.IMAGE_LATEST }} ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-ltsc2022-amd64
-    - run: docker manifest push ${{ env.IMAGE_LATEST }}
-    - run: docker manifest create ${{ env.IMAGE_LATEST }}-ltsc2019 ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-ltsc2019-amd64
-    - run: docker manifest push ${{ env.IMAGE_LATEST }}-ltsc2019
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - run: docker manifest create ${{ env.IMAGE }} ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-ltsc2025-amd64
+      - run: docker manifest push ${{ env.IMAGE }}
+      - run: docker manifest create ${{ env.IMAGE_LATEST }} ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-ltsc2025-amd64
+      - run: docker manifest push ${{ env.IMAGE_LATEST }}
+      - run: docker manifest create ${{ env.IMAGE_LATEST }}-ltsc2025 ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-ltsc2025-amd64
+      - run: docker manifest push ${{ env.IMAGE_LATEST }}-ltsc2025

.github/workflows/test.yml

@@ -1,19 +1,19 @@
 on:
   push:
     branches:
-    - main
+      - main
   pull_request:
 
 jobs:
   test:
     name: test
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        stable: 'false'
-        go-version: '1.23'
-    - run: make test
-    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
+        with:
+          stable: 'false'
+          go-version: '1.23'
+      - run: make test
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5

.github/workflows/validate-license.yml

@@ -1,14 +1,14 @@
 on:
   push:
     tags:
-    - v*
+      - v*
     branches:
-    - main
+      - main
   pull_request:
 jobs:
   validate-license:
     name: validate-license
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - run: ./scripts/validate-license.sh
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - run: ./scripts/validate-license.sh

Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:latest@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62
 
 WORKDIR /app/
 

Dockerfile.windows

@@ -1,4 +1,4 @@
-ARG WINDOWS_VERSION=ltsc2022
+ARG WINDOWS_VERSION=ltsc2025
 
 FROM mcr.microsoft.com/windows/nanoserver:$WINDOWS_VERSION
 
@@ -7,4 +7,4 @@ WORKDIR /app/
 COPY ./aks-node-termination-handler.exe /app/aks-node-termination-handler.exe
 USER ContainerUser
 
-ENTRYPOINT [ "/app/aks-node-termination-handler.exe" ]
+ENTRYPOINT [ "/app/aks-node-termination-handler.exe" ]

Makefile

@@ -1,8 +1,10 @@
 KUBECONFIG=$(HOME)/.kube/azure-stage
 tag=dev
 image=paskalmaksim/aks-node-termination-handler:$(tag)
-telegramToken=1072104160:AAH2sFpHELeH5oxMmd-tsVjgTuzoYO6hSLM
-telegramChatID=-439460552
+#telegramToken=1072104160:AAH2sFpHELeH5oxMmd-tsVjgTuzoYO6hSLM
+#telegramChatID=-439460552
+telegramToken=
+telegramChatID=
 node=`kubectl get no -lkubernetes.azure.com/scalesetpriority=spot | awk '{print $$1}' | tail -1` 
 
 chart-lint:
@@ -94,4 +96,4 @@ scan:
 	-ignore-unfixed --no-progress --severity HIGH,CRITICAL \
 	$(image)
 	@helm template ./charts/aks-node-termination-handler > /tmp/aks-node-termination-handler.yaml
-	@trivy config /tmp/aks-node-termination-handler.yaml
+	@trivy config /tmp/aks-node-termination-handler.yaml

README.md

@@ -271,7 +271,7 @@ aks-node-termination-handler/aks-node-termination-handler \
 --set image=paskalmaksim/aks-node-termination-handler:latest-ltsc2019
 ```
 
-If your cluster includes Linux, Windows 2022, and Windows 2019 nodes, you will need two separate helm installations of `aks-node-termination-handler`, each with different values.
+If your cluster includes Linux, Windows 2025, Windows 2022, and Windows 2019 nodes, you will need two separate helm installations of `aks-node-termination-handler`, each with different values.
 
 <details>
   <summary>linux-windows2022.values.yaml</summary>
@@ -289,6 +289,7 @@ affinity:
         - key: kubernetes.azure.com/os-sku
           operator: NotIn
           values:
+          - Windows2025
           - Windows2019
 ```
 </details>