diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml index 47ca9841f..f8d5d162b 100644 --- a/.github/actions/e2e/action.yaml +++ b/.github/actions/e2e/action.yaml @@ -22,11 +22,11 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" - - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 + - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 with: path: hack/tools/bin key: ${{ runner.os }}-tools-bin-e2e-${{ hashFiles('Makefile') }} @@ -35,7 +35,7 @@ runs: ${{ runner.os }}-tools-bin- - name: Download artifact - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: test-release path: out @@ -60,7 +60,7 @@ runs: TAG: ${{ steps.meta.outputs.version }} - name: Get HCLOUD_TOKEN # sets env.HCLOUD_TOKEN - uses: hetznercloud/tps-action@dee5dd2546322c28ed8f74b910189066e8b6f31a # main + uses: hetznercloud/tps-action@b43eef6b63630b9dbeb1a96beee31bd81abb1cd9 # main - name: "e2e-${{ inputs.e2e_name }}" shell: bash @@ -79,7 +79,7 @@ runs: run: make ${{ inputs.e2e_make_target }} - name: Upload artifact - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: ${{ !cancelled() }} with: name: e2e-${{ inputs.e2e_name }} diff --git a/.github/actions/manager-image/action.yaml b/.github/actions/manager-image/action.yaml index 211a7150a..8615b2364 100644 --- a/.github/actions/manager-image/action.yaml +++ b/.github/actions/manager-image/action.yaml @@ -8,10 +8,10 @@ runs: using: "composite" steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Login to ghcr.io for CI - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -44,7 +44,7 @@ runs: # Import GitHub's cache build to docker cache - name: Copy Caph Golang cache to docker cache - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: provenance: false context: /tmp/.cache/caph @@ -54,7 +54,7 @@ runs: target: import-cache - name: Build and push manager image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: provenance: false context: . diff --git a/.github/actions/metadata/action.yaml b/.github/actions/metadata/action.yaml index bac9663ef..d2bc52a0a 100644 --- a/.github/actions/metadata/action.yaml +++ b/.github/actions/metadata/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: Docker manager metadata id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: ${{ inputs.metadata_flavor }} diff --git a/.github/actions/test-release/action.yaml b/.github/actions/test-release/action.yaml index c7a340671..681f32323 100644 --- a/.github/actions/test-release/action.yaml +++ b/.github/actions/test-release/action.yaml @@ -3,11 +3,11 @@ description: "Testing Release" runs: using: "composite" steps: - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" - - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 + - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 with: path: hack/tools/bin key: ${{ runner.os }}-tools-bin-release-${{ hashFiles('Makefile') }} @@ -29,7 +29,7 @@ runs: run: make test-release - name: Upload artifact - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: ${{ !cancelled() }} with: name: test-release diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 333304f02..4834d749e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,11 +28,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" @@ -40,7 +40,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Generate metadata id: meta @@ -50,14 +50,14 @@ jobs: metadata_tags: ${{ env.metadata_tags }} - name: Login to ghcr.io for CI - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 - name: Install Bom shell: bash @@ -93,7 +93,7 @@ jobs: # Import GitHub's cache build to docker cache - name: Copy Caph Golang cache to docker cache - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: provenance: false context: /tmp/.cache/caph @@ -103,7 +103,7 @@ jobs: target: import-cache - name: Build and push manager image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 id: docker_build_release with: provenance: false @@ -156,7 +156,7 @@ jobs: # Store docker's golang's cache build locally only on the main branch - name: Store Caph Golang cache build locally if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: provenance: false context: . diff --git a/.github/workflows/e2e-basic-baremetal.yaml b/.github/workflows/e2e-basic-baremetal.yaml index 70774c469..30b6b5726 100644 --- a/.github/workflows/e2e-basic-baremetal.yaml +++ b/.github/workflows/e2e-basic-baremetal.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/e2e-basic.yaml b/.github/workflows/e2e-basic.yaml index 85cde704a..819a59269 100644 --- a/.github/workflows/e2e-basic.yaml +++ b/.github/workflows/e2e-basic.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/e2e-feature-baremetal.yaml b/.github/workflows/e2e-feature-baremetal.yaml index 652e61822..63e6242da 100644 --- a/.github/workflows/e2e-feature-baremetal.yaml +++ b/.github/workflows/e2e-feature-baremetal.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/e2e-feature.yaml b/.github/workflows/e2e-feature.yaml index 78e2ffb88..4988baf86 100644 --- a/.github/workflows/e2e-feature.yaml +++ b/.github/workflows/e2e-feature.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/e2e-periodic.yaml b/.github/workflows/e2e-periodic.yaml index a993c56bb..38585ebfd 100644 --- a/.github/workflows/e2e-periodic.yaml +++ b/.github/workflows/e2e-periodic.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e @@ -60,7 +60,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e @@ -80,7 +80,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e @@ -100,7 +100,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/e2e-upgrade-caph.yaml b/.github/workflows/e2e-upgrade-caph.yaml index 5f6dd6a90..bd366da98 100644 --- a/.github/workflows/e2e-upgrade-caph.yaml +++ b/.github/workflows/e2e-upgrade-caph.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/e2e-upgrade-kubernetes.yaml b/.github/workflows/e2e-upgrade-kubernetes.yaml index 51da8254b..f223e3067 100644 --- a/.github/workflows/e2e-upgrade-kubernetes.yaml +++ b/.github/workflows/e2e-upgrade-kubernetes.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Build and push manager image id: manager-image uses: ./.github/actions/manager-image @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -40,7 +40,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e diff --git a/.github/workflows/main-promote-builder-image.yml b/.github/workflows/main-promote-builder-image.yml index cf947216d..ddaf8503d 100644 --- a/.github/workflows/main-promote-builder-image.yml +++ b/.github/workflows/main-promote-builder-image.yml @@ -16,7 +16,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash diff --git a/.github/workflows/pr-e2e.yaml b/.github/workflows/pr-e2e.yaml index 4bd80c68d..de50e71a4 100644 --- a/.github/workflows/pr-e2e.yaml +++ b/.github/workflows/pr-e2e.yaml @@ -26,7 +26,7 @@ jobs: exit 1 - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Test Release id: manager-image uses: ./.github/actions/test-release @@ -58,7 +58,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e uses: ./.github/actions/e2e @@ -79,7 +79,7 @@ jobs: - test-release steps: - name: checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 - name: Run e2e Test id: e2e-bm uses: ./.github/actions/e2e diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index e609faa59..dbc5a1629 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -28,7 +28,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index 37c1d7f39..205432b27 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -13,7 +13,7 @@ jobs: name: Verify Pull Request steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # Take from https://github.com/kubernetes-sigs/kubebuilder/blob/master/.github/workflows/verify.yml - name: Validate PR Title Format @@ -48,7 +48,7 @@ jobs: - name: Verify Starlark run: make verify-starlark - - uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "22" - name: Install renovate diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 221543c5f..806a54c43 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,11 +19,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" @@ -31,7 +31,7 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Generate metadata id: meta @@ -41,14 +41,14 @@ jobs: metadata_tags: ${{ env.metadata_tags }} - name: Login to ghcr.io for CI - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 - name: Install Bom shell: bash @@ -65,7 +65,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Build and push manager image - uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 id: docker_build_release with: provenance: false @@ -135,11 +135,11 @@ jobs: run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV - name: checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" @@ -156,7 +156,7 @@ jobs: make release-notes - name: Release - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 + uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2 with: draft: true files: out/* diff --git a/.github/workflows/report-bin-size.yml b/.github/workflows/report-bin-size.yml index a2a402b05..3971fedd6 100644 --- a/.github/workflows/report-bin-size.yml +++ b/.github/workflows/report-bin-size.yml @@ -9,14 +9,14 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml index 50e875b33..0b871a0f0 100644 --- a/.github/workflows/schedule-scan-image.yml +++ b/.github/workflows/schedule-scan-image.yml @@ -16,7 +16,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml index 1e21be0b7..ce057213b 100644 --- a/.github/workflows/schedule-update-bot.yaml +++ b/.github/workflows/schedule-update-bot.yaml @@ -30,10 +30,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Generate Token - uses: actions/create-github-app-token@21cfef2b496dd8ef5b904c159339626a10ad380e # v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: generate-token with: app-id: ${{ secrets.SYSELF_APP_ID }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 65ad898ff..5792278c0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Coverage result name id: name @@ -40,7 +40,7 @@ jobs: fi echo name=${NAME} >> $GITHUB_OUTPUT - - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod"