diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index 011e261c..cd927932 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -16,14 +16,14 @@ runs: echo "go-build=$(go env GOCACHE)" >> $GITHUB_OUTPUT echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go Mod Cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-mod- - name: Go Build Cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1590cb2d..f716f19d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: fetch-depth: 0 - name: Setup Go @@ -37,7 +37,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 - name: Generate metadata cspo id: metacspo @@ -56,7 +56,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Install Bom shell: bash @@ -73,7 +73,7 @@ jobs: # Load Golang cache build from GitHub - name: Load cspo Golang cache build from GitHub - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 id: cache with: path: /tmp/.cache/cspo @@ -91,7 +91,7 @@ jobs: # Import GitHub's cache build to docker cache - name: Copy cspo Golang cache to docker cache - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: provenance: false context: /tmp/.cache/cspo @@ -101,7 +101,7 @@ jobs: target: import-cache - name: Build and push cspo image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 id: docker_build_release_cspo with: provenance: false @@ -154,7 +154,7 @@ jobs: # Store docker's golang's cache build locally only on the main branch - name: Store cspo Golang cache build locally if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: provenance: false context: . diff --git a/.github/workflows/kubebuilder-markers-checker.yaml b/.github/workflows/kubebuilder-markers-checker.yaml index 40b0fe1e..aae2d3a2 100644 --- a/.github/workflows/kubebuilder-markers-checker.yaml +++ b/.github/workflows/kubebuilder-markers-checker.yaml @@ -14,7 +14,7 @@ jobs: name: check for kubebuilder markers runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 # go is required for building controller-gen - name: Setup Go diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 01c3501a..9e71e59f 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -28,7 +28,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/pr-verify.yaml b/.github/workflows/pr-verify.yaml index 609643cd..2ff898ec 100644 --- a/.github/workflows/pr-verify.yaml +++ b/.github/workflows/pr-verify.yaml @@ -16,7 +16,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ github.event.pull_request.head.sha }} @@ -29,7 +29,7 @@ jobs: - name: Verify Starlark run: make verify-starlark - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4 with: node-version: "18" - name: Install renovate @@ -42,7 +42,7 @@ jobs: done - name: Generate Token - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1 id: generate-token with: app-id: ${{ secrets.SCS_APP_ID }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 908811e5..11977c1d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -18,14 +18,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: fetch-depth: 0 - uses: ./.github/actions/setup-go - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 - name: Generate metadata cspo id: metacspo @@ -44,7 +44,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Install Bom shell: bash @@ -60,7 +60,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Build and push cspo image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6 id: docker_build_release_cspo with: provenance: false @@ -134,7 +134,7 @@ jobs: run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV - name: checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: fetch-depth: 0 diff --git a/.github/workflows/report-bin-size.yaml b/.github/workflows/report-bin-size.yaml index bd3108e0..d09e3278 100644 --- a/.github/workflows/report-bin-size.yaml +++ b/.github/workflows/report-bin-size.yaml @@ -9,7 +9,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash diff --git a/.github/workflows/schedule-cache-cleaner-cspo-image.yaml b/.github/workflows/schedule-cache-cleaner-cspo-image.yaml index 1a1b2ed4..36ec38e7 100644 --- a/.github/workflows/schedule-cache-cleaner-cspo-image.yaml +++ b/.github/workflows/schedule-cache-cleaner-cspo-image.yaml @@ -15,7 +15,7 @@ jobs: steps: # Load Golang cache build from GitHub - name: Load cspo Golang cache build from GitHub - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 id: cache with: path: /tmp/.cache/cspo diff --git a/.github/workflows/schedule-scan-image.yaml b/.github/workflows/schedule-scan-image.yaml index 84148fd4..ec0d896e 100644 --- a/.github/workflows/schedule-scan-image.yaml +++ b/.github/workflows/schedule-scan-image.yaml @@ -15,7 +15,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml index 25b3ce35..3f278ec5 100644 --- a/.github/workflows/schedule-update-bot.yaml +++ b/.github/workflows/schedule-update-bot.yaml @@ -30,15 +30,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 # qemu is not required as of now because we don't build images for arm64 # use docker/setup-qemu-action@v3 if you want to have arm64 images. - name: Set up Docker Buildx # required for building image - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 - name: Generate Token - uses: actions/create-github-app-token@3378cda945da322a8db4b193e19d46352ebe2de5 # v1 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1 id: generate-token with: app-id: ${{ secrets.SCS_APP_ID }} @@ -49,7 +49,7 @@ jobs: echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" >> "$GITHUB_ENV" - name: Renovate - uses: renovatebot/github-action@630a255a1f2f56c8d8ce160bed3e3ca577ca53e2 # v40.2.7 + uses: renovatebot/github-action@a1ed1d0adddfdf138192d1fbe3150a80094dee6a # v40.3.1 env: RENOVATE_HOST_RULES: '[{"hostType": "docker", "matchHost": "ghcr.io", "username": "${{ github.actor }}", "password": "${{ secrets.GITHUB_TOKEN }}" }]' RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '[".*"]' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index cd20114f..ef6caa8d 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -30,7 +30,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Coverage result name id: name run: |