diff --git a/.github/workflows/build-envoy-image-ci.yaml b/.github/workflows/build-envoy-image-ci.yaml index 754f26693..2516cb7f6 100644 --- a/.github/workflows/build-envoy-image-ci.yaml +++ b/.github/workflows/build-envoy-image-ci.yaml @@ -33,7 +33,7 @@ jobs: password: ${{ secrets.QUAY_ENVOY_PASSWORD_DEV }} - name: Checkout PR - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false @@ -57,7 +57,7 @@ jobs: fi - name: PR Multi-arch build & push of Builder image (dev) - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 if: steps.cilium-builder-tag-in-repositories.outputs.exists == 'false' id: docker_build_builder_ci with: @@ -76,7 +76,7 @@ jobs: echo "quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }}@${{ steps.docker_build_builder_ci.outputs.digest }}" - name: PR Multi-arch build & push of cilium-envoy - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: docker_build_ci with: provenance: false diff --git a/.github/workflows/build-envoy-images-release.yaml b/.github/workflows/build-envoy-images-release.yaml index 446c0214c..02db5592d 100644 --- a/.github/workflows/build-envoy-images-release.yaml +++ b/.github/workflows/build-envoy-images-release.yaml @@ -33,7 +33,7 @@ jobs: password: ${{ secrets.QUAY_ENVOY_PASSWORD }} - name: Checkout source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false @@ -56,7 +56,7 @@ jobs: fi - name: Multi-arch build & push of Builder image (test) - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 if: steps.cilium-builder-test-tag-in-repositories.outputs.exists == 'false' id: docker_build_builder_test with: @@ -70,7 +70,7 @@ jobs: quay.io/${{ github.repository_owner }}/cilium-envoy-builder:test-${{ env.BAZEL_VERSION }}-latest - name: Multi-arch update integration test archive - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: docker_tests_ci_build with: context: . @@ -96,7 +96,7 @@ jobs: run: rm -rf /tmp/buildx-cache/* - name: Run integration tests on amd64 to update docker cache - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: docker_tests_ci_cache_update with: provenance: false @@ -128,7 +128,7 @@ jobs: password: ${{ secrets.QUAY_ENVOY_PASSWORD }} - name: Checkout source - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Prep for build run: | echo "${{ github.sha }}" >SOURCE_VERSION @@ -149,7 +149,7 @@ jobs: fi - name: Multi-arch build & push of Builder image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 if: steps.cilium-builder-tag-in-repositories.outputs.exists == 'false' id: docker_build_builder with: @@ -162,7 +162,7 @@ jobs: quay.io/${{ github.repository_owner }}/cilium-envoy-builder:${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }} quay.io/${{ github.repository_owner }}/cilium-envoy-builder:${{ env.BAZEL_VERSION }}-latest - name: Multi-arch build & push of build artifact archive - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . file: ./Dockerfile @@ -188,7 +188,7 @@ jobs: docker buildx prune -f - name: Multi-arch build & push ${{ github.ref_name }} latest - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: docker_build_cd with: provenance: false diff --git a/.github/workflows/ci-check-format.yaml b/.github/workflows/ci-check-format.yaml index 2702f11b2..c06be4597 100644 --- a/.github/workflows/ci-check-format.yaml +++ b/.github/workflows/ci-check-format.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout PR Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false @@ -33,7 +33,7 @@ jobs: run: until docker manifest inspect quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }} &> /dev/null; do sleep 15s; done - name: Check format - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: docker_format_ciak with: target: format diff --git a/.github/workflows/ci-tests.yaml b/.github/workflows/ci-tests.yaml index eb1ae9cb4..cc242add0 100644 --- a/.github/workflows/ci-tests.yaml +++ b/.github/workflows/ci-tests.yaml @@ -20,7 +20,7 @@ jobs: # renovate: datasource=golang-version depName=go go-version: 1.22.7 - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false - name: Check module vendoring @@ -61,7 +61,7 @@ jobs: restore-keys: docker-cache-main - name: Checkout PR Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false @@ -84,7 +84,7 @@ jobs: fi - name: PR Multi-arch build & push of Builder image (dev) - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 if: steps.cilium-builder-tests-tag-in-repositories.outputs.exists == 'false' id: docker_build_builder_tests_ci with: @@ -96,7 +96,7 @@ jobs: tags: quay.io/${{ github.repository_owner }}/cilium-envoy-builder-dev:test-${{ env.BAZEL_VERSION }}-${{ env.BUILDER_DOCKER_HASH }} - name: Run integration tests on amd64 - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 id: docker_tests_ci with: provenance: false diff --git a/.github/workflows/cilium-integration-tests.yaml b/.github/workflows/cilium-integration-tests.yaml index 27c475cf2..ebd3a5407 100644 --- a/.github/workflows/cilium-integration-tests.yaml +++ b/.github/workflows/cilium-integration-tests.yaml @@ -105,7 +105,7 @@ jobs: }) - name: Checkout Cilium ${{ env.CILIUM_REPO_REF }} - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: repository: ${{ env.CILIUM_REPO_OWNER }}/cilium # Be aware that this is the Cilium repository and not the one of the proxy itself! ref: ${{ env.CILIUM_REPO_REF }}