diff --git a/.github/workflows/bpf-unit-tests.yml b/.github/workflows/bpf-unit-tests.yml index 3cbd2b00c8d..ef41b7be2d1 100644 --- a/.github/workflows/bpf-unit-tests.yml +++ b/.github/workflows/bpf-unit-tests.yml @@ -18,10 +18,10 @@ jobs: os: [ ubuntu-22.04, ubuntu-22.04-arm64 ] steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index ea66f89abf3..6c78f1e1a47 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -19,13 +19,13 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: amd64,arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Getting image tag id: tag @@ -37,7 +37,7 @@ jobs: fi - name: Checkout source code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -65,13 +65,13 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: amd64,arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -90,7 +90,7 @@ jobs: fi - name: Checkout Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -118,7 +118,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -168,7 +168,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: image-digest clang path: image-digest diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml index 5c5d095666b..2a9a8e2970c 100644 --- a/.github/workflows/build-deploy-docs.yaml +++ b/.github/workflows/build-deploy-docs.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -37,7 +37,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: '18' cache: 'npm' diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index 224685ae6bc..8e50f520c67 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -38,12 +38,12 @@ jobs: steps: - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Getting image tag id: tag @@ -59,7 +59,7 @@ jobs: fi - name: Checkout main branch - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: ${{ github.event.repository.default_branch }} @@ -67,7 +67,7 @@ jobs: # Install Go after checkout for caching mechanism to work - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -79,7 +79,7 @@ jobs: # Warning: since this is a privileged workflow, subsequent workflow job # steps must take care not to execute untrusted code. - name: Checkout pull request branch (NOT TRUSTED) - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false ref: ${{ steps.tag.outputs.tag }} diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index c39c185e7ff..7fe26cae37d 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -30,12 +30,12 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -50,7 +50,7 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -88,7 +88,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -147,7 +147,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -189,10 +189,10 @@ jobs: steps: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Checkout Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -216,7 +216,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: release/ @@ -229,10 +229,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 - name: Getting version tag id: tag @@ -255,7 +255,7 @@ jobs: - name: Create Release id: create_release - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 with: token: ${{ secrets.GITHUB_TOKEN }} tag_name: ${{ github.ref }} diff --git a/.github/workflows/build-rthooks-images-releases.yml b/.github/workflows/build-rthooks-images-releases.yml index a01ac3c96e5..d729b2074ca 100644 --- a/.github/workflows/build-rthooks-images-releases.yml +++ b/.github/workflows/build-rthooks-images-releases.yml @@ -26,12 +26,12 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to quay.io uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -46,7 +46,7 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 @@ -78,7 +78,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -137,7 +137,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: image-digest ${{ matrix.name }} path: image-digest diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index 6ab0728cf9f..fe570275121 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -18,13 +18,13 @@ jobs: issues: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - name: Links Checker id: lychee - uses: lycheeverse/lychee-action@7cd0af4c74a61395d455af97419279d86aafaede # v2.0.2 + uses: lycheeverse/lychee-action@f796c8b7d468feb9b8c0a46da3fac0af6874d374 # v2.2.0 with: args: --config .github/lychee.toml --base https://tetragon.io docs/content README.md @@ -39,7 +39,7 @@ jobs: - name: Create or update issue with report if: env.lychee_exit_code != 0 - uses: peter-evans/create-issue-from-file@24452a72d85239eacf1468b0f1982a9f3fec4c94 # v5.0.0 + uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5.0.1 with: title: ${{ env.ISSUE_NAME }} content-filepath: ./lychee/out.md diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index ffb15c4f926..545d0c733bd 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -17,7 +17,7 @@ jobs: PATCH_FILE: "additions.patch" steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -58,7 +58,7 @@ jobs: - name: Check new links id: lychee - uses: lycheeverse/lychee-action@7cd0af4c74a61395d455af97419279d86aafaede # v2.0.2 + uses: lycheeverse/lychee-action@f796c8b7d468feb9b8c0a46da3fac0af6874d374 # v2.2.0 with: args: --config .github/lychee.toml --base http://localhost:1313 $PATCH_FILE failIfEmpty: false # this can happen as we are checking diffs diff --git a/.github/workflows/checkpatch.yaml b/.github/workflows/checkpatch.yaml index 3d1d266df35..1480d725a92 100644 --- a/.github/workflows/checkpatch.yaml +++ b/.github/workflows/checkpatch.yaml @@ -13,7 +13,7 @@ jobs: # should revisit it (and maybe update cilium-checkpatch). if: ${{ github.event.pull_request.user.login != 'cilium-renovate[bot]' }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Run checkpatch.pl diff --git a/.github/workflows/digestcheck.yaml b/.github/workflows/digestcheck.yaml index bc676d0f2d1..9ff282702d3 100644 --- a/.github/workflows/digestcheck.yaml +++ b/.github/workflows/digestcheck.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # because we also need the main branch diff --git a/.github/workflows/generated-files.yaml b/.github/workflows/generated-files.yaml index 2028ff7aef9..1516229e964 100644 --- a/.github/workflows/generated-files.yaml +++ b/.github/workflows/generated-files.yaml @@ -14,9 +14,9 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index 395f228e265..acf71eb5e31 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -18,12 +18,12 @@ jobs: os: [ ubuntu-20.04, ubuntu-22.04-arm64 ] steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -75,7 +75,7 @@ jobs: - name: Upload Tetragon logs if: failure() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-json path: /tmp/tetragon.gotest* @@ -83,7 +83,7 @@ jobs: - name: Upload bugtool dumps if: failure() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-bugtool path: /tmp/tetragon-bugtool* diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index d570d9472fb..2a7e3acfd76 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code if: ${{ !github.event.pull_request }} - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Check code changes @@ -50,18 +50,18 @@ jobs: security-events: write steps: - name: Checkout repo - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 1 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' - name: Initialize CodeQL - uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 diff --git a/.github/workflows/lint-helm.yaml b/.github/workflows/lint-helm.yaml index 14c6931511a..3d8ad91793b 100644 --- a/.github/workflows/lint-helm.yaml +++ b/.github/workflows/lint-helm.yaml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout source code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Build Tetragon Helm chart - name: Check if Tetragon Helm chart is up to date diff --git a/.github/workflows/packages-e2e-tests.yaml b/.github/workflows/packages-e2e-tests.yaml index 7996eaddbfb..d788a64d37d 100644 --- a/.github/workflows/packages-e2e-tests.yaml +++ b/.github/workflows/packages-e2e-tests.yaml @@ -28,10 +28,10 @@ jobs: steps: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Checkout Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Getting version tag id: tag @@ -59,7 +59,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} @@ -84,7 +84,7 @@ jobs: steps: - name: Checkout Source Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Getting version tag id: tag diff --git a/.github/workflows/podinfo-test.yaml b/.github/workflows/podinfo-test.yaml index 79ad1df6ec3..01ae8a94e7a 100644 --- a/.github/workflows/podinfo-test.yaml +++ b/.github/workflows/podinfo-test.yaml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 40 steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set Up Job Variables id: vars @@ -36,13 +36,13 @@ jobs: echo "operatorImage=quay.io/cilium/tetragon-operator-ci:${SHA}" >> $GITHUB_OUTPUT - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' - name: Install Kind and create cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 - name: Pull Tetragon Images uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 diff --git a/.github/workflows/renovate-config-validator.yaml b/.github/workflows/renovate-config-validator.yaml index 4a5c959fa86..b045f483e90 100644 --- a/.github/workflows/renovate-config-validator.yaml +++ b/.github/workflows/renovate-config-validator.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout configuration - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # this step uses latest renovate slim release - name: Validate configuration diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 6341458d1e6..078f4f9787d 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -38,7 +38,7 @@ jobs: # transfer the docker CLI plugin binary. - name: Cache Buildx CLI plugin download id: cache-buildx - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: /tmp/docker-buildx key: ${{ runner.os }}-${{ env.buildx_version }}-buildx @@ -61,10 +61,10 @@ jobs: # renovate clones the repository again in its container fs but it needs # the renovate configuration to start. - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Self-hosted Renovate - uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 + uses: renovatebot/github-action@0984fb80fc633b17e57f3e8b6c007fe0dc3e0d62 # v40.3.6 env: # default to DEBUG log level, this is always useful LOG_LEVEL: ${{ github.event.inputs.renovate_log_level_debug == 'false' && 'INFO' || 'DEBUG' }} diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml index 47f43d5382d..32c18eeee11 100644 --- a/.github/workflows/run-e2e-tests.yaml +++ b/.github/workflows/run-e2e-tests.yaml @@ -26,10 +26,10 @@ jobs: operatorImage: ${{ steps.vars.outputs.operatorImage }} steps: - name: Checkout Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: go.mod @@ -79,12 +79,12 @@ jobs: package: ${{fromJson(needs.prepare.outputs.packages)}} steps: - name: Checkout Code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -119,7 +119,7 @@ jobs: - name: Upload Tetragon Logs if: failure() || cancelled() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-logs-${{ matrix.os }}-${{ matrix.package.s }} path: /tmp/tetragon.e2e.* diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 11357cc33d1..ddc76ca0e2b 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Ensure No Binary Files Checked In run: | @@ -34,10 +34,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -45,7 +45,7 @@ jobs: cache: false - name: Run golangci-lint - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: # renovate: datasource=docker depName=docker.io/golangci/golangci-lint version: v1.63.4 @@ -55,10 +55,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -85,10 +85,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -103,7 +103,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build CLI release binaries run: make cli-release diff --git a/.github/workflows/tetragon-rthook-pr.yaml b/.github/workflows/tetragon-rthook-pr.yaml index dc22a37ac29..aabc2c6d99c 100644 --- a/.github/workflows/tetragon-rthook-pr.yaml +++ b/.github/workflows/tetragon-rthook-pr.yaml @@ -19,12 +19,12 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -42,7 +42,7 @@ jobs: tar cz -f /tmp/tetragon-rthooks.tar ./tetragon-rthooks - name: upload build - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-rthooks-build path: /tmp/tetragon-rthooks.tar diff --git a/.github/workflows/validate-crd.yaml b/.github/workflows/validate-crd.yaml index a75fdc006dd..b7da719dcf1 100644 --- a/.github/workflows/validate-crd.yaml +++ b/.github/workflows/validate-crd.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/veristat-compare.yaml b/.github/workflows/veristat-compare.yaml index 44094732ac5..59a026c320d 100644 --- a/.github/workflows/veristat-compare.yaml +++ b/.github/workflows/veristat-compare.yaml @@ -9,12 +9,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: branch - name: Checkout base ref - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: base ref: ${{ github.base_ref }} diff --git a/.github/workflows/veristat.yaml b/.github/workflows/veristat.yaml index 03905b8d937..e4f2aa40242 100644 --- a/.github/workflows/veristat.yaml +++ b/.github/workflows/veristat.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Build BPF programs run: make tetragon-bpf diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml index d88574f449b..951fcd8fc0a 100644 --- a/.github/workflows/vmtests.yml +++ b/.github/workflows/vmtests.yml @@ -19,12 +19,12 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: # renovate: datasource=golang-version depName=go go-version: '1.23.4' @@ -56,7 +56,7 @@ jobs: tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon - name: upload build - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-build path: /tmp/tetragon.tar @@ -150,7 +150,7 @@ jobs: - name: Upload test results on failure or cancelation if: failure() || cancelled() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-*