Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/actionlint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Harden Runner"
uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

- name: "Checkout"
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0

Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/api-server.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: '1.21.6'

Expand Down Expand Up @@ -65,9 +65,9 @@ jobs:
run:
working-directory: api-server
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: '1.21.6'

Expand Down Expand Up @@ -95,7 +95,7 @@ jobs:
if: ${{ github.event_name == 'push' }}
steps:
- name: download tar.gz binary artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@v5
with:
name: apiserver-darwin-packages-tar
path: ./dist/packages
Expand All @@ -105,7 +105,7 @@ jobs:
working-directory: ./dist/packages

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v5
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: apiserver-ci-deploy
Expand All @@ -121,9 +121,9 @@ jobs:
run:
working-directory: api-server
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: '1.21.6'

Expand Down Expand Up @@ -151,7 +151,7 @@ jobs:
if: ${{ github.event_name == 'push' }}
steps:
- name: download tar.gz binary artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@v5
with:
name: apiserver-linux-packages-tar
path: ./dist/packages
Expand All @@ -161,7 +161,7 @@ jobs:
working-directory: ./dist/packages

- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v5
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: apiserver-ci-deploy
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cherry-pick.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 0

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/devcontainer-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:

steps:
- name: Check out the repo
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
token: ${{ secrets.BOT_PAT }}
ref: 'main'
Expand Down Expand Up @@ -59,7 +59,7 @@ jobs:

- name: Get Pull Request Number from Commit
id: get_pr_number
uses: actions/github-script@v7
uses: actions/github-script@v8
with:
script: |
console.log("Repository owner:", context.repo.owner);
Expand Down Expand Up @@ -115,7 +115,7 @@ jobs:
file: src/Containerfile

- name: Generate devcontainer GHCR artifact attestation
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_DEV_IMAGE_NAME}}
subject-digest: ${{ steps.push-dev-ghcr.outputs.digest }}
Expand All @@ -137,7 +137,7 @@ jobs:
file: src/Containerfile

- name: Generate devcontainer Quay artifact attestation
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_DEV_IMAGE_NAME}}
subject-digest: ${{ steps.push-dev-quay.outputs.digest }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/lint-jobs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
env:
Expand All @@ -28,8 +28,8 @@ jobs:
markdown-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- name: markdownlint-cli2-action
uses: DavidAnson/markdownlint-cli2-action@v19
uses: DavidAnson/markdownlint-cli2-action@v20
with:
globs: "**/*.md"
4 changes: 2 additions & 2 deletions .github/workflows/lint-ui.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
- name: Setup Node
uses: actions/setup-node@v4
uses: actions/setup-node@v5
with:
node-version: '22'
- name: Install dependencies
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/pr-healthcheck-sidecar-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:

steps:
- name: Check out the repo
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
token: ${{ secrets.BOT_PAT }}
ref: 'main'
Expand Down Expand Up @@ -59,7 +59,7 @@ jobs:

- name: Get Pull Request Number from Commit
id: get_pr_number
uses: actions/github-script@v7
uses: actions/github-script@v8
with:
script: |
console.log("Repository owner:", context.repo.owner);
Expand Down Expand Up @@ -114,7 +114,7 @@ jobs:
file: healthcheck-sidecar/Containerfile

- name: Generate GHCR artifact attestation
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME}}
subject-digest: ${{ steps.push-hs-ghcr.outputs.digest }}
Expand All @@ -136,7 +136,7 @@ jobs:
file: healthcheck-sidecar/Containerfile

- name: Generate QA HS Quay artifact attestation
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME}}
subject-digest: ${{ steps.push-hs-quay.outputs.digest }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/pr-images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:

steps:
- name: Check out the repo
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
token: ${{ secrets.BOT_PAT }}
ref: 'main'
Expand Down Expand Up @@ -71,7 +71,7 @@ jobs:
- name: Get Pull Request Number from Commit
if: env.SKIP_WORKFLOW == 'false'
id: get_pr_number
uses: actions/github-script@v7
uses: actions/github-script@v8
with:
script: |
console.log("Repository owner:", context.repo.owner);
Expand Down Expand Up @@ -130,7 +130,7 @@ jobs:

- name: Generate GHCR artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }}
Expand All @@ -154,7 +154,7 @@ jobs:

- name: Generate QA UI Quay artifact attestation
if: env.SKIP_WORKFLOW == 'false'
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/release-images.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

steps:
- name: Check out the repo
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Log in to the GHCR container image registry
uses: docker/login-action@v3
Expand Down Expand Up @@ -75,7 +75,7 @@ jobs:
file: src/Containerfile

- name: Generate Prod UI GHCR artifact attestation
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }}
Expand All @@ -95,14 +95,14 @@ jobs:
file: src/Containerfile

- name: Generate PROD UI Quay artifact attestation
uses: actions/attest-build-provenance@v2
uses: actions/attest-build-provenance@v3
with:
subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}}
subject-digest: ${{ steps.push-ui-quay.outputs.digest }}
push-to-registry: true

- name: Re-Checkout main on the repo
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
token: ${{ secrets.BOT_PAT }}
ref: main
Expand Down
Loading