diff --git a/.github/workflows/generate_prs.yml b/.github/workflows/generate_prs.yml index c3c77764..34078e61 100644 --- a/.github/workflows/generate_prs.yml +++ b/.github/workflows/generate_prs.yml @@ -51,7 +51,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31.5.2 + - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31.8.1 - name: Install Ansible env: DEBIAN_FRONTEND: noninteractive diff --git a/.github/workflows/pr_pre-commit.yml b/.github/workflows/pr_pre-commit.yml index 443af71d..e88d5eec 100644 --- a/.github/workflows/pr_pre-commit.yml +++ b/.github/workflows/pr_pre-commit.yml @@ -5,8 +5,8 @@ on: pull_request: env: - HADOLINT_VERSION: "v2.12.0" - PYTHON_VERSION: "3.13" + HADOLINT_VERSION: "v2.14.0" + PYTHON_VERSION: "3.14" permissions: {} @@ -18,7 +18,7 @@ jobs: with: persist-credentials: false fetch-depth: 0 - - uses: stackabletech/actions/run-pre-commit@bdac99602eb834b85fdddf207d68e51d0e8b9380 # v0.9.3 + - uses: stackabletech/actions/run-pre-commit@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 with: python-version: ${{ env.PYTHON_VERSION }} hadolint: ${{ env.HADOLINT_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8bd514a9..9e790af1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,7 +6,7 @@ default_language_version: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # 5.0.0 + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # 6.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -30,7 +30,7 @@ repos: files: \.md(\.j2)*$ - repo: https://github.com/koalaman/shellcheck-precommit - rev: 2491238703a5d3415bb2b7ff11388bf775372f29 # 0.10.0 + rev: 99470f5e12208ff0fb17ab81c3c494f7620a1d8d # 0.11.0 hooks: - id: shellcheck args: ["--severity=info"] @@ -39,7 +39,7 @@ repos: # If you do not, you will need to delete the cached ruff binary shown in the # error message - repo: https://github.com/astral-sh/ruff-pre-commit - rev: 0b19ef1fd6ad680ed7752d6daba883ce1265a6de # 0.12.2 + rev: 3b4bc031619cde2e0a9f3c4441ac7cc8227245a4 # 0.14.1 hooks: # Run the linter. - id: ruff @@ -47,14 +47,14 @@ repos: - id: ruff-format - repo: https://github.com/rhysd/actionlint - rev: 03d0035246f3e81f36aed592ffb4bebf33a03106 # 1.7.7 + rev: e7d448ef7507c20fc4c88a95d0c448b848cd6127 # 1.7.8 hooks: - id: actionlint types: [text] files: ^(template/)?\.github/workflows/.*\.ya?ml(\.j2)? - repo: https://github.com/hadolint/hadolint - rev: b3555ba9c2bfd9401e79f2f0da68dd1ae38e10c7 # 2.12.0 + rev: 57e1618d78fd469a92c1e584e8c9313024656623 # 2.14.0 hooks: - id: hadolint exclude: \.j2$ diff --git a/config/versions.yaml b/config/versions.yaml index 872ffd0a..51e3dc8c 100644 --- a/config/versions.yaml +++ b/config/versions.yaml @@ -1,13 +1,13 @@ --- # IMPORTANT # If you change the Rust toolchain version here, make sure to also change -# docker-images/ubi8-rust-builder/Dockerfile & docker-images/ubi9-rust-builder/Dockerfile -rust_version: 1.87.0 +# docker-images/ubi9-rust-builder/Dockerfile +rust_version: 1.89.0 # This nightly version is only used for cargo fmt invocations, because we use nightly-only # rustfmt config options in rustfmt.toml. The version should be kept in line with the version # used in the operator-rs repository. -rust_nightly_version: nightly-2025-05-26 +rust_nightly_version: nightly-2025-10-23 # This edition is mostly used for rustfmt commands and the rustfmt config file. The edition should # be kept in line with the edition in the operator-rs repository. @@ -17,12 +17,12 @@ rust_edition: 2024 # If you change the Hadolint version here, make sure to also change the hook # refs in the local and templated .pre-commit-config.yaml files. # And due to a bug you also need to update the version in .github/workflows/pr_pre_commit.yml -hadolint_version: v2.12.0 +hadolint_version: v2.14.0 # IMPORTANT # If you change the Python version here, make sure to also change it in # .github/workflows/pr_pre-commit.yml -python_version: 3.13 +python_version: 3.14 # This Nix version is used in the operators pre-commit workflow as they require # Nix to run some checks. Check for new versions here: diff --git a/template/.github/workflows/build.yml.j2 b/template/.github/workflows/build.yml.j2 index 694b5c6e..1d467ea1 100644 --- a/template/.github/workflows/build.yml.j2 +++ b/template/.github/workflows/build.yml.j2 @@ -42,7 +42,7 @@ jobs: RUSTC_BOOTSTRAP: 1 steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -50,10 +50,10 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 + - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 with: key: udeps cache-all-crates: "true" @@ -126,7 +126,7 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN_VERSION }} components: rustfmt @@ -139,7 +139,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -147,11 +147,11 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: clippy - - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 + - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 with: key: clippy cache-all-crates: "true" @@ -178,18 +178,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: submodules: recursive - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt - - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 + - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 with: key: doc cache-all-crates: "true" @@ -201,7 +201,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -209,10 +209,10 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 + - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 with: key: test cache-all-crates: "true" @@ -230,7 +230,7 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install jinja2-cli @@ -241,7 +241,7 @@ jobs: run: git diff --exit-code - name: Git Diff showed uncommitted changes if: ${{ failure() }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | core.setFailed('Committed README are not up to date, please make sure to apply them to the templated partials, and re-commit!') @@ -261,7 +261,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -270,14 +270,14 @@ jobs: persist-credentials: false submodules: recursive - name: Set up Helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 with: version: v3.16.1 - name: Set up cargo - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 + - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1 with: key: charts cache-all-crates: "true" @@ -287,7 +287,7 @@ jobs: run: git diff --exit-code - name: Git Diff showed uncommitted changes if: ${{ failure() }} - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 with: script: | core.setFailed('Committed charts were not up to date, please regenerate and re-commit!') @@ -332,7 +332,7 @@ jobs: IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }} steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ${{ matrix.runner }} @@ -340,8 +340,8 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # v31.5.2 - - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31.8.1 + - uses: dtolnay/rust-toolchain@6d653acede28d24f02e3cd41383119e8b1b35921 with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt @@ -376,9 +376,9 @@ jobs: # Recreate charts and publish charts and docker image. - name: Install cosign - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Install syft - uses: anchore/sbom-action/download-syft@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5 + uses: anchore/sbom-action/download-syft@8e94d75ddd33f69f691467e42275782e4bfefe84 # v0.20.9 - name: Build Docker image and Helm chart run: | # Installing helm and yq on ubicloud-standard-8-arm only @@ -421,7 +421,7 @@ jobs: OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" steps: - name: Install cosign - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: diff --git a/template/.github/workflows/integration-test.yml b/template/.github/workflows/integration-test.yml index 4bb90cc0..b49b7712 100644 --- a/template/.github/workflows/integration-test.yml +++ b/template/.github/workflows/integration-test.yml @@ -41,7 +41,7 @@ jobs: # TODO: Enable the scheduled runs which hard-code what profile to use - name: Run Integration Test id: test - uses: stackabletech/actions/run-integration-test@bdac99602eb834b85fdddf207d68e51d0e8b9380 # v0.9.3 + uses: stackabletech/actions/run-integration-test@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 with: replicated-api-token: ${{ secrets.REPLICATED_API_TOKEN }} test-mode-input: ${{ inputs.test-mode-input }} @@ -51,7 +51,7 @@ jobs: - name: Send Notification if: ${{ failure() || github.run_attempt > 1 }} - uses: stackabletech/actions/send-slack-notification@bdac99602eb834b85fdddf207d68e51d0e8b9380 # v0.9.3 + uses: stackabletech/actions/send-slack-notification@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 with: slack-token: ${{ secrets.SLACK_INTEGRATION_TEST_TOKEN }} failed-tests: ${{ steps.test.outputs.failed-tests }} diff --git a/template/.github/workflows/pr_pre-commit.yaml.j2 b/template/.github/workflows/pr_pre-commit.yaml.j2 index 9ba8f9f3..074df5c9 100644 --- a/template/.github/workflows/pr_pre-commit.yaml.j2 +++ b/template/.github/workflows/pr_pre-commit.yaml.j2 @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # v1.5.3 + uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -26,7 +26,7 @@ jobs: persist-credentials: false submodules: recursive fetch-depth: 0 - - uses: stackabletech/actions/run-pre-commit@bdac99602eb834b85fdddf207d68e51d0e8b9380 # v0.9.3 + - uses: stackabletech/actions/run-pre-commit@75e0756966dea229d697165bfd06ba79abcda72c # v0.10.3 with: python-version: ${{ env.PYTHON_VERSION }} rust: ${{ env.RUST_TOOLCHAIN_VERSION }} diff --git a/template/.pre-commit-config.yaml.j2 b/template/.pre-commit-config.yaml.j2 index 5dae4ab6..20b21f53 100644 --- a/template/.pre-commit-config.yaml.j2 +++ b/template/.pre-commit-config.yaml.j2 @@ -6,7 +6,7 @@ default_language_version: repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: cef0300fd0fc4d2a87a85fa2093c6b283ea36f4b # 5.0.0 + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # 6.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -28,7 +28,7 @@ repos: files: \.md(\.j2)*$ - repo: https://github.com/koalaman/shellcheck-precommit - rev: 2491238703a5d3415bb2b7ff11388bf775372f29 # 0.10.0 + rev: 99470f5e12208ff0fb17ab81c3c494f7620a1d8d # 0.11.0 hooks: - id: shellcheck args: ["--severity=info"] @@ -37,7 +37,7 @@ repos: # If you do not, you will need to delete the cached ruff binary shown in the # error message - repo: https://github.com/astral-sh/ruff-pre-commit - rev: 0b19ef1fd6ad680ed7752d6daba883ce1265a6de # 0.12.2 + rev: 3b4bc031619cde2e0a9f3c4441ac7cc8227245a4 # 0.14.1 hooks: # Run the linter. - id: ruff-check @@ -45,12 +45,12 @@ repos: - id: ruff-format - repo: https://github.com/rhysd/actionlint - rev: 03d0035246f3e81f36aed592ffb4bebf33a03106 # 1.7.7 + rev: e7d448ef7507c20fc4c88a95d0c448b848cd6127 # 1.7.8 hooks: - id: actionlint - repo: https://github.com/hadolint/hadolint - rev: b3555ba9c2bfd9401e79f2f0da68dd1ae38e10c7 # 2.12.0 + rev: 57e1618d78fd469a92c1e584e8c9313024656623 # 2.14.0 hooks: - id: hadolint