From 24bf8348ca45bfe3c9981354f8064902430939dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Ma=C5=82ek?= Date: Thu, 16 Jan 2025 11:17:52 +0100 Subject: [PATCH] chore: pin actions to digests (#1032) * chore: pin actions to digests * chore: regenerate --- .github/workflows/__build-workflow.yaml | 22 +++--- .github/workflows/__release-workflow.yaml | 18 ++--- .github/workflows/release-bot.yaml | 8 +-- .github/workflows/tests.yaml | 88 +++++++++++------------ go.mod | 4 +- go.sum | 4 +- 6 files changed, 72 insertions(+), 72 deletions(-) diff --git a/.github/workflows/__build-workflow.yaml b/.github/workflows/__build-workflow.yaml index 8f6c0f146..2185c7faf 100644 --- a/.github/workflows/__build-workflow.yaml +++ b/.github/workflows/__build-workflow.yaml @@ -99,7 +99,7 @@ jobs: run: exit 1 - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -132,13 +132,13 @@ jobs: version: ${{ steps.meta.outputs.version }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - name: Cache Docker layers - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} @@ -147,14 +147,14 @@ jobs: - name: Log in to the Container registry if: ${{ inputs.push }} - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ${{ inputs.registry }} username: ${{ inputs.username }} password: ${{ secrets.dockerhub-token }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 # v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # v3.8.0 - name: Add standard tags if: ${{ inputs.tag != '' }} @@ -190,7 +190,7 @@ jobs: # Setup Golang to use go pkg cache which is utilized in Dockerfile's cache mount. - name: Setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -205,7 +205,7 @@ jobs: - name: Build image id: build - uses: docker/build-push-action@v6.9.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . build-contexts: ${{ inputs.additional-build-contexts }} @@ -251,7 +251,7 @@ jobs: ${{ inputs.image-name }}:${{ steps.meta.outputs.version }} -version | ${{ inputs.verify-image-script }} ${{ github.repository }} - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: image-${{ matrix.os }}-${{ matrix.arch }} path: /tmp/image.tar @@ -269,12 +269,12 @@ jobs: - build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 # v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 # v3.8.0 - name: Add standard tags if: ${{ inputs.tag != '' }} @@ -310,7 +310,7 @@ jobs: - name: Log in to the Container registry if: ${{ inputs.push }} - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ${{ inputs.registry }} username: ${{ inputs.username }} diff --git a/.github/workflows/__release-workflow.yaml b/.github/workflows/__release-workflow.yaml index 09b2463ed..d74778502 100644 --- a/.github/workflows/__release-workflow.yaml +++ b/.github/workflows/__release-workflow.yaml @@ -94,7 +94,7 @@ jobs: run: exit 1 - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -131,7 +131,7 @@ jobs: name: "test-integration-current-kubernetes (WEBHOOK_ENABLED=${{ matrix.webhook-enabled }})" steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -139,7 +139,7 @@ jobs: run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - name: Setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -176,7 +176,7 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-integration-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* @@ -189,7 +189,7 @@ jobs: - build-push-images steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -197,7 +197,7 @@ jobs: run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - name: Setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -234,7 +234,7 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-e2e path: /tmp/ktf-diag* @@ -265,7 +265,7 @@ jobs: # Use the branch set via inputs as a base for the release. # If anything needs to be fixed before the release, it should be done on the base branch # before the release workflow is triggered. - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 ref: ${{ inputs.base }} @@ -273,7 +273,7 @@ jobs: - name: Configure Git for private repositories (this is needed by repositories that include this workflow and have other private dependencies) run: git config --global url."https://${{ secrets.gh-pat }}@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod diff --git a/.github/workflows/release-bot.yaml b/.github/workflows/release-bot.yaml index 2eeb610f2..9b88bd3d8 100644 --- a/.github/workflows/release-bot.yaml +++ b/.github/workflows/release-bot.yaml @@ -18,11 +18,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: search for release command in commit message id: commit_parser - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 with: script: | const commitMessage = context.payload.head_commit.message @@ -55,7 +55,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Read version from VERSION file run: | @@ -134,7 +134,7 @@ jobs: if: ${{ needs.look_for_release.outputs.release_found == 'true' && needs.semver.outputs.patch != '0' && needs.semver.outputs.prerelease == '' && needs.look_for_release.outputs.release_latest == 'true' && github.ref_name != 'main' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: carloscastrojumo/github-cherry-pick-action@503773289f4a459069c832dc628826685b75b4b3 # v1.0.10 with: diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 4c316a5b5..0befcd775 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -25,10 +25,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -46,10 +46,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -71,10 +71,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -100,10 +100,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -129,10 +129,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -145,10 +145,10 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -163,14 +163,14 @@ jobs: GOTESTSUM_JUNITFILE: "unit-tests.xml" - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.unit.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: unit-tests.xml @@ -179,10 +179,10 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -196,14 +196,14 @@ jobs: GOTESTSUM_JUNITFILE: "envtest-tests.xml" - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage-envtest path: coverage.envtest.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: envtest-tests.xml @@ -218,13 +218,13 @@ jobs: - router-flavor: expressions steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: # Fetch all history so that we can get the correct commit hash for the conformance tests. fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -240,7 +240,7 @@ jobs: - name: upload diagnostics if: ${{ always() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-conformance path: /tmp/ktf-diag* @@ -248,13 +248,13 @@ jobs: - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: conformance-tests-${{ matrix.router-flavor }}.xml - name: collect conformance report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: conformance-report-${{ matrix.router-flavor }} path: standard-*-report.yaml @@ -270,10 +270,10 @@ jobs: name: "integration-tests (WEBHOOK_ENABLED=${{ matrix.webhook-enabled }})" steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -295,21 +295,21 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-integration-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.integration.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: integration-tests-webhook-enabled-${{ matrix.webhook-enabled }}.xml @@ -325,10 +325,10 @@ jobs: name: "integration-tests-bluegreen (WEBHOOK_ENABLED=${{ matrix.webhook-enabled }})" steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -347,21 +347,21 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-integration-bluegreen-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.integration-bluegreen.out - name: collect test report if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: integration-tests-bluegreen-webhook-enabled-${{ matrix.webhook-enabled }}.xml @@ -375,10 +375,10 @@ jobs: name: integration-tests-provision-dataplane-fail steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -397,21 +397,21 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-integration-provision-fail-webhook-enabled-${{ matrix.webhook-enabled }} path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.integration-provision-dataplane-fail.out - name: collect test report if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: integration-tests-provision-dataplane-fai.xml @@ -420,12 +420,12 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version-file: go.mod @@ -449,7 +449,7 @@ jobs: - name: upload diagnostics if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 with: name: diagnostics-e2e path: /tmp/ktf-diag* @@ -457,7 +457,7 @@ jobs: - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: e2e-tests.xml @@ -473,11 +473,11 @@ jobs: steps: - name: checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: download tests report id: download-coverage - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: tests-report path: report diff --git a/go.mod b/go.mod index 1ac9db393..5007cab70 100644 --- a/go.mod +++ b/go.mod @@ -206,7 +206,7 @@ require ( replace ( k8s.io/api => k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.2 - k8s.io/apimachinery => k8s.io/apimachinery v0.31.3 + k8s.io/apimachinery => k8s.io/apimachinery v0.31.5 k8s.io/apiserver => k8s.io/apiserver v0.31.2 k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.2 k8s.io/client-go => k8s.io/client-go v0.31.2 @@ -216,7 +216,7 @@ replace ( k8s.io/component-base => k8s.io/component-base v0.31.2 k8s.io/component-helpers => k8s.io/component-helpers v0.31.2 k8s.io/controller-manager => k8s.io/controller-manager v0.31.2 - k8s.io/cri-api => k8s.io/cri-api v0.31.3 + k8s.io/cri-api => k8s.io/cri-api v0.31.5 k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.2 k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.2 k8s.io/endpointslice => k8s.io/endpointslice v0.31.2 diff --git a/go.sum b/go.sum index 889b330c8..3f68404e8 100644 --- a/go.sum +++ b/go.sum @@ -583,8 +583,8 @@ k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apimachinery v0.31.5 h1:NxhAVGcfrSdTMx3M2v1OnvcMS7h1ZnWyt2x2z8CJJBU= +k8s.io/apimachinery v0.31.5/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.31.2 h1:VUzOEUGRCDi6kX1OyQ801m4A7AUPglpsmGvdsekmcI4= k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE= k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc=