Skip to content

Commit

Permalink
pin 3rd party actions by hashes (#6939)
Browse files Browse the repository at this point in the history
  • Loading branch information
@randmonkey
randmonkey authored Jan 14, 2025
1 parent 57f6dad commit 9f6db03
Show file tree
Hide file tree
Showing 13 changed files with 40 additions and 40 deletions.
14 changes: 7 additions & 7 deletions .github/workflows/_docker_build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ jobs:
- name: Parse semver string
if: ${{ inputs.tag != '' }}
id: parse-semver-tag
uses: booxmedialtd/[email protected]
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7
with:
input_string: ${{ inputs.tag }}
version_extractor_regex: 'v(.*)$'

- uses: benjlevesque/[email protected]
- uses: benjlevesque/short-sha@36eb8c530990ceac5ddf3c0bc32d02c677ae9706 # v2.2
id: short-sha

- name: Add standard tag
Expand Down Expand Up @@ -83,10 +83,10 @@ jobs:
fetch-depth: 0

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

- name: Cache Docker layers
uses: actions/cache@v3
Expand All @@ -98,7 +98,7 @@ jobs:
- name: Docker meta
id: meta
uses: docker/[email protected]
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: kong/kubernetes-ingress-controller
flavor: |
Expand All @@ -107,7 +107,7 @@ jobs:

- name: Build
id: docker-build-dockerhub
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
push: false
file: Dockerfile
Expand All @@ -124,7 +124,7 @@ jobs:
# Build locally with outputs set to `type=docker,dest=/tmp/image.tar` to save the image as a `kic-image` artifact.
- name: Build locally
id: docker-build-local
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
load: true
file: Dockerfile
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/_e2e_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ jobs:
with:
go-version-file: go.mod

- uses: Kong/kong-license@master
- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
Expand Down Expand Up @@ -187,7 +187,7 @@ jobs:
with:
go-version-file: go.mod

- uses: Kong/kong-license@master
- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
continue-on-error: true
id: license
with:
Expand Down Expand Up @@ -284,7 +284,7 @@ jobs:
with:
go-version-file: go.mod

- uses: Kong/kong-license@master
- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/_integration_tests.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ jobs:
feature_gates: "GatewayAlpha=true,RewriteURIs=true"

steps:
- uses: Kong/kong-license@master
- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/_test_reports.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
path: coverage

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3.1.6
with:
name: combined-coverage
token: ${{ secrets.CODECOV_TOKEN }}
Expand All @@ -60,7 +60,7 @@ jobs:

- name: Upload test results to BuildPulse for flaky test detection
if: ${{ !cancelled() }}
uses: buildpulse/[email protected]
uses: buildpulse/buildpulse-action@d0d30f53585cf16b2e01811a5a753fd47968654a # v0.11.0
with:
account: 962416
repository: 127765544
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/backport.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,6 @@ jobs:
)
)
steps:
- uses: tibdex/backport@v2
- uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2.0.4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/benchmarks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
run: make bench | tee bench.out

- name: Store benchmark result
uses: benchmark-action/github-action-benchmark@v1
uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7 # v1.20.4
with:
name: Go Benchmark
tool: 'go'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check_pr_labels.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
label:
runs-on: ubuntu-latest
steps:
- uses: pmalek/[email protected]
- uses: pmalek/verify-pr-label-action@7c5cdb8db3e959d689b7f13da21826ec8c9f6f8f # v1.4.5
with:
github-token: '${{ secrets.GITHUB_TOKEN }}'
invalid-labels: 'do not merge,on-hold'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e_nightly.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ jobs:
if: always() && contains(needs.*.result, 'failure') && github.event_name == 'schedule'
steps:
- name: Notify on Slack for failures of e2e tests run automatically at night
uses: 8398a7/action-slack@v3
uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3.16.2
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/license.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: fossas/fossa-action@v1
- uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
with:
api-key: ${{secrets.fossaApiKey}}
branch: main
12 changes: 6 additions & 6 deletions .github/workflows/nightly.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ jobs:
echo 'EOF' >> $GITHUB_OUTPUT
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Cache Docker layers
uses: actions/cache@v3
with:
Expand All @@ -34,19 +34,19 @@ jobs:
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Docker meta
id: meta
uses: docker/[email protected]
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: kong/nightly-ingress-controller
tags: ${{ steps.tags-standard.outputs.TAGS_STANDARD }}
- name: Build binary
id: docker_build_binary
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
push: false
file: Dockerfile
Expand All @@ -60,7 +60,7 @@ jobs:
REPO_INFO=https://github.com/${{ github.repository }}.git
- name: Build and push distroless image to DockerHub
id: docker_build
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
push: true
file: Dockerfile
Expand Down
22 changes: 11 additions & 11 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
outputs:
fullversion_tag: ${{ steps.semver_parser.outputs.fullversion }}
steps:
- uses: mukunku/[email protected]
- uses: mukunku/tag-exists-action@78009d2b13e10ba051fe68d8d2f6778a9b2adab3 # v1.4.0
id: check-tag
name: check if tag already exists
with:
Expand All @@ -40,7 +40,7 @@ jobs:
fetch-depth: 0
- name: Parse semver string
id: semver_parser
uses: booxmedialtd/[email protected]
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7
with:
input_string: ${{ github.event.inputs.tag }}
version_extractor_regex: 'v(.*)$'
Expand All @@ -63,7 +63,7 @@ jobs:
fetch-depth: 0
- name: Parse semver string
id: semver_parser
uses: booxmedialtd/[email protected]
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7
with:
input_string: ${{ github.event.inputs.tag }}
version_extractor_regex: 'v(.*)$'
Expand All @@ -80,9 +80,9 @@ jobs:
echo 'type=raw,value=${{ steps.semver_parser.outputs.major }}.${{ steps.semver_parser.outputs.minor }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Cache Docker layers
uses: actions/cache@v3
with:
Expand All @@ -91,21 +91,21 @@ jobs:
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Docker meta
id: meta
uses: docker/[email protected]
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: kong/kubernetes-ingress-controller
flavor: |
latest=${{ github.event.inputs.latest == 'true' }}
tags: ${{ env.TAGS_STANDARD }}${{ env.TAGS_SUPPLEMENTAL }}
- name: Build binary
id: docker_build_binary
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
push: false
file: Dockerfile
Expand All @@ -119,7 +119,7 @@ jobs:
REPO_INFO=https://github.com/${{ github.repository }}.git
- name: Build and push distroless image to DockerHub
id: docker_build
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
push: true
file: Dockerfile
Expand All @@ -146,7 +146,7 @@ jobs:
steps:
- name: Parse semver string
id: semver_parser
uses: booxmedialtd/[email protected]
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7
with:
input_string: ${{ github.event.inputs.tag }}
version_extractor_regex: 'v(.*)$'
Expand Down Expand Up @@ -182,7 +182,7 @@ jobs:
fetch-depth: 0
- name: Parse semver string
id: semver_parser
uses: booxmedialtd/[email protected]
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7
with:
input_string: ${{ github.event.inputs.tag }}
version_extractor_regex: 'v(.*)$'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/release_docs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
steps:
- name: Parse semver string
id: semver_parser
uses: booxmedialtd/[email protected]
uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7
with:
input_string: ${{ github.event.inputs.tag }}
version_extractor_regex: 'v(.*)$'
Expand Down Expand Up @@ -51,7 +51,7 @@ jobs:
fi
- name: GPG sign the commits
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef
uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
with:
workdir: docs.konghq.com
gpg_private_key: ${{ secrets.K8S_TEAM_BOT_GPG_PRIVATE_KEY }}
Expand All @@ -60,7 +60,7 @@ jobs:
git_commit_gpgsign: true

- name: Create a PR in docs repo
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2
if: steps.detect-changes.outputs.HAS_CHANGES
with:
token: ${{ secrets.K8S_TEAM_BOT_GH_PAT }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test_nightly.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ jobs:
runs-on: ubuntu-latest
steps:

- uses: Kong/kong-license@master
- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
Expand Down Expand Up @@ -93,7 +93,7 @@ jobs:
runs-on: ubuntu-latest
steps:

- uses: Kong/kong-license@master
- uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master @ 20250107
id: license
with:
op-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
Expand Down

1 comment on commit 9f6db03

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Go Benchmark'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.50.

Benchmark suite Current: 9f6db03 Previous: ad3c7d4 Ratio
BenchmarkDefaultContentToDBLessConfigConverter_Convert 120.5 ns/op 0 B/op 0 allocs/op 79.35 ns/op 0 B/op 0 allocs/op 1.52
BenchmarkDefaultContentToDBLessConfigConverter_Convert - ns/op 120.5 ns/op 79.35 ns/op 1.52

This comment was automatically generated by workflow using github-action-benchmark.

CC: @Kong/k8s-maintainers

Please sign in to comment.