diff --git a/.github/workflows/_conformance_tests.yaml b/.github/workflows/_conformance_tests.yaml index c978277598..045bbcd1cc 100644 --- a/.github/workflows/_conformance_tests.yaml +++ b/.github/workflows/_conformance_tests.yaml @@ -17,12 +17,12 @@ jobs: expression_routes: "true" steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -34,7 +34,7 @@ jobs: - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: conformance-tests.xml diff --git a/.github/workflows/_docker_build.yaml b/.github/workflows/_docker_build.yaml index 35c67f6488..3d8323b465 100644 --- a/.github/workflows/_docker_build.yaml +++ b/.github/workflows/_docker_build.yaml @@ -27,19 +27,19 @@ jobs: tags: ${{ steps.merge-tags.outputs.tags }} steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Parse semver string if: ${{ inputs.tag != '' }} id: parse-semver-tag - uses: booxmedialtd/ws-action-parse-semver@v1.4.7 + uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 with: input_string: ${{ inputs.tag }} version_extractor_regex: 'v(.*)$' - - uses: benjlevesque/short-sha@v2.2 + - uses: benjlevesque/short-sha@36eb8c530990ceac5ddf3c0bc32d02c677ae9706 # v2.2 id: short-sha - name: Add standard tag @@ -78,18 +78,18 @@ jobs: image: kong/kubernetes-ingress-controller:${{ steps.meta.outputs.version }} steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@f4b3439a656ba812b8cb417d2d49f9c810103092 # v3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} @@ -98,7 +98,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 with: images: kong/kubernetes-ingress-controller flavor: | @@ -107,7 +107,7 @@ jobs: - name: Build id: docker-build-dockerhub - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: push: false file: Dockerfile @@ -124,7 +124,7 @@ jobs: # Build locally with outputs set to `type=docker,dest=/tmp/image.tar` to save the image as a `kic-image` artifact. - name: Build locally id: docker-build-local - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: load: true file: Dockerfile @@ -139,7 +139,7 @@ jobs: REPO_INFO=https://github.com/${{ github.repository }}.git - name: Upload image artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: kic-image path: /tmp/image.tar diff --git a/.github/workflows/_e2e_tests.yaml b/.github/workflows/_e2e_tests.yaml index 2ac8f42e5e..06270b3709 100644 --- a/.github/workflows/_e2e_tests.yaml +++ b/.github/workflows/_e2e_tests.yaml @@ -34,7 +34,7 @@ jobs: outputs: test_names: ${{ steps.set_test_names.outputs.test_names }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 @@ -90,7 +90,7 @@ jobs: steps: - name: Download built image artifact if: ${{ inputs.load-local-image }} - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: kic-image path: /tmp @@ -102,16 +102,16 @@ jobs: docker image ls -a - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' - - uses: Kong/kong-license@master + - uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master id: license with: password: ${{ secrets.PULP_PASSWORD }} @@ -140,14 +140,14 @@ jobs: - name: upload diagnostics if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: "diagnostics-e2e-tests-${{ matrix.test }}-${{ matrix.kubernetes-version }}" path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: "*-tests.xml" @@ -167,16 +167,16 @@ jobs: test: ${{ fromJSON(needs.setup-e2e-tests.outputs.test_names) }} steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' - - uses: Kong/kong-license@master + - uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master continue-on-error: true id: license with: @@ -203,14 +203,14 @@ jobs: - name: upload diagnostics if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: "diagnostics-e2e-gke-tests-${{ matrix.test }}-${{ matrix.kubernetes-version }}" path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: "*-tests.xml" @@ -233,7 +233,7 @@ jobs: steps: - name: Download built image artifact if: ${{ inputs.load-local-image }} - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: kic-image path: /tmp @@ -245,16 +245,16 @@ jobs: docker image ls -a - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' - - uses: Kong/kong-license@master + - uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master id: license with: password: ${{ secrets.PULP_PASSWORD }} @@ -274,14 +274,14 @@ jobs: - name: upload diagnostics if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: diagnostics-e2e-tests path: /tmp/ktf-diag* if-no-files-found: ignore - name: collect test report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: "*-tests.xml" diff --git a/.github/workflows/_envtest_tests.yaml b/.github/workflows/_envtest_tests.yaml index 8b0268243e..dc54743013 100644 --- a/.github/workflows/_envtest_tests.yaml +++ b/.github/workflows/_envtest_tests.yaml @@ -8,12 +8,12 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -23,14 +23,14 @@ jobs: GOTESTSUM_JUNITFILE: envtest-tests.xml - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.envtest.out - name: collect test report if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: envtest-tests.xml diff --git a/.github/workflows/_integration_tests.yaml b/.github/workflows/_integration_tests.yaml index 370db7fa2b..38c10f62cd 100644 --- a/.github/workflows/_integration_tests.yaml +++ b/.github/workflows/_integration_tests.yaml @@ -80,7 +80,7 @@ jobs: feature_gates: "GatewayAlpha=true,FillIDs=true" steps: - - uses: Kong/kong-license@master + - uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master id: license with: password: ${{ secrets.PULP_PASSWORD }} @@ -99,12 +99,12 @@ jobs: fi - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -129,14 +129,14 @@ jobs: - name: collect test coverage if: ${{ !cancelled() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.*.out - name: upload diagnostics if: ${{ !cancelled() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: diagnostics-integration-tests-${{ matrix.name }} path: /tmp/ktf-diag* @@ -144,7 +144,7 @@ jobs: - name: collect test report if: ${{ !cancelled() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: integration-tests-${{ matrix.name }}.xml diff --git a/.github/workflows/_linters.yaml b/.github/workflows/_linters.yaml index 107cc42a7b..37ed63f505 100644 --- a/.github/workflows/_linters.yaml +++ b/.github/workflows/_linters.yaml @@ -8,12 +8,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Setup go - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' diff --git a/.github/workflows/_test_reports.yaml b/.github/workflows/_test_reports.yaml index e27c7a4dde..e2b12271b0 100644 --- a/.github/workflows/_test_reports.yaml +++ b/.github/workflows/_test_reports.yaml @@ -22,19 +22,19 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: collect test coverage artifacts id: download-coverage - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: coverage path: coverage - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 with: name: combined-coverage token: ${{ secrets.CODECOV_TOKEN }} @@ -47,20 +47,20 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: download tests report id: download-coverage - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 with: name: tests-report path: report - name: Upload test results to BuildPulse for flaky test detection if: ${{ !cancelled() }} - uses: buildpulse/buildpulse-action@v0.11.0 + uses: buildpulse/buildpulse-action@d0d30f53585cf16b2e01811a5a753fd47968654a # v0.11.0 with: account: 962416 repository: 127765544 diff --git a/.github/workflows/_unit_tests.yaml b/.github/workflows/_unit_tests.yaml index 5383ef70db..0a2a87c4ee 100644 --- a/.github/workflows/_unit_tests.yaml +++ b/.github/workflows/_unit_tests.yaml @@ -8,12 +8,12 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -23,14 +23,14 @@ jobs: GOTESTSUM_JUNITFILE: unit-tests.xml - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.unit.out - name: collect test report if: ${{ always() }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: tests-report path: unit-tests.xml diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index f6c25f9319..cb6e73a647 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -21,6 +21,6 @@ jobs: ) ) steps: - - uses: tibdex/backport@v2 + - uses: tibdex/backport@9565281eda0731b1d20c4025c43339fb0a23812e # v2 with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/benchmarks.yaml b/.github/workflows/benchmarks.yaml index 7c101b9724..5a50dc5cdd 100644 --- a/.github/workflows/benchmarks.yaml +++ b/.github/workflows/benchmarks.yaml @@ -13,14 +13,14 @@ jobs: name: Run Go benchmarks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 - name: Run benchmark run: make bench | tee bench.out - name: Store benchmark result - uses: benchmark-action/github-action-benchmark@v1 + uses: benchmark-action/github-action-benchmark@d48d326b4ca9ba73ca0cd0d59f108f9e02a381c7 # v1 with: name: Go Benchmark tool: 'go' diff --git a/.github/workflows/check_pr_labels.yaml b/.github/workflows/check_pr_labels.yaml index d22d80a28e..f380d100fb 100644 --- a/.github/workflows/check_pr_labels.yaml +++ b/.github/workflows/check_pr_labels.yaml @@ -8,7 +8,7 @@ jobs: label: runs-on: ubuntu-latest steps: - - uses: pmalek/verify-pr-label-action@v1.4.5 + - uses: pmalek/verify-pr-label-action@7c5cdb8db3e959d689b7f13da21826ec8c9f6f8f # v1.4.5 with: github-token: '${{ secrets.GITHUB_TOKEN }}' invalid-labels: 'do not merge,on-hold' diff --git a/.github/workflows/cleanup.yaml b/.github/workflows/cleanup.yaml index 6df0fe3d88..bd67f9f988 100644 --- a/.github/workflows/cleanup.yaml +++ b/.github/workflows/cleanup.yaml @@ -11,11 +11,11 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' - name: cleanup orphaned test clusters @@ -29,11 +29,11 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' - name: cleanup orphaned test clusters diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index df774ebb6f..d016627596 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -31,12 +31,12 @@ jobs: language: [ 'go' ] steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2 diff --git a/.github/workflows/e2e_nightly.yaml b/.github/workflows/e2e_nightly.yaml index f602c32cba..ca01fe0650 100644 --- a/.github/workflows/e2e_nightly.yaml +++ b/.github/workflows/e2e_nightly.yaml @@ -70,7 +70,7 @@ jobs: if: always() && contains(needs.*.result, 'failure') && github.event_name == 'schedule' steps: - name: Notify on Slack for failures of e2e tests run automatically at night - uses: 8398a7/action-slack@v3 + uses: 8398a7/action-slack@28ba43ae48961b90635b50953d216767a6bea486 # v3 env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} with: diff --git a/.github/workflows/e2e_targeted.yaml b/.github/workflows/e2e_targeted.yaml index cf3ea5a8d0..ba93ad5d97 100644 --- a/.github/workflows/e2e_targeted.yaml +++ b/.github/workflows/e2e_targeted.yaml @@ -43,7 +43,7 @@ jobs: PR_NUMBER: ${{ github.event.inputs.pr-number }} RUN_GKE: ${{ inputs.run-gke }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - run: | if [ "${RUN_GKE}" == "true" ]; then MSG="E2E (targeted) tests with KIND-based and GKE-based clusters were started at ${URL}" diff --git a/.github/workflows/e2e_trigger_via_label.yaml b/.github/workflows/e2e_trigger_via_label.yaml index 3e38711d9c..85791d5691 100644 --- a/.github/workflows/e2e_trigger_via_label.yaml +++ b/.github/workflows/e2e_trigger_via_label.yaml @@ -17,7 +17,7 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 # Do not run e2e tests on GKE-based clusters for specific PR, because currently # there is no way to use an image built from PR's code for those tests. # https://github.com/Kong/kubernetes-testing-framework/issues/587 diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml index 97203b03a2..0fa29221bc 100644 --- a/.github/workflows/license.yaml +++ b/.github/workflows/license.yaml @@ -9,8 +9,8 @@ jobs: environment: "FOSSA" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: fossas/fossa-action@v1 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1 with: api-key: ${{secrets.fossaApiKey}} branch: main diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml index 7fed6187dc..8f543b4641 100644 --- a/.github/workflows/nightly.yaml +++ b/.github/workflows/nightly.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Add standard tags @@ -23,30 +23,30 @@ jobs: echo 'EOF' >> $GITHUB_OUTPUT - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@f4b3439a656ba812b8cb417d2d49f9c810103092 # v3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - name: Login to DockerHub - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Docker meta id: meta - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 with: images: kong/nightly-ingress-controller tags: ${{ steps.tags-standard.outputs.TAGS_STANDARD }} - name: Build binary id: docker_build_binary - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: push: false file: Dockerfile @@ -60,7 +60,7 @@ jobs: REPO_INFO=https://github.com/${{ github.repository }}.git - name: Build and push distroless image to DockerHub id: docker_build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: push: true file: Dockerfile diff --git a/.github/workflows/pr_checks.yaml b/.github/workflows/pr_checks.yaml index 9a8eca4e3e..b6816e2ac6 100644 --- a/.github/workflows/pr_checks.yaml +++ b/.github/workflows/pr_checks.yaml @@ -26,13 +26,13 @@ jobs: status: ${{ steps.up-to-date.outputs.status }} steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Check if PR is up to date, if it is skip workflows for this ref id: 'up-to-date' if: github.event_name == 'push' && startsWith(github.ref, 'refs/heads/') - uses: Kong/public-shared-actions/pr-previews/up-to-date@v1.12.0 + uses: Kong/public-shared-actions/pr-previews/up-to-date@c283a28ac0159a9d5960b3c22816e21fb8e4b777 # v1.12.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -61,11 +61,11 @@ jobs: if: needs.up-to-date.outputs.status != 'true' steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' - run: make tools diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 631e62c999..c98619055b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -24,7 +24,7 @@ jobs: outputs: fullversion_tag: ${{ steps.semver_parser.outputs.fullversion }} steps: - - uses: mukunku/tag-exists-action@v1.2.0 + - uses: mukunku/tag-exists-action@9298fbcc409758ba624a0ae16b83df86637cb8ce # v1.2.0 id: check-tag name: check if tag already exists with: @@ -35,12 +35,12 @@ jobs: if: ${{ steps.check-tag.outputs.exists == 'true' }} run: exit 1 - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Parse semver string id: semver_parser - uses: booxmedialtd/ws-action-parse-semver@v1.4.7 + uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 with: input_string: ${{ github.event.inputs.tag }} version_extractor_regex: 'v(.*)$' @@ -58,12 +58,12 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Parse semver string id: semver_parser - uses: booxmedialtd/ws-action-parse-semver@v1.4.7 + uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 with: input_string: ${{ github.event.inputs.tag }} version_extractor_regex: 'v(.*)$' @@ -80,24 +80,24 @@ jobs: echo 'type=raw,value=${{ steps.semver_parser.outputs.major }}.${{ steps.semver_parser.outputs.minor }}' >> $GITHUB_ENV echo 'EOF' >> $GITHUB_ENV - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2 - name: Cache Docker layers - uses: actions/cache@v3 + uses: actions/cache@f4b3439a656ba812b8cb417d2d49f9c810103092 # v3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- - name: Login to DockerHub - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_TOKEN }} - name: Docker meta id: meta - uses: docker/metadata-action@v4.6.0 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 with: images: kong/kubernetes-ingress-controller flavor: | @@ -105,7 +105,7 @@ jobs: tags: ${{ env.TAGS_STANDARD }}${{ env.TAGS_SUPPLEMENTAL }} - name: Build binary id: docker_build_binary - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: push: false file: Dockerfile @@ -119,7 +119,7 @@ jobs: REPO_INFO=https://github.com/${{ github.repository }}.git - name: Build and push distroless image to DockerHub id: docker_build - uses: docker/build-push-action@v4 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4 with: push: true file: Dockerfile @@ -146,11 +146,11 @@ jobs: steps: - name: Parse semver string id: semver_parser - uses: booxmedialtd/ws-action-parse-semver@v1.4.7 + uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 with: input_string: ${{ github.event.inputs.tag }} version_extractor_regex: 'v(.*)$' - - uses: ncipollo/release-action@v1 + - uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1 with: body: | #### Download Kong Ingress Controller ${{ steps.semver_parser.outputs.fullversion }}: @@ -177,12 +177,12 @@ jobs: - publish-release steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Parse semver string id: semver_parser - uses: booxmedialtd/ws-action-parse-semver@v1.4.7 + uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 with: input_string: ${{ github.event.inputs.tag }} version_extractor_regex: 'v(.*)$' diff --git a/.github/workflows/release_docs.yaml b/.github/workflows/release_docs.yaml index 99c94f99c1..9bacaa4aad 100644 --- a/.github/workflows/release_docs.yaml +++ b/.github/workflows/release_docs.yaml @@ -13,18 +13,18 @@ jobs: steps: - name: Parse semver string id: semver_parser - uses: booxmedialtd/ws-action-parse-semver@v1.4.7 + uses: booxmedialtd/ws-action-parse-semver@7784200024d6b3fc01253e617ec0168daf603de3 # v1.4.7 with: input_string: ${{ github.event.inputs.tag }} version_extractor_regex: 'v(.*)$' - name: Checkout KIC repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: Checkout docs repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: repository: kong/docs.konghq.com path: docs.konghq.com diff --git a/.github/workflows/test_nightly.yaml b/.github/workflows/test_nightly.yaml index 1e4434bc06..e03c5a6978 100644 --- a/.github/workflows/test_nightly.yaml +++ b/.github/workflows/test_nightly.yaml @@ -34,7 +34,7 @@ jobs: URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} PR_NUMBER: ${{ github.event.pull_request.number }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - run: | MSG="Integration (targeted) tests with KIND-based cluster and latest images were started at ${URL}" gh pr comment ${PR_NUMBER} --body "${MSG}" @@ -47,18 +47,18 @@ jobs: runs-on: ubuntu-latest steps: - - uses: Kong/kong-license@master + - uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master id: license with: password: ${{ secrets.PULP_PASSWORD }} - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -75,14 +75,14 @@ jobs: - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.enterprisepostgres.out - name: upload diagnostics if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: diagnostics-integration-tests-enterprise-postgres-nightly path: /tmp/ktf-diag* @@ -93,18 +93,18 @@ jobs: runs-on: ubuntu-latest steps: - - uses: Kong/kong-license@master + - uses: Kong/kong-license@c4decf08584f84ff8fe8e7cd3c463e0192f6111b # master id: license with: password: ${{ secrets.PULP_PASSWORD }} - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -120,14 +120,14 @@ jobs: TEST_KONG_PULL_PASSWORD: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUBLIC_TOKEN }} - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.enterprisedbless.out - name: upload diagnostics if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: diagnostics-integration-tests-enterprise-dbless-nightly path: /tmp/ktf-diag* @@ -138,12 +138,12 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -156,14 +156,14 @@ jobs: TEST_KONG_EFFECTIVE_VERSION: ${{ env.kong-gateway-oss-effective-version }} - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.postgres.out - name: upload diagnostics if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: diagnostics-integration-tests-postgres-nightly path: /tmp/ktf-diag* @@ -175,12 +175,12 @@ jobs: steps: - name: checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 with: fetch-depth: 0 - name: setup golang - uses: actions/setup-go@v4 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 with: go-version: '^1.20' @@ -193,14 +193,14 @@ jobs: TEST_KONG_EFFECTIVE_VERSION: ${{ env.kong-gateway-oss-effective-version }} - name: collect test coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: coverage path: coverage.dbless.out - name: upload diagnostics if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3 with: name: diagnostics-integration-tests-dbless-nightly path: /tmp/ktf-diag* diff --git a/.github/workflows/validate_kong_image.yaml b/.github/workflows/validate_kong_image.yaml index 93399d09a4..b76349f4dd 100644 --- a/.github/workflows/validate_kong_image.yaml +++ b/.github/workflows/validate_kong_image.yaml @@ -40,7 +40,7 @@ jobs: URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} ISSUE_NUMBER: ${{ github.event.inputs.issue-number }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - run: | gh issue comment ${ISSUE_NUMBER} --body \ 'Kong Gateway validation tests were started at ${{ env.URL }} with the following parameters: @@ -86,7 +86,7 @@ jobs: URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} ISSUE_NUMBER: ${{ github.event.inputs.issue-number }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - run: | gh issue close ${ISSUE_NUMBER} --comment \ 'Kong Gateway validation tests **PASSED** at ${{ env.URL }} with the following parameters: