diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index cd5818aa082..84ccd69ab7c 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -28,17 +28,17 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 with: platforms: amd64,arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 - name: Login to quay.io if: github.event_name == 'push' - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: quay.io username: ${{ secrets.QUAY_CLANG_RELEASE_USERNAME }} @@ -60,7 +60,7 @@ jobs: fetch-depth: 0 - name: Release Build clang - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 id: docker_build_release with: provenance: false @@ -73,7 +73,7 @@ jobs: - name: Install Cosign if: github.event_name == 'push' - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v3.0.5 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 - name: Sign Container Image if: github.event_name == 'push' && steps.tag-in-repositories.outputs.exists == 'false' diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index 62af3917136..dd586dca317 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -35,16 +35,16 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 with: platforms: arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 - name: Login to quay.io for CI - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_CI }} @@ -71,7 +71,7 @@ jobs: echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - name: Install Cosign - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v3.0.5 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 - name: Install Bom shell: bash @@ -83,7 +83,7 @@ jobs: # main branch pushes - name: CI Build (main) if: github.event_name == 'push' - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 id: docker_build_ci_main with: provenance: false @@ -138,7 +138,7 @@ jobs: # PR updates - name: CI Build (PR) if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 id: docker_build_ci_pr with: provenance: false diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index 9ea19b2517a..f472fb18fcd 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -30,15 +30,15 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 with: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2.7.0 - name: Login to quay.io - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} @@ -60,7 +60,7 @@ jobs: echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1 id: docker_build_release with: provenance: false @@ -77,7 +77,7 @@ jobs: - name: Install Cosign if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v3.0.5 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3.1.1 - name: Sign Container Image if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index b1370befa6b..8f539d775e9 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -21,7 +21,7 @@ jobs: - name: Links Checker id: lychee - uses: lycheeverse/lychee-action@9ace499fe66cee282a29eaa628fdac2c72fa087f # v1.6.1 + uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index 4a3fcdf9ae0..f4f8496cf0a 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -37,7 +37,7 @@ jobs: - name: Links Checker id: lychee - uses: lycheeverse/lychee-action@9ace499fe66cee282a29eaa628fdac2c72fa087f # v1.6.1 + uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} with: diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index 263a403fce8..5002b21899d 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -55,8 +55,8 @@ jobs: persist-credentials: false fetch-depth: 1 - name: Initialize CodeQL - uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1 diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index f314ebd4c48..0fdf65693e0 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -22,7 +22,7 @@ jobs: with: go-version: '1.18.3' - name: Run static checks - uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # v3.4.0 + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: version: v1.52.2 args: --config=.golangci.yml --verbose