diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index f087f644f5b..6b41d8f933a 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -37,13 +37,13 @@ jobs: fi - name: Checkout source code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false fetch-depth: 0 - name: Preview build Clang image - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 with: provenance: false context: . @@ -90,13 +90,13 @@ jobs: fi - name: Checkout Source Code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false fetch-depth: 0 - name: Release Build clang - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 id: docker_build_release with: provenance: false diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml index f014bf45ef3..518b4c466fb 100644 --- a/.github/workflows/build-deploy-docs.yaml +++ b/.github/workflows/build-deploy-docs.yaml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -35,7 +35,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 with: node-version: '18' cache: 'npm' diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index ddb37796daa..4bcce9ad10c 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -68,7 +68,7 @@ jobs: fi - name: Checkout main branch - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false ref: ${{ github.event.repository.default_branch }} @@ -81,7 +81,7 @@ jobs: # Warning: since this is a privileged workflow, subsequent workflow job # steps must take care not to execute untrusted code. - name: Checkout pull request branch (NOT TRUSTED) - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false ref: ${{ steps.tag.outputs.tag }} @@ -106,7 +106,7 @@ jobs: # main branch pushes - name: CI Build (main) if: ${{ github.event_name == 'push' }} - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 id: docker_build_ci_main with: provenance: false @@ -161,7 +161,7 @@ jobs: # PR updates - name: CI Build (PR) if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 id: docker_build_ci_pr with: provenance: false diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index 35789d7160e..d72f6c32077 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -50,7 +50,7 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false fetch-depth: 0 @@ -60,7 +60,7 @@ jobs: echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 id: docker_build_release with: provenance: false @@ -191,7 +191,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Checkout Source Code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false fetch-depth: 0 @@ -225,7 +225,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set up Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index c4118865f0a..3d4e01a3b66 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index 2a90c2e8e39..3968093191b 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/checkpatch.yaml b/.github/workflows/checkpatch.yaml index b79169c10d5..e7e747bc362 100644 --- a/.github/workflows/checkpatch.yaml +++ b/.github/workflows/checkpatch.yaml @@ -7,7 +7,7 @@ jobs: checkpatch: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Run checkpatch.pl diff --git a/.github/workflows/digestcheck.yaml b/.github/workflows/digestcheck.yaml index bcaa5f21e9b..15f9e148f84 100644 --- a/.github/workflows/digestcheck.yaml +++ b/.github/workflows/digestcheck.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install crane env: diff --git a/.github/workflows/generated-files.yaml b/.github/workflows/generated-files.yaml index 575f3997e28..48befb0ae69 100644 --- a/.github/workflows/generated-files.yaml +++ b/.github/workflows/generated-files.yaml @@ -14,7 +14,7 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index 78b440a4298..b6b88aabc4f 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -18,7 +18,7 @@ jobs: os: [ ubuntu-20.04, buildjet-2vcpu-ubuntu-2204-arm ] steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: path: go/src/github.com/cilium/tetragon/ @@ -39,7 +39,7 @@ jobs: echo `clang --version` - name: Install bpftool - uses: mtardy/setup-bpftool@d21fc59a00cfc7e7de8b83a6f8f2060f0e54e2b8 # v1.0.2 + uses: mtardy/setup-bpftool@adeab4f9332cc28db56064a93911860d0775665b # v1.0.3 - name: Ensure BPF programs pass verifier run: | diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index 1349299c6fd..856ea81b2dc 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code if: ${{ !github.event.pull_request }} - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - name: Check code changes @@ -50,7 +50,7 @@ jobs: security-events: write steps: - name: Checkout repo - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false fetch-depth: 1 @@ -59,8 +59,8 @@ jobs: with: go-version-file: 'go.mod' - name: Initialize CodeQL - uses: github/codeql-action/init@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9 + uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ddccb873888234080b77e9bc2d4764d5ccaaccf9 # v2.21.9 + uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8 diff --git a/.github/workflows/lint-helm.yaml b/.github/workflows/lint-helm.yaml index 5db3e93aa8d..b39de2e6ef5 100644 --- a/.github/workflows/lint-helm.yaml +++ b/.github/workflows/lint-helm.yaml @@ -14,7 +14,7 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run install/kubernetes/test.sh run: | cd install/kubernetes && ./test.sh diff --git a/.github/workflows/packages-e2e-tests.yaml b/.github/workflows/packages-e2e-tests.yaml index 5b8cd4acb79..e156611001b 100644 --- a/.github/workflows/packages-e2e-tests.yaml +++ b/.github/workflows/packages-e2e-tests.yaml @@ -27,7 +27,7 @@ jobs: uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Checkout Source Code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/podinfo-test.yaml b/.github/workflows/podinfo-test.yaml index e70a53bff4c..dfcc8ca4690 100644 --- a/.github/workflows/podinfo-test.yaml +++ b/.github/workflows/podinfo-test.yaml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 40 steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Up Job Variables id: vars diff --git a/.github/workflows/renovate-config-validator.yaml b/.github/workflows/renovate-config-validator.yaml index 9bf2869fe01..09e13d03780 100644 --- a/.github/workflows/renovate-config-validator.yaml +++ b/.github/workflows/renovate-config-validator.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout configuration - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # this step uses latest renovate slim release - name: Validate configuration diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 1fd6cd62a3e..e2b45183a64 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -60,10 +60,10 @@ jobs: # renovate clones the repository again in its container fs but it needs # the renovate configuration to start. - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Self-hosted Renovate - uses: renovatebot/github-action@3cef36a9aba515d8726b491905b3bc766832e221 # v39.0.5 + uses: renovatebot/github-action@9c2e6e7dc5340821aa2c82094e7326895c94a435 # v39.1.3 env: # default to DEBUG log level, this is always useful LOG_LEVEL: ${{ github.event.inputs.renovate_log_level_debug == 'false' && 'INFO' || 'DEBUG' }} diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml index 24222ef2f8b..9ef9dcd4bcb 100644 --- a/.github/workflows/run-e2e-tests.yaml +++ b/.github/workflows/run-e2e-tests.yaml @@ -26,7 +26,7 @@ jobs: os: [ ubuntu-22.04, buildjet-4vcpu-ubuntu-2204-arm ] steps: - name: Checkout Code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: path: go/src/github.com/cilium/tetragon/ diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index ec44fa5027b..8e08e6ae676 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 @@ -70,7 +70,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 @@ -87,7 +87,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build CLI release binaries run: make cli-release diff --git a/.github/workflows/veristat-compare.yaml b/.github/workflows/veristat-compare.yaml index f8569f423ef..99a622c2cdb 100644 --- a/.github/workflows/veristat-compare.yaml +++ b/.github/workflows/veristat-compare.yaml @@ -9,12 +9,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: path: branch - name: Checkout base ref - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: path: base ref: ${{ github.base_ref }} diff --git a/.github/workflows/veristat.yaml b/.github/workflows/veristat.yaml index 2cfe6310d55..e83193e8313 100644 --- a/.github/workflows/veristat.yaml +++ b/.github/workflows/veristat.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Build BPF programs run: make tetragon-bpf diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml index d55d27a10f5..0ec35158620 100644 --- a/.github/workflows/vmtests.yml +++ b/.github/workflows/vmtests.yml @@ -19,7 +19,7 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: path: go/src/github.com/cilium/tetragon/