From e10269423db1474c700b66f1c363c7d4416881ce Mon Sep 17 00:00:00 2001 From: "cilium-renovate[bot]" <134692979+cilium-renovate[bot]@users.noreply.github.com> Date: Fri, 13 Sep 2024 14:09:07 +0000 Subject: [PATCH] chore(deps): update all github action dependencies Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com> --- .github/workflows/bpf-unit-tests.yml | 4 +-- .github/workflows/build-clang-image.yaml | 24 ++++++------- .github/workflows/build-deploy-docs.yaml | 4 +-- .github/workflows/build-images-ci.yml | 20 +++++------ .github/workflows/build-images-releases.yml | 34 +++++++++---------- .../build-rthooks-images-releases.yml | 16 ++++----- .github/workflows/check-links-cron.yaml | 2 +- .github/workflows/check-links-pr.yaml | 2 +- .github/workflows/checkpatch.yaml | 2 +- .github/workflows/digestcheck.yaml | 2 +- .github/workflows/generated-files.yaml | 4 +-- .github/workflows/gotests.yml | 8 ++--- .github/workflows/lint-codeql.yml | 10 +++--- .github/workflows/lint-helm.yaml | 10 +++--- .github/workflows/packages-e2e-tests.yaml | 10 +++--- .github/workflows/podinfo-test.yaml | 4 +-- .../workflows/renovate-config-validator.yaml | 2 +- .github/workflows/renovate.yaml | 4 +-- .github/workflows/run-e2e-tests.yaml | 10 +++--- .github/workflows/static-checks.yaml | 18 +++++----- .github/workflows/tetragon-rthook-pr.yaml | 8 ++--- .github/workflows/validate-crd.yaml | 2 +- .github/workflows/veristat-compare.yaml | 4 +-- .github/workflows/veristat.yaml | 2 +- .github/workflows/vmtests.yml | 12 +++---- 25 files changed, 109 insertions(+), 109 deletions(-) diff --git a/.github/workflows/bpf-unit-tests.yml b/.github/workflows/bpf-unit-tests.yml index 13116818f1b..955d789df4c 100644 --- a/.github/workflows/bpf-unit-tests.yml +++ b/.github/workflows/bpf-unit-tests.yml @@ -17,10 +17,10 @@ jobs: os: [ ubuntu-22.04, actuated-arm64-4cpu-8gb ] steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index dea9dd6b1bc..8414a25be42 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -19,13 +19,13 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: amd64,arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Getting image tag id: tag @@ -37,13 +37,13 @@ jobs: fi - name: Checkout source code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false fetch-depth: 0 - name: Preview build Clang image - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: provenance: false context: . @@ -65,16 +65,16 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: amd64,arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to quay.io - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: quay.io username: ${{ secrets.QUAY_CLANG_RELEASE_USERNAME }} @@ -90,13 +90,13 @@ jobs: fi - name: Checkout Source Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false fetch-depth: 0 - name: Release Build clang - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 id: docker_build_release with: provenance: false @@ -118,7 +118,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -168,7 +168,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: image-digest clang path: image-digest @@ -186,7 +186,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: image-digest/ diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml index 2f55bf746ba..5c5d095666b 100644 --- a/.github/workflows/build-deploy-docs.yaml +++ b/.github/workflows/build-deploy-docs.yaml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod @@ -37,7 +37,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 with: node-version: '18' cache: 'npm' diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index fd8c7e3bed2..738fe12bf0e 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -39,16 +39,16 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: arm64 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to quay.io for CI - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_CI }} @@ -71,7 +71,7 @@ jobs: fi - name: Checkout main branch - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false ref: ${{ github.event.repository.default_branch }} @@ -84,7 +84,7 @@ jobs: # Warning: since this is a privileged workflow, subsequent workflow job # steps must take care not to execute untrusted code. - name: Checkout pull request branch (NOT TRUSTED) - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false ref: ${{ steps.tag.outputs.tag }} @@ -94,7 +94,7 @@ jobs: uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -110,7 +110,7 @@ jobs: # main branch pushes - name: CI Build (main) if: ${{ github.event_name == 'push' }} - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 id: docker_build_ci_main with: provenance: false @@ -165,7 +165,7 @@ jobs: # PR updates - name: CI Build (PR) if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 id: docker_build_ci_pr with: provenance: false @@ -218,7 +218,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -236,7 +236,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: image-digest/ diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index ebf5eafc86e..13f35847eba 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -30,15 +30,15 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to quay.io - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} @@ -50,7 +50,7 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false fetch-depth: 0 @@ -60,7 +60,7 @@ jobs: echo "TETRAGON_VERSION=$(make version)" >> $GITHUB_ENV - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 id: docker_build_release with: provenance: false @@ -88,7 +88,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -147,7 +147,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -165,7 +165,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: image-digest/ @@ -189,10 +189,10 @@ jobs: steps: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Checkout Source Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false fetch-depth: 0 @@ -203,7 +203,7 @@ jobs: run: echo "tag=$(make version)" >> $GITHUB_OUTPUT - name: Login to Docker Hub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME_CI }} password: ${{ secrets.DOCKER_HUB_PASSWORD_CI }} @@ -216,7 +216,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: release/ @@ -229,10 +229,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 - name: Getting version tag id: tag @@ -242,20 +242,20 @@ jobs: run: make cli-release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-amd64.tar.gz - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: tetragon-${{ steps.tag.outputs.tag }}-amd64 path: release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-arm64.tar.gz - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: tetragon-${{ steps.tag.outputs.tag }}-arm64 path: release - name: Create Release id: create_release - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: token: ${{ secrets.GITHUB_TOKEN }} tag_name: ${{ github.ref }} diff --git a/.github/workflows/build-rthooks-images-releases.yml b/.github/workflows/build-rthooks-images-releases.yml index 57657c3b1c1..b60ac7bcf1e 100644 --- a/.github/workflows/build-rthooks-images-releases.yml +++ b/.github/workflows/build-rthooks-images-releases.yml @@ -26,15 +26,15 @@ jobs: steps: # https://github.com/docker/setup-qemu-action - name: Set up QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: arm64 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to quay.io - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME_RELEASE_USERNAME }} @@ -46,13 +46,13 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false fetch-depth: 0 - name: Release Build ${{ matrix.name }} - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 id: docker_build_release with: provenance: false @@ -78,7 +78,7 @@ jobs: cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -137,7 +137,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -155,7 +155,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: image-digest/ diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index b49ca801844..ba45d655816 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index c3084b2568e..e8f529a3aea 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -16,7 +16,7 @@ jobs: PATCH_FILE: "additions.patch" steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/checkpatch.yaml b/.github/workflows/checkpatch.yaml index c9bc8da64c7..099b7c1fb43 100644 --- a/.github/workflows/checkpatch.yaml +++ b/.github/workflows/checkpatch.yaml @@ -13,7 +13,7 @@ jobs: # should revisit it (and maybe update cilium-checkpatch). if: ${{ github.event.pull_request.user.login != 'cilium-renovate[bot]' }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Run checkpatch.pl diff --git a/.github/workflows/digestcheck.yaml b/.github/workflows/digestcheck.yaml index 873dd265de5..d4f475b8bfe 100644 --- a/.github/workflows/digestcheck.yaml +++ b/.github/workflows/digestcheck.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install crane env: diff --git a/.github/workflows/generated-files.yaml b/.github/workflows/generated-files.yaml index 75ad5d9d32d..179c80aa016 100644 --- a/.github/workflows/generated-files.yaml +++ b/.github/workflows/generated-files.yaml @@ -14,9 +14,9 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index c6a3831fc2e..06c7f654abb 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -18,12 +18,12 @@ jobs: os: [ ubuntu-20.04, actuated-arm64-4cpu-8gb ] steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -70,7 +70,7 @@ jobs: - name: Upload Tetragon logs if: failure() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-json path: /tmp/tetragon.gotest* @@ -78,7 +78,7 @@ jobs: - name: Upload bugtool dumps if: failure() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-bugtool path: /tmp/tetragon-bugtool* diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index cdf7bd0fb23..df2b6d0ad91 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code if: ${{ !github.event.pull_request }} - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - name: Check code changes @@ -50,18 +50,18 @@ jobs: security-events: write steps: - name: Checkout repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false fetch-depth: 1 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 diff --git a/.github/workflows/lint-helm.yaml b/.github/workflows/lint-helm.yaml index 7ac14af4d44..7fd84a7a581 100644 --- a/.github/workflows/lint-helm.yaml +++ b/.github/workflows/lint-helm.yaml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: # Get source - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # Check / install dependencies - name: Check if vendored openapi2jsonschema.py script is up to date @@ -50,7 +50,7 @@ jobs: echo "Please run 'make -C install/kubernetes generate-jsonschemas' and submit your changes."; exit 1 fi - name: Install Helm CLI # Required for the Helm chart templating - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 # Validate Helm chart - name: Generate Helm chart @@ -69,7 +69,7 @@ jobs: - name: Run Kubeconform with minimum supported K8s version if: success() || steps.generate_helm_chart.outcome == 'failure' id: kubeconform_min_k8s_version - uses: mathiasvr/command-output@v2.0.0 + uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # v2.0.0 with: shell: bash run: | @@ -77,7 +77,7 @@ jobs: - name: Run Kubeconform with latest K8s version if: success() || steps.generate_helm_chart.outcome == 'failure' id: kubeconform_latest_k8s_version - uses: mathiasvr/command-output@v2.0.0 + uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # v2.0.0 with: shell: bash run: | @@ -86,7 +86,7 @@ jobs: # Post Kubeconform issues as comment on the GH PR, if there are any - name: Comment Kubeconform Output if: failure() && (steps.kubeconform_min_k8s_version.outcome == 'failure' || steps.kubeconform_latest_k8s_version.outcome == 'failure') - uses: marocchino/sticky-pull-request-comment@v2 + uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2 with: hide_and_recreate: true skip_unchanged: true diff --git a/.github/workflows/packages-e2e-tests.yaml b/.github/workflows/packages-e2e-tests.yaml index 9f222b92113..61022ad4820 100644 --- a/.github/workflows/packages-e2e-tests.yaml +++ b/.github/workflows/packages-e2e-tests.yaml @@ -28,10 +28,10 @@ jobs: steps: # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Checkout Source Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Getting version tag id: tag @@ -59,7 +59,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} @@ -84,14 +84,14 @@ jobs: steps: - name: Checkout Source Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Getting version tag id: tag run: echo "tag=$(make version)" >> $GITHUB_OUTPUT - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: ${{ matrix.upload_path }} diff --git a/.github/workflows/podinfo-test.yaml b/.github/workflows/podinfo-test.yaml index a41a626b981..151878e6321 100644 --- a/.github/workflows/podinfo-test.yaml +++ b/.github/workflows/podinfo-test.yaml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 40 steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set Up Job Variables id: vars @@ -36,7 +36,7 @@ jobs: echo "operatorImage=quay.io/cilium/tetragon-operator-ci:${SHA}" >> $GITHUB_OUTPUT - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' diff --git a/.github/workflows/renovate-config-validator.yaml b/.github/workflows/renovate-config-validator.yaml index a411cf3ccf6..8300c8a6a13 100644 --- a/.github/workflows/renovate-config-validator.yaml +++ b/.github/workflows/renovate-config-validator.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout configuration - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 # this step uses latest renovate slim release - name: Validate configuration diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index b5a5be90729..3b48ac58f7c 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -60,10 +60,10 @@ jobs: # renovate clones the repository again in its container fs but it needs # the renovate configuration to start. - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Self-hosted Renovate - uses: renovatebot/github-action@21d88b0bf0183abcee15f990011cca090dfc47dd # v40.1.12 + uses: renovatebot/github-action@dd4d265eb8646cd04fc5f86ff8bc8d496d75a251 # v40.2.8 env: # default to DEBUG log level, this is always useful LOG_LEVEL: ${{ github.event.inputs.renovate_log_level_debug == 'false' && 'INFO' || 'DEBUG' }} diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml index 8cdb03834eb..d44db3ec8b7 100644 --- a/.github/workflows/run-e2e-tests.yaml +++ b/.github/workflows/run-e2e-tests.yaml @@ -26,10 +26,10 @@ jobs: operatorImage: ${{ steps.vars.outputs.operatorImage }} steps: - name: Checkout Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: go.mod @@ -79,12 +79,12 @@ jobs: package: ${{fromJson(needs.prepare.outputs.packages)}} steps: - name: Checkout Code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -118,7 +118,7 @@ jobs: - name: Upload Tetragon Logs if: failure() || cancelled() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-logs-${{ matrix.os }}-${{ matrix.package.s }} path: /tmp/tetragon.e2e.* diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 33d1cd22ba5..100941da39e 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Ensure No Binary Files Checked In run: | @@ -34,10 +34,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -45,7 +45,7 @@ jobs: cache: false - name: Run golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: # renovate: datasource=docker depName=docker.io/golangci/golangci-lint version: v1.61.0 @@ -55,10 +55,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -85,10 +85,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -103,7 +103,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build CLI release binaries run: make cli-release diff --git a/.github/workflows/tetragon-rthook-pr.yaml b/.github/workflows/tetragon-rthook-pr.yaml index 65f06a3452c..58443269427 100644 --- a/.github/workflows/tetragon-rthook-pr.yaml +++ b/.github/workflows/tetragon-rthook-pr.yaml @@ -19,12 +19,12 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -42,7 +42,7 @@ jobs: tar cz -f /tmp/tetragon-rthooks.tar ./tetragon-rthooks - name: upload build - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-rthooks-build path: /tmp/tetragon-rthooks.tar @@ -68,7 +68,7 @@ jobs: container-runtime: ${{ matrix.cri }} - name: download build data - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: tetragon-rthooks-build diff --git a/.github/workflows/validate-crd.yaml b/.github/workflows/validate-crd.yaml index d294d194796..89a4669cca5 100644 --- a/.github/workflows/validate-crd.yaml +++ b/.github/workflows/validate-crd.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/veristat-compare.yaml b/.github/workflows/veristat-compare.yaml index 5f1b8df32cf..44094732ac5 100644 --- a/.github/workflows/veristat-compare.yaml +++ b/.github/workflows/veristat-compare.yaml @@ -9,12 +9,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout branch - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: branch - name: Checkout base ref - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: base ref: ${{ github.base_ref }} diff --git a/.github/workflows/veristat.yaml b/.github/workflows/veristat.yaml index fe66c39326f..03905b8d937 100644 --- a/.github/workflows/veristat.yaml +++ b/.github/workflows/veristat.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build BPF programs run: make tetragon-bpf diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml index 35aedc03c93..feee63c309a 100644 --- a/.github/workflows/vmtests.yml +++ b/.github/workflows/vmtests.yml @@ -19,12 +19,12 @@ jobs: cancel-in-progress: true steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: go/src/github.com/cilium/tetragon/ - name: Install Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: # renovate: datasource=golang-version depName=go go-version: '1.22.7' @@ -56,7 +56,7 @@ jobs: tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon - name: upload build - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-build path: /tmp/tetragon.tar @@ -103,7 +103,7 @@ jobs: sudo chmod go+rX -R /boot/ - name: download build data - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: tetragon-build @@ -150,7 +150,7 @@ jobs: - name: Upload test results on failure or cancelation if: failure() || cancelled() - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-* @@ -162,7 +162,7 @@ jobs: if: success() steps: # delete the built binaries from the artifacts in case of overall success - - uses: geekyeggo/delete-artifact@24928e75e6e6590170563b8ddae9fac674508aa1 # v5.0.0 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} name: tetragon-build