diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f6fb2c456..c7ff8afff 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -24,7 +24,7 @@ jobs: controller: ${{ steps.filter.outputs.controller }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v2.10.2 id: filter @@ -58,16 +58,16 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.2 - name: Setup Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v2.0.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v2.0.0 with: version: latest use: false - name: Docker login - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -127,7 +127,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Docker login - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -154,7 +154,7 @@ jobs: echo "sbom=${SBOM_SPDX}" >> $GITHUB_OUTPUT - name: Upload SBOM - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 with: retention-days: 30 name: ${{ steps.sign.outputs.sbom }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1be154c06..e42e1ccb9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -70,7 +70,7 @@ jobs: ARCH: ${{ matrix.ARCH }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Import secrets uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0 @@ -86,7 +86,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -107,7 +107,7 @@ jobs: nginx-ingress-controller:e2e - name: Cache controller images - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 with: retention-days: 1 name: controller-${{ env.ARCH }}.tar @@ -162,7 +162,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Load cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 @@ -173,7 +173,7 @@ jobs: run: docker load -i controller-${{ env.ARCH }}.tar - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -235,7 +235,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -248,7 +248,7 @@ jobs: run: docker load -i controller-${{ env.ARCH }}.tar - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -283,7 +283,7 @@ jobs: ARCH: amd64 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Load controller build cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 @@ -307,7 +307,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -361,7 +361,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Load controller build cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 @@ -372,7 +372,7 @@ jobs: run: docker load -i controller-${{ env.ARCH }}.tar - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -431,7 +431,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 32b98c2b2..6d7e44608 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index c71f090af..e3959eb3c 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,14 +15,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - name: Set up Go id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index 4de45b4de..cddfd1b8e 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -28,7 +28,7 @@ jobs: kv-gitlab-ci/data/github/shared/github_token token ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Check release type id: check_release diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 044c3a260..de22d53d9 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install K6 run: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f927443df..6b7414c58 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/.github/workflows/smoke-test.yaml b/.github/workflows/smoke-test.yaml index 06a902d10..0b0e81118 100644 --- a/.github/workflows/smoke-test.yaml +++ b/.github/workflows/smoke-test.yaml @@ -47,7 +47,7 @@ jobs: kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.2 - name: Create cluster run: kind create cluster --image=kindest/node:${{ matrix.k8s }} diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index ce2002d6b..05a347e76 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: tag: ${{ steps.version.outputs.tag }} steps: - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -39,7 +39,7 @@ jobs: needs: version steps: - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - shell: bash id: test @@ -47,7 +47,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: docker.io/wallarm/ingress-controller:${{ needs.version.outputs.tag }} format: 'sarif' @@ -62,7 +62,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository