From dd7b5bd888fcce6533dce1d8eca7425a100c1e2c Mon Sep 17 00:00:00 2001 From: Moritz Wiesinger Date: Mon, 11 Mar 2024 14:28:18 +0100 Subject: [PATCH] ci: pin GHA deps correctly for renovate (#3229) --- .../deploy-keptn-on-cluster/action.yml | 6 ++-- .github/workflows/CI.yaml | 28 ++++++++--------- .github/workflows/component-test.yml | 6 ++-- .github/workflows/e2e-test.yml | 4 +-- .github/workflows/github-repo-stats.yml | 2 +- .github/workflows/golangci-lint.yml | 6 ++-- .github/workflows/htmltest.yaml | 4 +-- .github/workflows/integration-test.yml | 6 ++-- .github/workflows/load-test.yml | 8 ++--- .github/workflows/markdown-checks.yaml | 10 +++---- .github/workflows/release-examples.yml | 8 ++--- .github/workflows/release.yml | 24 +++++++-------- .github/workflows/security-scans.yml | 30 +++++++++---------- .github/workflows/spell-checker.yml | 2 +- .github/workflows/stale.yml | 6 ++-- .github/workflows/update-labels.yml | 2 +- .github/workflows/validate-helm-chart.yml | 6 ++-- .github/workflows/validate-semantic-pr.yml | 2 +- .github/workflows/yaml-checks.yaml | 2 +- 19 files changed, 81 insertions(+), 81 deletions(-) diff --git a/.github/actions/deploy-keptn-on-cluster/action.yml b/.github/actions/deploy-keptn-on-cluster/action.yml index 1bce4445a9..22825beb3c 100644 --- a/.github/actions/deploy-keptn-on-cluster/action.yml +++ b/.github/actions/deploy-keptn-on-cluster/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -38,12 +38,12 @@ runs: check-latest: true - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4 with: path: ~/download/artifacts - name: "Create single kind Cluster" - uses: helm/kind-action@v1.9.0 + uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 with: cluster_name: ${{ inputs.cluster-name }} version: ${{ inputs.kind-version }} diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index d0273081be..7b907ea077 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -43,11 +43,11 @@ jobs: steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Extract branch name id: extract_branch - uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2 # pin@main + uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2 - name: Get current date and time id: get_datetime @@ -91,10 +91,10 @@ jobs: folder: "keptn-cert-manager/" steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Go 1.x - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # pin@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -106,7 +106,7 @@ jobs: run: make unit-test - name: Report code coverage - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # pin@v4 + uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4 with: flags: ${{ matrix.config.name }} token: ${{ secrets.CODECOV_TOKEN }} @@ -138,21 +138,21 @@ jobs: folder: "keptn-cert-manager/" steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Cache build tools id: cache-build-tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # pin@v4 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4 with: path: ./${{ matrix.config.folder }}bin key: build-tools-${{ github.ref_name }} - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # pin@v3 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3 - name: Build Docker Image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # pin@v5 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5 with: context: ${{ matrix.config.folder }} platforms: linux/amd64,linux/arm64 @@ -172,7 +172,7 @@ jobs: outputs: type=oci,dest=/tmp/${{ matrix.config.name }}-image.tar - name: Upload image as artifact - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: ${{ matrix.config.name }}-image.tar path: /tmp/${{ matrix.config.name }}-image.tar @@ -188,7 +188,7 @@ jobs: run: echo "" > tag - name: Upload tag for tests - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: dev-${{ env.DATETIME }} path: tag @@ -247,10 +247,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out keptn repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Check out helm-charts repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: repository: 'keptn/lifecycle-toolkit-charts' path: ./helm-charts-repository @@ -272,7 +272,7 @@ jobs: run: rsync -av --delete --exclude='charts/*.tgz' ./${{ matrix.config.path }}/ ./helm-charts-repository/charts/${{ matrix.config.name }}/ - name: Create Pull Request - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # pin@v6 + uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6 with: token: ${{ secrets.KEPTN_BOT_TOKEN }} path: ./helm-charts-repository diff --git a/.github/workflows/component-test.yml b/.github/workflows/component-test.yml index d9028cc6cb..8f56f5675a 100644 --- a/.github/workflows/component-test.yml +++ b/.github/workflows/component-test.yml @@ -19,10 +19,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Go 1.x - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # pin@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -34,7 +34,7 @@ jobs: run: make component-test - name: Report code coverage - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # pin@v4 + uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4 with: flags: component-tests token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 19e0abb9d2..fb2b46f1d5 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -29,7 +29,7 @@ jobs: folder: "scheduler/" steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup cluster uses: ./.github/actions/deploy-keptn-on-cluster @@ -47,7 +47,7 @@ jobs: - name: Upload ${{ matrix.config.name }} cluster logs if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: logs-e2e-tests-${{ matrix.config.name }} path: .github/scripts/logs diff --git a/.github/workflows/github-repo-stats.yml b/.github/workflows/github-repo-stats.yml index 6a36d9fb9c..cf731c9d3c 100644 --- a/.github/workflows/github-repo-stats.yml +++ b/.github/workflows/github-repo-stats.yml @@ -18,7 +18,7 @@ jobs: steps: - name: run-ghrs # Use latest release. - uses: jgehrcke/github-repo-stats@306db38ad131cab2aa5f2cd3062bf6f8aa78c1aa # pin@v1.4.2 + uses: jgehrcke/github-repo-stats@306db38ad131cab2aa5f2cd3062bf6f8aa78c1aa # v1.4.2 with: databranch: github-repo-stats ghtoken: ${{ secrets.KEPTN_BOT_TOKEN }} diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 24d66b958f..e94fcd2893 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -41,15 +41,15 @@ jobs: folder: "keptn-cert-manager/" steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # pin@v5 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # pin@v4 + uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4 with: working-directory: ${{ matrix.config.folder }} version: ${{ env.GOLANGCI_LINT_VERSION }} diff --git a/.github/workflows/htmltest.yaml b/.github/workflows/htmltest.yaml index 6b92462731..7405a15757 100644 --- a/.github/workflows/htmltest.yaml +++ b/.github/workflows/htmltest.yaml @@ -25,13 +25,13 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: submodules: true fetch-depth: 0 - name: Cache HTMLTest packages - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # pin@v4 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4 with: path: | tmp/.htmltest diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 4159728dc0..1c478ce3a4 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup cluster uses: ./.github/actions/deploy-keptn-on-cluster @@ -43,7 +43,7 @@ jobs: uses: ./.github/actions/deploy-prometheus-on-cluster - name: Install Chainsaw - uses: kyverno/action-install-chainsaw@4932dd3a67eedf380e704f5c294851a2f83c638f # pin@v0.1.8 + uses: kyverno/action-install-chainsaw@4932dd3a67eedf380e704f5c294851a2f83c638f # v0.1.8 - name: Run Scheduling Gates Integration Tests if: inputs.scheduling-gates == 'gates_on' && inputs.allowed-namespaces == 'allowed_ns_off' @@ -67,7 +67,7 @@ jobs: - name: Upload cluster logs if: failure() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: logs-integration-tests-${{ inputs.scheduling-gates }}-${{ inputs.allowed-namespaces }} path: .github/scripts/logs diff --git a/.github/workflows/load-test.yml b/.github/workflows/load-test.yml index da63d26f7d..22b64d23bd 100644 --- a/.github/workflows/load-test.yml +++ b/.github/workflows/load-test.yml @@ -24,11 +24,11 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Cache build tools id: cache-build-tools - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # pin@v4 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4 with: path: /usr/local/bin/kube-burner key: kube-burner-${{ env.KUBE_BURNER_VERSION }} @@ -57,7 +57,7 @@ jobs: - name: Upload results if: always() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: load-tests-results path: ./collected-metrics @@ -69,7 +69,7 @@ jobs: - name: Upload cluster logs if: failure() - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: logs-load-tests path: .github/scripts/logs diff --git a/.github/workflows/markdown-checks.yaml b/.github/workflows/markdown-checks.yaml index 23ac050b13..253962b776 100644 --- a/.github/workflows/markdown-checks.yaml +++ b/.github/workflows/markdown-checks.yaml @@ -32,8 +32,8 @@ jobs: markdown-link-check: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 - - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # pin@v1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 with: config-file: '.github/mlc_config.json' use-verbose-mode: true @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Run TOC generation run: | @@ -72,10 +72,10 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Go 1.x - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # pin@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/release-examples.yml b/.github/workflows/release-examples.yml index 5a527437c9..1e98a587dc 100644 --- a/.github/workflows/release-examples.yml +++ b/.github/workflows/release-examples.yml @@ -26,17 +26,17 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Checkout examples repo - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: repository: keptn-sandbox/lifecycle-toolkit-examples path: ${{ inputs.examples_dir }} token: ${{ secrets.KEPTN_BOT_TOKEN }} - name: Get Latest Release Information - uses: octokit/request-action@89697eb6635e52c6e1e5559f15b5c91ba5100cb0 # pin@v2.1.9 + uses: octokit/request-action@89697eb6635e52c6e1e5559f15b5c91ba5100cb0 # v2.1.9 id: latest_release with: route: GET /repos/:owner/:repository/releases/latest @@ -51,7 +51,7 @@ jobs: - name: Push content if: inputs.dry_run != true - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # pin@v9 + uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: default_author: github_actions cwd: ${{ inputs.examples_dir }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b988c8b4e5..ab1bc065aa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,11 +38,11 @@ jobs: BUILD_TIME: ${{ steps.get_datetime.outputs.BUILD_TIME }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Extract branch name id: extract_branch - uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2 # pin@main + uses: keptn/gh-action-extract-branch-name@6ca4fe061da10c66b2d7341fd1fb12962ad911b2 - name: Get current date and time id: get_datetime @@ -53,7 +53,7 @@ jobs: echo "BUILD_TIME=$BUILD_TIME" >> "$GITHUB_OUTPUT" - name: Run release please - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # pin@v3 + uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3 id: release with: command: manifest @@ -81,7 +81,7 @@ jobs: - name: Create release matrix id: build-matrix - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pin@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 env: CHANGED_ITEMS: ${{ steps.release.outputs.paths_released }} KEPTN_TAG: ${{ steps.release.outputs.tag_name }} @@ -149,23 +149,23 @@ jobs: GIT_SHA: ${{ needs.release-please.outputs.GIT_SHA }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: submodules: recursive - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # pin@v3 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3 - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # pin@v3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 with: registry: "ghcr.io" username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Cosign - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # pin@v3.4.0 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - name: Clean up image tag id: clean-image-tag @@ -183,7 +183,7 @@ jobs: - name: Build Docker Image id: docker_build_image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # pin@v5 + uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5 with: context: ${{ matrix.config.folder }} platforms: linux/amd64,linux/arm64 @@ -212,14 +212,14 @@ jobs: ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} - name: Generate SBOM - uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # pin@v0.15.8 + uses: anchore/sbom-action@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8 with: image: ${{ env.IMAGE_NAME }}:${{ steps.clean-image-tag.outputs.IMAGE_TAG }} artifact-name: sbom-${{ matrix.config.name }} output-file: ./sbom-${{ matrix.config.name }}.spdx.json - name: Attach SBOM to release - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # pin@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 with: tag_name: ${{ matrix.config.tagName }} files: ./sbom-${{ matrix.config.name }}.spdx.json @@ -238,7 +238,7 @@ jobs: ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} - name: Upload verification log as artifact - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: cosign-attest-verification-log path: ./cosign-attest-output.json diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml index 3ec63fb16c..23badf07fc 100644 --- a/.github/workflows/security-scans.yml +++ b/.github/workflows/security-scans.yml @@ -54,7 +54,7 @@ jobs: echo "RUN_ID=$RUN_ID" >> $GITHUB_OUTPUT - name: Download all artifacts from last successful build of target branch - uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # pin@v3.1.2 + uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2 id: download_artifacts_push with: # Download last successful artifact from a CI build @@ -65,14 +65,14 @@ jobs: path: ./dist - name: Upload tag - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: tag path: | ./dist/dev-*/ - name: Upload images - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: images path: | @@ -99,21 +99,21 @@ jobs: steps: - name: Set up Go if: matrix.tool == 'kubeconform' - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # pin@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true cache: false - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 submodules: 'true' - name: Download tag id: download_manifests - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # pin@v4 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4 with: name: tag path: tag @@ -148,7 +148,7 @@ jobs: - name: KICS Scan if: matrix.tool == 'kics' - uses: Checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609 # pin@v1.7.0 + uses: Checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609 # v1.7.0 with: path: scans config_path: .github/kics-config.yml @@ -157,7 +157,7 @@ jobs: - name: Upload KICS results if: always() && matrix.tool == 'kics' - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # pin@v4 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4 with: name: kics-results path: results.json @@ -224,14 +224,14 @@ jobs: - "certificate-operator" steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 with: fetch-depth: 0 submodules: 'true' - name: Download images id: download_images - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # pin@v4 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4 with: name: images path: images @@ -242,7 +242,7 @@ jobs: - name: Trivy image scan scheduler if: matrix.image == 'scheduler' - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # pin@0.18.0 + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0 with: input: "images/${{ matrix.image }}-image.tar" severity: 'CRITICAL,HIGH' @@ -251,7 +251,7 @@ jobs: - name: Trivy image scan if: matrix.image != 'scheduler' - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # pin@0.18.0 + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0 with: input: "images/${{ matrix.image }}-image.tar" severity: 'CRITICAL,HIGH' @@ -270,14 +270,14 @@ jobs: - "keptn-cert-manager" steps: - name: Set up Go 1.x - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # pin@v5 + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5 with: cache-dependency-path: ${{ matrix.artifact }}/go.sum go-version: ${{ env.GO_VERSION }} check-latest: true - name: Checkout Code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Install govulncheck run: go install golang.org/x/vuln/cmd/govulncheck@latest @@ -311,7 +311,7 @@ jobs: echo "Note: This issue was auto-generated from [security-scan.yml](.github/workflows/security-scan.yml)" >> security-scan-failure.md - name: Create issue if versions differ - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # pin@v2.9.2 + uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/spell-checker.yml b/.github/workflows/spell-checker.yml index 69dabc1f9d..e1df4f01b5 100644 --- a/.github/workflows/spell-checker.yml +++ b/.github/workflows/spell-checker.yml @@ -29,7 +29,7 @@ jobs: steps: - name: check-spelling id: spelling - uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 # pin@v0.0.22 + uses: check-spelling/check-spelling@00c989c97749eb0cb2d256bdc55ac61b0096c6d3 # v0.0.22 with: suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]' && 1 }} checkout: true diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5f544370b6..8d89da2736 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # pin@v9 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9 with: days-before-stale: 60 days-before-close: 7 @@ -29,7 +29,7 @@ jobs: stale-good-first-issues: runs-on: ubuntu-latest steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # pin@v9 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9 with: days-before-stale: 21 stale-issue-message: | @@ -41,7 +41,7 @@ jobs: only-issue-labels: 'good first issue' stale-issue-label: 'update-requested' - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # pin@v9 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9 with: days-before-stale: 28 stale-issue-message: | diff --git a/.github/workflows/update-labels.yml b/.github/workflows/update-labels.yml index 39d0e09fc8..a753551373 100644 --- a/.github/workflows/update-labels.yml +++ b/.github/workflows/update-labels.yml @@ -14,6 +14,6 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Update Labels - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # pin@v5 + uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 with: sync-labels: true diff --git a/.github/workflows/validate-helm-chart.yml b/.github/workflows/validate-helm-chart.yml index 7576bde0fe..0ebc1c529a 100644 --- a/.github/workflows/validate-helm-chart.yml +++ b/.github/workflows/validate-helm-chart.yml @@ -36,10 +36,10 @@ jobs: path: keptn-cert-manager/chart steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Node - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # pin@v4.0.2 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 16 @@ -73,7 +73,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Check if Helm template is up to date run: ./.github/scripts/helm-test.sh diff --git a/.github/workflows/validate-semantic-pr.yml b/.github/workflows/validate-semantic-pr.yml index a3db450ea8..fce4ca2424 100644 --- a/.github/workflows/validate-semantic-pr.yml +++ b/.github/workflows/validate-semantic-pr.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Validate Pull Request - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # pin@v5.4.0 + uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/yaml-checks.yaml b/.github/workflows/yaml-checks.yaml index 4b2780d878..7d7609ad45 100644 --- a/.github/workflows/yaml-checks.yaml +++ b/.github/workflows/yaml-checks.yaml @@ -27,7 +27,7 @@ jobs: yamllint: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Lint YAML files run: make yamllint