diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 94acc5d6..be7f004b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index ed98df5f..cf78a362 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -17,7 +17,7 @@ jobs: start_status: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout_ref }} @@ -32,10 +32,10 @@ jobs: outputs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout_ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" @@ -62,7 +62,7 @@ jobs: fail-fast: false # we want to always report the status runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout_ref }} diff --git a/.github/workflows/provision-test.yaml b/.github/workflows/provision-test.yaml index ac8e8c25..ee2cffb3 100644 --- a/.github/workflows/provision-test.yaml +++ b/.github/workflows/provision-test.yaml @@ -14,17 +14,17 @@ jobs: provision: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" - name: Azure login - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -35,7 +35,7 @@ jobs: run: (cd testing/e2e && go run ./main.go infra --subscription="${{ secrets.AZURE_SUBSCRIPTION_ID }}" --tenant="${{ secrets.AZURE_TENANT_ID }}" --names="${{ inputs.name }}" --infra-file="./infra-${{ inputs.name }}.json") - name: Upload infra file - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: infra-${{ inputs.name }} path: testing/e2e/infra-${{ inputs.name }}.json @@ -43,23 +43,23 @@ jobs: needs: provision runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" - name: Azure login - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: infra-${{ inputs.name }} path: testing/e2e/ diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c2a7b05a..abfa6bc9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -39,17 +39,17 @@ jobs: TAG: aks-app-routing-operator-validate:${{ inputs.version }} steps: # validate image from sha input - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.sha }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Build image locally run: docker buildx build --tag "${TAG}" --load . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ env.TAG }} format: 'table' @@ -66,25 +66,25 @@ jobs: runs-on: ["self-hosted", "1ES.Pool=${{ vars.RUNNER_BASE_NAME }}-ubuntu"] steps: # always read the changelog in main - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: 'main' - name: Read changelog id: changelog - uses: mindsers/changelog-reader-action@b97ce03a10d9bdbb07beb491c76a5a01d78cd3ef # v2.2.2 + uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 with: validation_level: warn version: ${{ inputs.version }} # build image from sha input - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ inputs.sha }} - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Authenticate to ACR run: | diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 61d8d0b2..3b7200cd 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -14,7 +14,7 @@ jobs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - id: set-matrix run: | matrix=$(cat active_releases.json | tr '\n' ' ') diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 865fae1f..13d117ad 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -12,7 +12,7 @@ jobs: status_ref: ${{ steps.status_ref.outputs.STATUS_REF }} steps: # checkout repo so we can ls-remote. we can use main for this - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # get the ref of the merge commit. we want to get the full sha instead of the tag so we can guarantee # it won't change by a user pushing a new change - id: checkout_ref diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 896aa0b4..a5987f3e 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -19,7 +19,7 @@ jobs: operator: runs-on: ubuntu-latest steps: - - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ inputs.operator }} format: 'table' @@ -30,7 +30,7 @@ jobs: nginx: runs-on: ubuntu-latest steps: - - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ inputs.nginx }} format: 'table' @@ -41,7 +41,7 @@ jobs: externaldns: runs-on: ubuntu-latest steps: - - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ inputs.externaldns }} format: 'table' diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml index 87713e4b..6a060582 100644 --- a/.github/workflows/unit.yaml +++ b/.github/workflows/unit.yaml @@ -17,7 +17,7 @@ jobs: unit-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.checkout_ref }} @@ -26,7 +26,7 @@ jobs: name: ${{ env.status-name }} ref: ${{ inputs.status_ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" @@ -51,10 +51,10 @@ jobs: run: go test -race -v ./... -coverprofile=coverage.out - name: Convert coverage to lcov - uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5 #v1.0.8 + uses: jandelgado/gcov2lcov-action@4e1989767862652e6ca8d3e2e61aabe6d43be28b #v1.0.8 - name: Coveralls - uses: coverallsapp/github-action@95b1a2355bd0e526ad2fd62da9fd386ad4c98474 #v2.2.1 + uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 #v2.3.4 with: flag-name: unit-test path-to-lcov: coverage.lcov