diff --git a/.github/workflows/_.helm.lint.yaml b/.github/workflows/_.helm.lint.yaml index 1d98f62ef..e990e395c 100644 --- a/.github/workflows/_.helm.lint.yaml +++ b/.github/workflows/_.helm.lint.yaml @@ -19,7 +19,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 env: @@ -39,7 +39,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 id: restore-asdf @@ -105,7 +105,7 @@ jobs: security-events: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 with: format: sarif diff --git a/.github/workflows/_.helm.list-changed.yaml b/.github/workflows/_.helm.list-changed.yaml index e0d20294d..f75b18fe7 100644 --- a/.github/workflows/_.helm.list-changed.yaml +++ b/.github/workflows/_.helm.list-changed.yaml @@ -16,7 +16,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 10 diff --git a/.github/workflows/_.helm.test.yaml b/.github/workflows/_.helm.test.yaml index d8e6bd703..89257a9a3 100644 --- a/.github/workflows/_.helm.test.yaml +++ b/.github/workflows/_.helm.test.yaml @@ -20,7 +20,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 @@ -38,7 +38,7 @@ jobs: python-version: '3.9' check-latest: true - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: cluster_name: kind wait: 30s diff --git a/.github/workflows/_.images.build.yaml b/.github/workflows/_.images.build.yaml index d150cc70a..8a100fd63 100644 --- a/.github/workflows/_.images.build.yaml +++ b/.github/workflows/_.images.build.yaml @@ -47,7 +47,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 1 @@ -122,7 +122,7 @@ jobs: matrix: platform: ${{ fromJson(needs.metadata.outputs.build-platforms) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 1 @@ -173,7 +173,7 @@ jobs: - name: Rename OCI image artifact before upload if: ${{ inputs.dry-run }} run: mv ${{ needs.metadata.outputs.image-slug }}.tar oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: ${{ inputs.dry-run }} with: name: oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar @@ -208,7 +208,7 @@ jobs: security-events: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 with: format: sarif diff --git a/.github/workflows/_.images.lint.yaml b/.github/workflows/_.images.lint.yaml index ac10ff2f4..4ff481a51 100644 --- a/.github/workflows/_.images.lint.yaml +++ b/.github/workflows/_.images.lint.yaml @@ -15,7 +15,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 with: dockerfile: ${{ inputs.containerfile }} diff --git a/.github/workflows/_.images.list-changed.yaml b/.github/workflows/_.images.list-changed.yaml index 14a1ad741..33256de2c 100644 --- a/.github/workflows/_.images.list-changed.yaml +++ b/.github/workflows/_.images.list-changed.yaml @@ -23,7 +23,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 10 diff --git a/.github/workflows/_.images.supply-chain.for-artifacts.yaml b/.github/workflows/_.images.supply-chain.for-artifacts.yaml index 306d66494..6d105cad0 100644 --- a/.github/workflows/_.images.supply-chain.for-artifacts.yaml +++ b/.github/workflows/_.images.supply-chain.for-artifacts.yaml @@ -21,11 +21,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 1 - - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 id: download-oci with: name: ${{ inputs.artifact-ref }} @@ -39,7 +39,7 @@ jobs: format: cyclonedx output: sbom.cyclonedx.json - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: sbom-cyclonedx.${{ inputs.name }}.json path: sbom.cyclonedx.json @@ -53,11 +53,11 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 1 - - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 id: download-oci with: name: ${{ inputs.artifact-ref }} @@ -70,7 +70,7 @@ jobs: input: trivy-${{ github.run_id }} format: cosign-vuln output: vulnerabilities.cosign-vuln.json - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: cosign-vuln.${{ inputs.name }}.json path: vulnerabilities.cosign-vuln.json diff --git a/.github/workflows/_.images.supply-chain.for-registry.yaml b/.github/workflows/_.images.supply-chain.for-registry.yaml index f846062c6..0db08473d 100644 --- a/.github/workflows/_.images.supply-chain.for-registry.yaml +++ b/.github/workflows/_.images.supply-chain.for-registry.yaml @@ -45,7 +45,7 @@ jobs: packages: write security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: diff --git a/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml b/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml index c03955fb1..260a52694 100644 --- a/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml +++ b/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml @@ -22,7 +22,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 diff --git a/.github/workflows/push.helm.fix-renovate.yml b/.github/workflows/push.helm.fix-renovate.yml index 19bb22666..5aa8fe371 100644 --- a/.github/workflows/push.helm.fix-renovate.yml +++ b/.github/workflows/push.helm.fix-renovate.yml @@ -44,7 +44,7 @@ jobs: with: app_id: ${{ secrets.BOT_ID }} private_key: ${{ secrets.BOT_PKEY }} - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 token: ${{ steps.app_auth.outputs.token }} diff --git a/.github/workflows/push.helm.release.yml b/.github/workflows/push.helm.release.yml index b7449ce3d..bfbfe7cf1 100644 --- a/.github/workflows/push.helm.release.yml +++ b/.github/workflows/push.helm.release.yml @@ -22,7 +22,7 @@ jobs: pages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 @@ -84,7 +84,7 @@ jobs: matrix: chart: ${{ fromJson(needs.list-changed-charts.outputs.charts) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 with: format: sarif diff --git a/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml b/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml index 78c5e4fc1..a49909677 100644 --- a/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml +++ b/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml @@ -14,7 +14,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: repository: beluga-cloud/.github - uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 diff --git a/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml b/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml index f66308146..c4717c21a 100644 --- a/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml +++ b/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml @@ -17,7 +17,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Find all images id: find-images diff --git a/.github/workflows/schedule.helm.test-all.yml b/.github/workflows/schedule.helm.test-all.yml index 10e286074..2e1079d56 100644 --- a/.github/workflows/schedule.helm.test-all.yml +++ b/.github/workflows/schedule.helm.test-all.yml @@ -17,7 +17,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 1 diff --git a/.github/workflows/workflow_dispatch.helm.release.yml b/.github/workflows/workflow_dispatch.helm.release.yml index a47c2b359..c55a0acf4 100644 --- a/.github/workflows/workflow_dispatch.helm.release.yml +++ b/.github/workflows/workflow_dispatch.helm.release.yml @@ -15,7 +15,7 @@ jobs: pages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 @@ -69,7 +69,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Find all Containerfiles id: find-charts @@ -94,7 +94,7 @@ jobs: matrix: chart: ${{ fromJson(needs.list-all-charts.outputs.charts) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 with: format: sarif diff --git a/.github/workflows/workflow_dispatch.images.release.yaml b/.github/workflows/workflow_dispatch.images.release.yaml index aa247c229..eb67c9dc1 100644 --- a/.github/workflows/workflow_dispatch.images.release.yaml +++ b/.github/workflows/workflow_dispatch.images.release.yaml @@ -15,7 +15,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Find all Containerfiles id: find-images