diff --git a/.github/workflows/bullseye-coverage.yml b/.github/workflows/bullseye-coverage.yml index 223087fee07..dbe4a5f2263 100644 --- a/.github/workflows/bullseye-coverage.yml +++ b/.github/workflows/bullseye-coverage.yml @@ -10,7 +10,7 @@ env: # the organizational defaults values for these variables # TODO: we really need to define a list of supported versions (ideally it's no more than 2) # build is done on the lowest version and test on the highest with a "sanity test" - # stage done on all versions in the list ecept the highest + # stage done on all versions in the list except the highest EL8_BUILD_VERSION: ${{ vars.EL8_BUILD_VERSION_MASTER }} EL8_VERSION: ${{ vars.EL8_VERSION_MASTER }} EL9_BUILD_VERSION: ${{ vars.EL9_BUILD_VERSION_MASTER }} @@ -365,7 +365,8 @@ jobs: - name: Publish test results if: (!cancelled()) && (success() || failure()) && steps.run-test.outcome != 'skipped' - uses: EnricoMi/publish-unit-test-result-action@v2 + # yamllint disable-line rule:line-length + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: check_name: ${{ env.STAGE_NAME }} Test Results github_token: ${{ secrets.GITHUB_TOKEN }} @@ -632,7 +633,8 @@ jobs: - name: Publish test results if: (!cancelled()) && (success() || failure()) && steps.run-test.outcome != 'skipped' - uses: EnricoMi/publish-unit-test-result-action@v2 + # yamllint disable-line rule:line-length + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: check_name: ${{ env.STAGE_NAME }} Test Results github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci2.yml b/.github/workflows/ci2.yml index 50063bbad2b..a487173347b 100644 --- a/.github/workflows/ci2.yml +++ b/.github/workflows/ci2.yml @@ -67,7 +67,8 @@ jobs: run: docker cp build-post:/home/daos/daos/nlt-junit.xml ./ - name: Publish NLT test results if: always() - uses: EnricoMi/publish-unit-test-result-action@v1.17 + # yamllint disable-line rule:line-length + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} files: nlt-junit.xml diff --git a/.github/workflows/landing-builds.yml b/.github/workflows/landing-builds.yml index aeedd80b9d6..09ba348aec3 100644 --- a/.github/workflows/landing-builds.yml +++ b/.github/workflows/landing-builds.yml @@ -138,7 +138,8 @@ jobs: run: docker cp build-post:/home/daos/daos/nlt-junit.xml ./ - name: Publish NLT test results if: always() - uses: EnricoMi/publish-unit-test-result-action@v1.17 + # yamllint disable-line rule:line-length + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} files: nlt-junit.xml diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 8c1553f10d4..4fd96e47954 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -20,13 +20,18 @@ jobs: name: Python isort runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Checkout code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - name: Set up Python environment + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: '3' - - uses: isort/isort-action@f14e57e1d457956c45a19c05a89cccdf087846e5 # v1.1.0 + - name: Install extra python packages + run: python3 -m pip install --requirement utils/cq/requirements.txt + - name: Run isort + uses: isort/isort-action@24d8a7a51d33ca7f36c3f23598dafa33f7071326 # v1.1.1 with: requirementsFiles: "requirements.txt" - name: Run on SConstruct file. @@ -155,7 +160,7 @@ jobs: - name: Install extra python packages run: python3 -m pip install --requirement utils/cq/requirements.txt - name: Run check - uses: codespell-project/actions-codespell@3174815d6231f5bdc24dbfb6fc3b8caec73d521c # master + uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # master with: skip: ./src/control/vendor,./src/control/go.sum,./.git ignore_words_file: ci/codespell.ignores diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index e404f8770be..9711664a405 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif diff --git a/.github/workflows/pr-metadata.yml b/.github/workflows/pr-metadata.yml index 9b8e5bcc0c9..02229e27d1c 100644 --- a/.github/workflows/pr-metadata.yml +++ b/.github/workflows/pr-metadata.yml @@ -27,11 +27,12 @@ jobs: id: jira-data - name: Comment on PR if: always() - uses: thollander/actions-comment-pull-request@v2 + # yamllint disable-line rule:line-length + uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: - comment_tag: 'jira_query_message' + comment-tag: 'jira_query_message' message: ${{ steps.jira-data.outputs.message }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.GITHUB_TOKEN }} - name: Set labels if: ${{ always() && steps.jira-data.outputs.label != '' }} uses: actions-ecosystem/action-add-labels@v1 diff --git a/.github/workflows/rpm-build-and-test-report.yml b/.github/workflows/rpm-build-and-test-report.yml index d268550d2dc..7b67704b307 100644 --- a/.github/workflows/rpm-build-and-test-report.yml +++ b/.github/workflows/rpm-build-and-test-report.yml @@ -41,7 +41,7 @@ jobs: esac echo "STAGE_NAME=Build RPM on $DISTRO_NAME $DISTRO_VERSION" >> $GITHUB_ENV - name: Test Report - uses: phoenix-actions/test-reporting@v10 + uses: phoenix-actions/test-reporting@f957cd93fc2d848d556fa0d03c57bc79127b6b5e # v15 with: artifact: ${{ env.STAGE_NAME }} test-results name: ${{ env.STAGE_NAME }} Test Results (phoenix-actions) @@ -60,7 +60,7 @@ jobs: - name: Set variables run: echo "STAGE_NAME=Functional Hardware ${{ matrix.stage }}" >> $GITHUB_ENV - name: Test Report - uses: phoenix-actions/test-reporting@v10 + uses: phoenix-actions/test-reporting@f957cd93fc2d848d556fa0d03c57bc79127b6b5e # v15 with: artifact: ${{ env.STAGE_NAME }} test-results name: ${{ env.STAGE_NAME }} Test Results (phoenix-actions) diff --git a/.github/workflows/rpm-build-and-test.yml b/.github/workflows/rpm-build-and-test.yml index 6f33efc1ad0..42d8ae60489 100644 --- a/.github/workflows/rpm-build-and-test.yml +++ b/.github/workflows/rpm-build-and-test.yml @@ -10,7 +10,7 @@ env: # the organizational defaults values for these variables # TODO: we really need to define a list of supported versions (ideally it's no more than 2) # build is done on the lowest version and test on the highest with a "sanity test" - # stage done on all versions in the list ecept the highest + # stage done on all versions in the list except the highest EL8_BUILD_VERSION: ${{ vars.EL8_BUILD_VERSION_MASTER }} EL8_VERSION: ${{ vars.EL8_VERSION_MASTER }} EL9_BUILD_VERSION: ${{ vars.EL9_BUILD_VERSION_MASTER }} @@ -373,7 +373,8 @@ jobs: - name: Publish test results if: (!cancelled()) && (success() || failure()) && steps.run-test.outcome != 'skipped' - uses: EnricoMi/publish-unit-test-result-action@v2 + # yamllint disable-line rule:line-length + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: check_name: ${{ env.STAGE_NAME }} Test Results github_token: ${{ secrets.GITHUB_TOKEN }} @@ -640,7 +641,8 @@ jobs: - name: Publish test results if: (!cancelled()) && (success() || failure()) && steps.run-test.outcome != 'skipped' - uses: EnricoMi/publish-unit-test-result-action@v2 + # yamllint disable-line rule:line-length + uses: EnricoMi/publish-unit-test-result-action@4e7013f9576bd22ffdae979dc6e68cb9ec2aeece # v2.7.0 with: check_name: ${{ env.STAGE_NAME }} Test Results github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 89152cb1afa..cb8299d765e 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -26,7 +26,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run Trivy vulnerability scanner in filesystem mode (table format) - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 with: scan-type: 'fs' scan-ref: '.' @@ -51,15 +51,14 @@ jobs: sed -i 's/format: template/format: sarif/g' utils/trivy/trivy.yaml - name: Run Trivy vulnerability scanner in filesystem mode (sarif format) - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 with: scan-type: 'fs' scan-ref: '.' trivy-config: 'utils/trivy/trivy.yaml' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a - # 3.25.15 (v3) + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: 'trivy-results.sarif' @@ -70,7 +69,7 @@ jobs: sed -i 's/exit-code: 0/exit-code: 1/g' utils/trivy/trivy.yaml - name: Run Trivy vulnerability scanner in filesystem mode (human readable format) - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 with: scan-type: 'fs' scan-ref: '.'