diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 940657e890..d444471393 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -64,7 +64,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -130,7 +130,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -205,7 +205,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 7f83f23491..256b020355 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -103,7 +103,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -224,7 +224,7 @@ jobs: if: ${{ github.ref_type == 'tag' && contains(inputs.image, 'ubi') }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 continue-on-error: true with: image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }} @@ -233,7 +233,7 @@ jobs: ignore-unfixed: "true" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 1832b4ed20..63dd2911e6 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -74,7 +74,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -254,7 +254,7 @@ jobs: if: ${{ inputs.publish-image }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 continue-on-error: true with: image-ref: ${{ steps.trivy-tag.outputs.tag }} @@ -264,7 +264,7 @@ jobs: if: ${{ inputs.publish-image }} - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index 62b08500a9..3e1649aa1a 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -35,7 +35,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 326de25caf..70f5ca1ec6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -155,7 +155,7 @@ jobs: run: make cover if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 + uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 with: files: ./coverage.txt token: ${{ secrets.CODECOV_TOKEN }} # required @@ -227,7 +227,7 @@ jobs: if: github.ref_type == 'tag' - name: Build binaries - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0 with: version: latest args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' || '' }} --clean @@ -298,7 +298,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -433,7 +433,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -501,7 +501,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0f75521a17..d1f6cff604 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index 7ce12618e8..dd82df61bb 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -52,7 +52,7 @@ jobs: go-version-file: go.mod - name: Lint Code - uses: golangci/golangci-lint-action@23faadfdeb23a6f9e511beaba149bb123b5b145a # v6.0.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: only-new-issues: true @@ -63,7 +63,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: reviewdog/action-actionlint@51bfb044ddaed55059d16f14daedbe05a9937dc1 # v1.45.0 + - uses: reviewdog/action-actionlint@89a03f6ba8c0a9fd238e82c075ffb34b86e40291 # v1.46.0 with: actionlint_flags: -shellcheck "" diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 2243a05eed..838a1b3244 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -81,7 +81,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -123,7 +123,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -176,7 +176,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -224,7 +224,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -273,7 +273,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index 5e3f83d433..7d0e0f5f98 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -56,7 +56,7 @@ jobs: - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 912cd1de67..92f9554497 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -81,7 +81,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -123,7 +123,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -180,7 +180,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-priv-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -188,7 +188,7 @@ jobs: - name: Authenticate to Google Cloud Marketplace id: gcr-mktpl-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY_MKTPL }} @@ -225,7 +225,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} @@ -275,7 +275,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index 598a171af6..8a763a8f23 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -44,7 +44,7 @@ jobs: - name: Authenticate to Google Cloud id: gcr-auth - uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2 + uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: token_format: access_token workload_identity_provider: ${{ secrets.GCR_WORKLOAD_IDENTITY }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e9267ea978..d93a17581c 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -34,7 +34,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0ca65de478..18077c8bbc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -43,7 +43,7 @@ repos: pass_filenames: false - repo: https://github.com/golangci/golangci-lint - rev: v1.58.0 + rev: v1.58.1 hooks: - id: golangci-lint args: [--new-from-patch=/tmp/diff.patch] @@ -64,7 +64,7 @@ repos: - id: black - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.28.2 + rev: 0.28.3 hooks: - id: check-jsonschema name: "Check Helm Chart JSON Schema"