diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 9d383cf447..3815fafe7c 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -58,10 +58,10 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm,arm64,ppc64le,s390x @@ -92,7 +92,7 @@ jobs: type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} - name: Build Base Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." @@ -123,10 +123,10 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm64,s390x @@ -157,7 +157,7 @@ jobs: type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} - name: Build Base Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." @@ -191,7 +191,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Authenticate to Google Cloud id: auth @@ -229,7 +229,7 @@ jobs: type=raw,value=${{ needs.checks.outputs.docker_md5 }},enable=${{ needs.checks.outputs.docker_md5 != '' }} - name: Build Base Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index de6013b5cd..34ed03ca6c 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -113,17 +113,17 @@ jobs: if: ${{ inputs.authenticated && ! inputs.full-build }} - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm,arm64,ppc64le,s390x if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }} - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }} - name: Build Base Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." @@ -147,7 +147,7 @@ jobs: echo "full-build: ${{ inputs.full-build }}" - name: Fetch Cached Artifacts - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} @@ -155,7 +155,7 @@ jobs: if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }} - name: Build Docker image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 id: build-push with: file: build/Dockerfile @@ -201,7 +201,7 @@ jobs: - name: Run Docker Scout vulnerability scanner id: docker-scout - uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 + uses: docker/scout-action@b23590dc1e4d09febc00cfcbc51e9e8c0f7ee9f3 # v1.16.1 with: command: cves,recommendations image: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/build-ot-dependency.yml b/.github/workflows/build-ot-dependency.yml index ebf445a052..23650c310c 100644 --- a/.github/workflows/build-ot-dependency.yml +++ b/.github/workflows/build-ot-dependency.yml @@ -50,12 +50,12 @@ jobs: echo "nginx_version=${nginx_version}" >> $GITHUB_OUTPUT - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm,arm64,ppc64le,s390x - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 with: buildkitd-flags: --debug @@ -80,7 +80,7 @@ jobs: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index - name: Build and push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: ./Dockerfile context: "." diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index 2aa697eb88..14e19675a3 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -120,17 +120,17 @@ jobs: if: ${{ inputs.authenticated && ! inputs.full-build }} - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm,arm64,ppc64le,s390x if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }} - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }} - name: Build Base Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." @@ -160,7 +160,7 @@ jobs: echo "full-build: ${{ inputs.full-build }}" - name: Fetch Cached Artifacts - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} @@ -168,7 +168,7 @@ jobs: if: ${{ steps.images_exist.outputs.base_exists != 'true' || steps.images_exist.outputs.target_exists != 'true' }} - name: Build Docker image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 id: build-push with: file: build/Dockerfile @@ -222,7 +222,7 @@ jobs: - name: Run Docker Scout vulnerability scanner id: docker-scout - uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 + uses: docker/scout-action@b23590dc1e4d09febc00cfcbc51e9e8c0f7ee9f3 # v1.16.1 with: command: cves,recommendations image: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/build-single-image.yml b/.github/workflows/build-single-image.yml index 989f7d18a1..687e45935f 100644 --- a/.github/workflows/build-single-image.yml +++ b/.github/workflows/build-single-image.yml @@ -57,7 +57,7 @@ jobs: cat $GITHUB_OUTPUT - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -91,7 +91,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index 48fd09f358..63654859d3 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Authenticate to Google Cloud id: auth @@ -49,7 +49,7 @@ jobs: password: ${{ steps.auth.outputs.access_token }} - name: Build Test-Runner Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: tests/Dockerfile context: "." diff --git a/.github/workflows/build-ubi-dependency.yml b/.github/workflows/build-ubi-dependency.yml index ab3520cb70..39b5ec5416 100644 --- a/.github/workflows/build-ubi-dependency.yml +++ b/.github/workflows/build-ubi-dependency.yml @@ -92,12 +92,12 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm64,ppc64le,s390x - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -118,7 +118,7 @@ jobs: DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index - name: Build and push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: ./build/dependencies/Dockerfile.ubi context: "." diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 12a10cecaa..5942e29e3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -80,7 +80,7 @@ jobs: shell: bash --noprofile --norc -o pipefail {0} - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -119,7 +119,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} @@ -180,7 +180,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -217,7 +217,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} @@ -227,7 +227,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 with: files: ./coverage.txt token: ${{ secrets.CODECOV_TOKEN }} # required @@ -255,7 +255,7 @@ jobs: fetch-depth: 0 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} @@ -280,7 +280,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Store Artifacts in Cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} @@ -432,18 +432,18 @@ jobs: if: ${{ ( needs.checks.outputs.forked_workflow == 'false' || needs.checks.outputs.docs_only == 'false' ) && steps.stable_exists.outputs.exists != 'true' }} - name: Fetch Cached Artifacts - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} if: ${{ needs.checks.outputs.forked_workflow == 'true' && needs.checks.outputs.docs_only == 'false' }} - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 if: ${{ needs.checks.outputs.forked_workflow == 'true' && needs.checks.outputs.docs_only == 'false' }} - name: Build Docker Image ${{ matrix.base-os }} - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." @@ -533,7 +533,7 @@ jobs: echo "matrix_nap=$(cat .github/data/matrix-smoke-nap.json | jq -c --arg latest "${{ needs.checks.outputs.k8s_latest }}" '.k8s += [$latest]')" >> $GITHUB_OUTPUT - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Authenticate to Google Cloud id: auth @@ -561,7 +561,7 @@ jobs: if: ${{ needs.checks.outputs.forked_workflow == 'false' && needs.checks.outputs.docs_only == 'false' }} - name: Build Test-Runner Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: tests/Dockerfile context: "." diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3938ce8432..22600b2473 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/init@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -81,7 +81,7 @@ jobs: # queries: security-extended,security-and-quality - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod if: matrix.language == 'go' @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/autobuild@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/analyze@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependabot-hugo.yml b/.github/workflows/dependabot-hugo.yml index 834cfffc2a..fb8bc52c21 100644 --- a/.github/workflows/dependabot-hugo.yml +++ b/.github/workflows/dependabot-hugo.yml @@ -46,6 +46,6 @@ jobs: - name: Commit changes if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'go_modules' && contains(steps.dependabot-metadata.outputs.dependency-names, 'hugo') }} id: commit - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 + uses: stefanzweifel/git-auto-commit-action@e348103e9026cc0eee72ae06630dbe30c8bf7a79 # v5.1.0 with: commit_message: "Update docs go.mod" diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index 8555194c7b..c1efea8e27 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -51,7 +51,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -72,7 +72,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} @@ -123,7 +123,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -143,7 +143,7 @@ jobs: fi - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 if: steps.check-sarif.outputs.sarif_has_results == 'true' with: sarif_file: govulncheck.sarif @@ -159,7 +159,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} @@ -184,7 +184,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Store Artifacts in Cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} @@ -449,7 +449,7 @@ jobs: - name: Run Docker Scout vulnerability scanner id: docker-scout - uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 + uses: docker/scout-action@b23590dc1e4d09febc00cfcbc51e9e8c0f7ee9f3 # v1.16.1 with: command: cves,recommendations image: ${{ steps.meta.outputs.tags }} @@ -461,14 +461,14 @@ jobs: summary: true - name: Upload Scan Results to Github Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "${{ github.ref_name }}-${{ steps.directory.outputs.directory }}" path: "${{ steps.directory.outputs.directory }}/" overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -539,7 +539,7 @@ jobs: - name: Run Docker Scout vulnerability scanner id: docker-scout - uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 + uses: docker/scout-action@b23590dc1e4d09febc00cfcbc51e9e8c0f7ee9f3 # v1.16.1 with: command: cves,recommendations image: ${{ steps.meta.outputs.tags }} @@ -551,14 +551,14 @@ jobs: summary: true - name: Upload Scan Results to Github Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "${{ github.ref_name }}-${{ steps.directory.outputs.directory }}" path: "${{ steps.directory.outputs.directory }}/" overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -636,7 +636,7 @@ jobs: - name: Run Docker Scout vulnerability scanner id: docker-scout - uses: docker/scout-action@6ac950eb733f8b2811f25c05d97bfb3d181b8026 # v1.15.1 + uses: docker/scout-action@b23590dc1e4d09febc00cfcbc51e9e8c0f7ee9f3 # v1.16.1 with: command: cves,recommendations image: ${{ steps.meta.outputs.tags }} @@ -648,14 +648,14 @@ jobs: summary: true - name: Upload Scan Results to Github Artifacts - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "${{ github.ref_name }}-${{ steps.directory.outputs.directory }}" path: "${{ steps.directory.outputs.directory }}/" overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: sarif_file: "${{ steps.directory.outputs.directory }}/" diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index b17e2e91a4..08851c4a2f 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -27,7 +27,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -47,12 +47,12 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod - name: Lint Code - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0 with: only-new-issues: true @@ -63,7 +63,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: reviewdog/action-actionlint@7eeec1dd160c2301eb28e1568721837d084558ad # v1.57.0 + - uses: reviewdog/action-actionlint@abd537417cf4991e1ba8e21a67b1119f4f53b8e0 # v1.64.1 with: actionlint_flags: -shellcheck "" @@ -84,7 +84,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: DavidAnson/markdownlint-cli2-action@eb5ca3ab411449c66620fe7f1b3c9e10547144b0 # v18.0.0 + - uses: DavidAnson/markdownlint-cli2-action@05f32210e84442804257b2a6f20b273450ec8265 # v19.1.0 with: config: .markdownlint-cli2.yaml globs: "**/*.md" diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index ca0c850ab6..d304b983c4 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -47,10 +47,10 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 with: platforms: arm,arm64,ppc64le,s390x @@ -70,7 +70,7 @@ jobs: password: ${{ steps.auth.outputs.access_token }} - name: Apply OS patches to Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index a104f2f08d..da473223a3 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -91,7 +91,7 @@ jobs: ref: ${{ needs.checks.outputs.branch }} - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod @@ -99,7 +99,7 @@ jobs: run: make cover - name: Upload coverage to Codecov - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 with: files: ./coverage.txt token: ${{ secrets.CODECOV_TOKEN }} # required @@ -280,7 +280,7 @@ jobs: test-image: "gcr.io/f5-gcs-7899-ptg-ingrss-ctlr/dev/test-runner:${{ hashFiles('./tests/requirements.txt', './tests/Dockerfile') || 'latest' }}" - name: Upload Test Results - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: ${{ steps.regression-tests.outputs.test-results-name }} path: ${{ steps.regression-tests.outputs.test-results-path }} diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 4a3e91aa4f..df3025068f 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -70,7 +70,7 @@ jobs: .github/scripts/release-notes-update.sh ${{ github.event.inputs.new_version }} ${{ github.event.inputs.new_helm_version }} "${{ github.event.inputs.k8s_versions }}" "${{ github.event.inputs.release_date }}" - name: Create Pull Request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: token: ${{ secrets.NGINX_PAT }} commit-message: Release ${{ github.event.inputs.new_version }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b06fb579de..305d9cfceb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -84,7 +84,7 @@ jobs: - name: Fetch Cached Signed Binary Artifacts id: binary-cache-sign - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/tarballs key: nginx-ingress-release-${{ steps.vars.outputs.go_code_md5 }} @@ -403,7 +403,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }} - name: Publish to AWS Marketplace - uses: nginxinc/aws-marketplace-publish@47db7444063941b7e5b509cd8cd0be6f25ecb35b # v1.0.6 + uses: nginxinc/aws-marketplace-publish@accf7b4c725796b744f2ee27acc2488d76f63d32 # v1.0.8 continue-on-error: true with: version: ${{ inputs.nic_version }} @@ -432,7 +432,7 @@ jobs: ref: ${{ inputs.release_branch }} - name: Fetch Binary Artifacts from Cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.variables.outputs.go_code_md5 }} @@ -440,7 +440,7 @@ jobs: - name: Download Syft id: syft - uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8 + uses: anchore/sbom-action/download-syft@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }} - name: Install Cosign @@ -455,7 +455,7 @@ jobs: if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }} - name: Store Tarball Artifacts in Cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/tarballs key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} @@ -476,7 +476,7 @@ jobs: ref: ${{ inputs.release_branch }} - name: Fetch Cached Tarball Artifacts - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} path: ${{ github.workspace }}/tarballs @@ -520,7 +520,7 @@ jobs: ref: ${{ inputs.release_branch }} - name: Fetch Cached Tarball Artifacts - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} path: ${{ github.workspace }}/tarballs diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2afbe2e416..02be12dc9b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: sarif_file: results.sarif diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index c72ad0917c..a2cc9f0021 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -98,7 +98,7 @@ jobs: if: ${{ inputs.authenticated && steps.stable_exists.outputs.exists != 'true' }} - name: Fetch Cached Artifacts - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} @@ -114,7 +114,7 @@ jobs: if: ${{ inputs.authenticated }} - name: Build Test-Runner Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: tests/Dockerfile context: "." @@ -126,7 +126,7 @@ jobs: if: ${{ ( !inputs.authenticated || steps.check-image.outcome == 'failure' ) }} - name: Build ${{ inputs.image }} Container - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: file: build/Dockerfile context: "." @@ -168,7 +168,7 @@ jobs: if: ${{ steps.stable_exists.outputs.exists != 'true' }} - name: Upload Test Results - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: ${{ steps.smoke-tests.outputs.test-results-name }} path: ${{ steps.smoke-tests.outputs.test-results-path }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 43d555599a..aef731a6fb 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-24.04 steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: "This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 10 days." diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml index 19c3f70c7a..1eb2776695 100644 --- a/.github/workflows/update-docker-sha.yml +++ b/.github/workflows/update-docker-sha.yml @@ -75,7 +75,7 @@ jobs: echo $GITHUB_OUTPUT - name: Create Pull Request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 id: pr with: token: ${{ secrets.NGINX_PAT }} diff --git a/.github/workflows/update-kubernetes-version.yml b/.github/workflows/update-kubernetes-version.yml index 9c79f73ca7..8afa03edd6 100644 --- a/.github/workflows/update-kubernetes-version.yml +++ b/.github/workflows/update-kubernetes-version.yml @@ -43,7 +43,7 @@ jobs: if: ${{ steps.search.outputs.found == 'false' }} - name: Create Pull Request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: token: ${{ secrets.NGINX_PAT }} commit-message: update kubernetes version to ${{ steps.k8s-version.outputs.version }} in helm schema diff --git a/.github/workflows/update-release-draft.yml b/.github/workflows/update-release-draft.yml index 1ba3d1f438..36c991de49 100644 --- a/.github/workflows/update-release-draft.yml +++ b/.github/workflows/update-release-draft.yml @@ -34,7 +34,7 @@ jobs: ref: ${{ inputs.branch }} - name: Setup Golang Environment - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version-file: go.mod diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 25b66fe06b..d65682c834 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -48,7 +48,7 @@ jobs: CHART_VERSION: ${{ inputs.helm_chart_version }} - name: Create Pull Request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: token: ${{ secrets.NGINX_PAT }} commit-message: Version Bump for ${{ github.event.inputs.ic_version }}