diff --git a/.github/workflows/check-actions.yaml b/.github/workflows/check-actions.yaml index fc9792b7..747f1108 100644 --- a/.github/workflows/check-actions.yaml +++ b/.github/workflows/check-actions.yaml @@ -14,9 +14,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@9e9574ef04ea69da568d6249bd69539ccc704e74 # v4.0.0 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@6124774845927d14c601359ab8138699fa5b70c3 # v4.0.1 with: # slsa-github-generator requires using a semver tag for reusable workflows. # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators diff --git a/.github/workflows/check-commit.yml b/.github/workflows/check-commit.yml index 72fd7dc9..6dc279ec 100644 --- a/.github/workflows/check-commit.yml +++ b/.github/workflows/check-commit.yml @@ -17,7 +17,7 @@ jobs: commit_lint: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 3d3133a8..972755a7 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -28,12 +28,12 @@ jobs: contents: read steps: - name: Checkout Source - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' - name: Run Gosec Security Scanner - uses: securego/gosec@15d5c61e866bc2e2e8389376a31f1e5e09bde7d8 # v2.22.9 + uses: securego/gosec@424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f # v2.22.11 with: args: '-no-fail -fmt sarif -out gosec.sarif ./...' - name: Upload SARIF file @@ -45,8 +45,8 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' - name: Unit Test @@ -58,7 +58,7 @@ jobs: value: ${{ secrets.CODECOV_TOKEN }} - name: Upload Report to Codecov if: ${{ steps.checksecret.outputs.result == 'true' }} - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 with: token: ${{ secrets.CODECOV_TOKEN }} slug: peak-scale/sops-operator diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index bb560b09..edac3fb5 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -23,12 +23,12 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: ko build run: VERSION=${{ github.sha }} make ko-build-all - name: Trivy Scan Image diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ecb4c8df..a1149228 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -17,7 +17,7 @@ jobs: container-digest: ${{ steps.publish.outputs.digest }} steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: "Extract Version" id: extract_version run: | @@ -29,10 +29,10 @@ jobs: uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Setup QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Publish with KO id: publish diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8ade9f2a..014092ed 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -25,10 +25,10 @@ jobs: name: Kubernetes runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml index 095ac953..14868cdb 100644 --- a/.github/workflows/gosec.yaml +++ b/.github/workflows/gosec.yaml @@ -20,12 +20,12 @@ jobs: GO111MODULE: on steps: - name: Checkout Source - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' - name: Run Gosec Security Scanner - uses: securego/gosec@15d5c61e866bc2e2e8389376a31f1e5e09bde7d8 # v2.22.9 + uses: securego/gosec@424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f # v2.22.11 with: args: '-no-fail -fmt sarif -out gosec.sarif ./...' - name: Upload SARIF file diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index 04366399..68e801db 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -14,7 +14,7 @@ jobs: outputs: chart-digest: ${{ steps.helm_publish.outputs.digest }} steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: "Extract Version" id: extract_version diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 35c141a7..a07edf96 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -24,14 +24,14 @@ jobs: options: --user root steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Run ah lint working-directory: ./charts/ run: ah lint lint: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 3eac09c2..8f433c88 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -15,10 +15,10 @@ jobs: name: diff runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' - name: Generate manifests @@ -35,7 +35,7 @@ jobs: name: yamllint runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install yamllint run: pip install yamllint - name: Lint YAML files @@ -44,8 +44,8 @@ jobs: name: lint runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' - name: Run golangci-lint diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 031e8ea9..1eb448d0 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0 - uses: anchore/sbom-action/download-syft@43a17d6e7add2b5535efe4dcae9952337c479a93 - name: Install Cosign diff --git a/e2e/manifests/distro/openbao.flux.yaml b/e2e/manifests/distro/openbao.flux.yaml index 3b620fba..a57f700e 100644 --- a/e2e/manifests/distro/openbao.flux.yaml +++ b/e2e/manifests/distro/openbao.flux.yaml @@ -22,7 +22,7 @@ spec: chart: spec: chart: openbao - version: "0.19.0" + version: "0.23.3" sourceRef: kind: HelmRepository name: openbao