diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index eee45a297..929ec3146 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -24,7 +24,7 @@ jobs: controller: ${{ steps.filter.outputs.controller }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v2.10.2 id: filter @@ -58,16 +58,16 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.2 - name: Setup Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v2.0.0 + uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v2.0.0 with: version: latest use: false - name: Docker login - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -127,7 +127,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Docker login - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -154,7 +154,7 @@ jobs: echo "sbom=${SBOM_SPDX}" >> $GITHUB_OUTPUT - name: Upload SBOM - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 with: retention-days: 30 name: ${{ steps.sign.outputs.sbom }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 993ea9d3a..e469f38db 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -80,7 +80,7 @@ jobs: ARCH: ${{ matrix.ARCH }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Import secrets uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e # v2.5.0 @@ -96,7 +96,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -117,7 +117,7 @@ jobs: nginx-ingress-controller:e2e - name: Cache controller images - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 with: retention-days: 1 name: controller-${{ env.ARCH }}.tar @@ -172,7 +172,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Load cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 @@ -183,7 +183,7 @@ jobs: run: docker load -i controller-${{ env.ARCH }}.tar - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -246,7 +246,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -259,7 +259,7 @@ jobs: run: docker load -i controller-${{ env.ARCH }}.tar - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -294,7 +294,7 @@ jobs: ARCH: amd64 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Load controller build cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 @@ -318,7 +318,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -373,7 +373,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Load controller build cache uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 @@ -384,7 +384,7 @@ jobs: run: docker load -i controller-${{ env.ARCH }}.tar - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} @@ -443,7 +443,7 @@ jobs: kv-gitlab-ci/data/github/shared/dockerhub-creds password | DOCKERHUB_PASSWORD ; - name: Login to DockerHub - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: username: ${{ steps.secrets.outputs.DOCKERHUB_USER }} password: ${{ steps.secrets.outputs.DOCKERHUB_PASSWORD }} diff --git a/.github/workflows/depreview.yaml b/.github/workflows/depreview.yaml index 32b98c2b2..6d7e44608 100644 --- a/.github/workflows/depreview.yaml +++ b/.github/workflows/depreview.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index c71f090af..674589fd0 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -15,19 +15,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get go version run: echo "GOLANG_VERSION=$(cat GOLANG_VERSION)" >> $GITHUB_ENV - name: Set up Go id: go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ env.GOLANG_VERSION }} check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0 with: version: v1.56 diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index 4de45b4de..cddfd1b8e 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -28,7 +28,7 @@ jobs: kv-gitlab-ci/data/github/shared/github_token token ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Check release type id: check_release diff --git a/.github/workflows/perftest.yaml b/.github/workflows/perftest.yaml index 044c3a260..de22d53d9 100644 --- a/.github/workflows/perftest.yaml +++ b/.github/workflows/perftest.yaml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install K6 run: | diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f927443df..08831c91e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,12 +27,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1 + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: sarif_file: results.sarif diff --git a/.github/workflows/smoke-test.yaml b/.github/workflows/smoke-test.yaml index 06a902d10..0b0e81118 100644 --- a/.github/workflows/smoke-test.yaml +++ b/.github/workflows/smoke-test.yaml @@ -47,7 +47,7 @@ jobs: kv-gitlab-ci/data/github/shared/smoke-tests-registry-creds token_secret ; - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v3.0.2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3.0.2 - name: Create cluster run: kind create cluster --image=kindest/node:${{ matrix.k8s }} diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml index ce2002d6b..57931d2af 100644 --- a/.github/workflows/vulnerability-scans.yaml +++ b/.github/workflows/vulnerability-scans.yaml @@ -22,7 +22,7 @@ jobs: tag: ${{ steps.version.outputs.tag }} steps: - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -39,7 +39,7 @@ jobs: needs: version steps: - name: Checkout code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - shell: bash id: test @@ -47,7 +47,7 @@ jobs: - name: Scan image with AquaSec/Trivy id: scan - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: docker.io/wallarm/ingress-controller:${{ needs.version.outputs.tag }} format: 'sarif' @@ -62,7 +62,7 @@ jobs: # This step checks out a copy of your repository. - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: token: ${{ github.token }} # Path to SARIF file relative to the root of the repository