From 1bd91c9c792998a1e93878de5886783be95a4881 Mon Sep 17 00:00:00 2001 From: Bevan Arps Date: Thu, 29 Aug 2024 10:47:03 +1200 Subject: [PATCH 1/4] Update version of actions/checkout --- .github/workflows/api-docs-repo.yaml | 4 ++-- .github/workflows/build-devcontainer-image.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/create-release-experimental.yml | 2 +- .github/workflows/create-release-official.yml | 2 +- .github/workflows/deploy-site.yml | 2 +- .github/workflows/helm-chart-repo.yaml | 4 ++-- .github/workflows/live-validation.yml | 2 +- .github/workflows/pr-validation-docs.yml | 2 +- .github/workflows/pr-validation-fork.yml | 2 +- .github/workflows/pr-validation.yml | 4 ++-- .github/workflows/pre-release-tests.yaml | 2 +- .github/workflows/scan-controller-image.yaml | 2 +- .github/workflows/visualize-repo.yml | 4 ++-- 14 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/api-docs-repo.yaml b/.github/workflows/api-docs-repo.yaml index 38c62f8ecb7..9ac59d9beeb 100644 --- a/.github/workflows/api-docs-repo.yaml +++ b/.github/workflows/api-docs-repo.yaml @@ -24,7 +24,7 @@ jobs: private-key: ${{ secrets.AUTOMATION_KEY }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: ref: main @@ -36,7 +36,7 @@ jobs: branch: ${{ format('bot/update-api-docs-{0}', github.run_number) }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: ref: ${{ format('bot/update-api-docs-{0}', github.run_number) }} fetch-depth: 0 # required to access tags diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index 84e30cc723c..d7bdbe18349 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 - name: Log in to GitHub Docker Registry uses: docker/login-action@v2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9f003aa65ed..587f5ac63be 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/create-release-experimental.yml b/.github/workflows/create-release-experimental.yml index 43f996a3f12..12aff971daa 100644 --- a/.github/workflows/create-release-experimental.yml +++ b/.github/workflows/create-release-experimental.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: "true" diff --git a/.github/workflows/create-release-official.yml b/.github/workflows/create-release-official.yml index 0f90717618e..04d0d7216aa 100644 --- a/.github/workflows/create-release-official.yml +++ b/.github/workflows/create-release-official.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: "true" diff --git a/.github/workflows/deploy-site.yml b/.github/workflows/deploy-site.yml index 3356c9ceea6..62f82eb0e6d 100644 --- a/.github/workflows/deploy-site.yml +++ b/.github/workflows/deploy-site.yml @@ -22,7 +22,7 @@ jobs: private-key: ${{ secrets.AUTOMATION_KEY }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: "true" diff --git a/.github/workflows/helm-chart-repo.yaml b/.github/workflows/helm-chart-repo.yaml index 46d7efad3d4..b1b8ae5fd81 100644 --- a/.github/workflows/helm-chart-repo.yaml +++ b/.github/workflows/helm-chart-repo.yaml @@ -33,7 +33,7 @@ jobs: private-key: ${{ secrets.AUTOMATION_KEY }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: ref: ${{ env.ref }} fetch-depth: 0 # required to access tags @@ -52,7 +52,7 @@ jobs: sha: ${{ env.sha }} - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: ref: ${{ format('bot/update-helm-chart-{0}', env.ref) }} fetch-depth: 0 # required to access tags diff --git a/.github/workflows/live-validation.yml b/.github/workflows/live-validation.yml index 7f80c571c9e..8ffb3162815 100644 --- a/.github/workflows/live-validation.yml +++ b/.github/workflows/live-validation.yml @@ -14,7 +14,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: "true" diff --git a/.github/workflows/pr-validation-docs.yml b/.github/workflows/pr-validation-docs.yml index 71679567bf8..b57cc83a2bc 100644 --- a/.github/workflows/pr-validation-docs.yml +++ b/.github/workflows/pr-validation-docs.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: "true" diff --git a/.github/workflows/pr-validation-fork.yml b/.github/workflows/pr-validation-fork.yml index 32b7ff97b0d..abdb1b47830 100644 --- a/.github/workflows/pr-validation-fork.yml +++ b/.github/workflows/pr-validation-fork.yml @@ -53,7 +53,7 @@ jobs: return result; - name: Fork based /ok-to-test checkout - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: 'true' diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index a2038069221..543ba421cb7 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -66,7 +66,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: 'true' @@ -183,7 +183,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: 'true' diff --git a/.github/workflows/pre-release-tests.yaml b/.github/workflows/pre-release-tests.yaml index 58bbd96ba24..b7d8166a299 100644 --- a/.github/workflows/pre-release-tests.yaml +++ b/.github/workflows/pre-release-tests.yaml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: 'true' diff --git a/.github/workflows/scan-controller-image.yaml b/.github/workflows/scan-controller-image.yaml index f6da003f908..67a87523f74 100644 --- a/.github/workflows/scan-controller-image.yaml +++ b/.github/workflows/scan-controller-image.yaml @@ -23,7 +23,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: fetch-depth: 0 # required to access tags submodules: 'true' diff --git a/.github/workflows/visualize-repo.yml b/.github/workflows/visualize-repo.yml index d420a29e6a8..037b399bf12 100644 --- a/.github/workflows/visualize-repo.yml +++ b/.github/workflows/visualize-repo.yml @@ -22,7 +22,7 @@ jobs: private-key: ${{ secrets.AUTOMATION_KEY }} - name: Checkout code - uses: actions/checkout@v3.3.0 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: ref: main @@ -34,7 +34,7 @@ jobs: branch: "bot/update-diagrams" - name: Checkout code - uses: actions/checkout@v3.3.0 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 with: ref: bot/update-diagrams From 5c567659f08f2dced4b11127020e5a12b8475038 Mon Sep 17 00:00:00 2001 From: Bevan Arps Date: Thu, 29 Aug 2024 10:45:38 +1200 Subject: [PATCH 2/4] Update version of actions/github-script --- .github/workflows/add-needs-triage-label.yml | 2 +- .github/workflows/pr-validation-fork.yml | 4 ++-- .github/workflows/pr-validation.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/add-needs-triage-label.yml b/.github/workflows/add-needs-triage-label.yml index 5fc6037ba72..d4cc8195e94 100644 --- a/.github/workflows/add-needs-triage-label.yml +++ b/.github/workflows/add-needs-triage-label.yml @@ -12,7 +12,7 @@ jobs: permissions: issues: write steps: - - uses: actions/github-script@v6 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 with: script: | github.rest.issues.addLabels({ diff --git a/.github/workflows/pr-validation-fork.yml b/.github/workflows/pr-validation-fork.yml index abdb1b47830..993dfc3f612 100644 --- a/.github/workflows/pr-validation-fork.yml +++ b/.github/workflows/pr-validation-fork.yml @@ -26,7 +26,7 @@ jobs: # of this job we update the "integration-tests" check to be passing as well (so this single job really # ends up writing the status 2 checks, 1 is "integration-tests" and one is "integration-tests-fork"). - name: set-check-run-in-progress - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 id: set-check-run-in-progress env: number: ${{ github.event.client_payload.pull_request.number }} @@ -115,7 +115,7 @@ jobs: # Update check run called "integration-fork" - name: update-integration-tests-result - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 id: update-check-run if: ${{ always() }} env: diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 543ba421cb7..4a8d7682ca6 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -255,7 +255,7 @@ jobs: # Update check run called "integration-tests-fork" - name: update-integration-tests-result - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # pinned to v7.0.1 id: update-check-run if: ${{ always() }} env: From c124c887153b020aafe459c888501c1a90807ed5 Mon Sep 17 00:00:00 2001 From: Bevan Arps Date: Thu, 29 Aug 2024 10:48:00 +1200 Subject: [PATCH 3/4] Update version of docker/login-action --- .github/workflows/api-docs-repo.yaml | 2 +- .github/workflows/build-devcontainer-image.yml | 2 +- .github/workflows/deploy-site.yml | 2 +- .github/workflows/helm-chart-repo.yaml | 2 +- .github/workflows/pr-validation-docs.yml | 2 +- .github/workflows/pr-validation-fork.yml | 2 +- .github/workflows/pr-validation.yml | 4 ++-- .github/workflows/scan-controller-image.yaml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/api-docs-repo.yaml b/.github/workflows/api-docs-repo.yaml index 9ac59d9beeb..bf97fc07193 100644 --- a/.github/workflows/api-docs-repo.yaml +++ b/.github/workflows/api-docs-repo.yaml @@ -43,7 +43,7 @@ jobs: submodules: "true" - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/build-devcontainer-image.yml b/.github/workflows/build-devcontainer-image.yml index d7bdbe18349..6d10da86d5b 100644 --- a/.github/workflows/build-devcontainer-image.yml +++ b/.github/workflows/build-devcontainer-image.yml @@ -29,7 +29,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pinned to 4.1.7 - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/deploy-site.yml b/.github/workflows/deploy-site.yml index 62f82eb0e6d..420643af738 100644 --- a/.github/workflows/deploy-site.yml +++ b/.github/workflows/deploy-site.yml @@ -28,7 +28,7 @@ jobs: submodules: "true" - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2.1.0 # pinned version + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/helm-chart-repo.yaml b/.github/workflows/helm-chart-repo.yaml index b1b8ae5fd81..d036be25fc6 100644 --- a/.github/workflows/helm-chart-repo.yaml +++ b/.github/workflows/helm-chart-repo.yaml @@ -59,7 +59,7 @@ jobs: submodules: 'true' - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/pr-validation-docs.yml b/.github/workflows/pr-validation-docs.yml index b57cc83a2bc..c69026bc5be 100644 --- a/.github/workflows/pr-validation-docs.yml +++ b/.github/workflows/pr-validation-docs.yml @@ -27,7 +27,7 @@ jobs: submodules: "true" - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/pr-validation-fork.yml b/.github/workflows/pr-validation-fork.yml index 993dfc3f612..fbc628b8e5d 100644 --- a/.github/workflows/pr-validation-fork.yml +++ b/.github/workflows/pr-validation-fork.yml @@ -67,7 +67,7 @@ jobs: run: scripts/v2/check-changes.sh - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml index 4a8d7682ca6..ed2fe061cda 100644 --- a/.github/workflows/pr-validation.yml +++ b/.github/workflows/pr-validation.yml @@ -79,7 +79,7 @@ jobs: run: scripts/v2/check-changes.sh - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} @@ -196,7 +196,7 @@ jobs: run: scripts/v2/check-changes.sh - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} diff --git a/.github/workflows/scan-controller-image.yaml b/.github/workflows/scan-controller-image.yaml index 67a87523f74..29c59eb7876 100644 --- a/.github/workflows/scan-controller-image.yaml +++ b/.github/workflows/scan-controller-image.yaml @@ -29,7 +29,7 @@ jobs: submodules: 'true' - name: Log in to GitHub Docker Registry - uses: docker/login-action@v2 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # pinned to v3.3.0 with: registry: docker.pkg.github.com # ghcr.io not yet enabled for Azure org username: ${{ github.actor }} From 8851ede53cd519a7828cddd54dafd14e0478923f Mon Sep 17 00:00:00 2001 From: Bevan Arps Date: Thu, 29 Aug 2024 10:48:28 +1200 Subject: [PATCH 4/4] Update version of peterjgrainger/action-create-branch --- .github/workflows/api-docs-repo.yaml | 2 +- .github/workflows/helm-chart-repo.yaml | 2 +- .github/workflows/visualize-repo.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/api-docs-repo.yaml b/.github/workflows/api-docs-repo.yaml index bf97fc07193..88b3af70190 100644 --- a/.github/workflows/api-docs-repo.yaml +++ b/.github/workflows/api-docs-repo.yaml @@ -29,7 +29,7 @@ jobs: ref: main - name: Create Branch - uses: peterjgrainger/action-create-branch@v2.4.0 # Pinned to v2.4.0 + uses: peterjgrainger/action-create-branch@10c7d268152480ae859347db45dc69086cef1d9c # pinned to v3.0.0 env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} with: diff --git a/.github/workflows/helm-chart-repo.yaml b/.github/workflows/helm-chart-repo.yaml index d036be25fc6..cbe17385b61 100644 --- a/.github/workflows/helm-chart-repo.yaml +++ b/.github/workflows/helm-chart-repo.yaml @@ -44,7 +44,7 @@ jobs: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_ENV - name: Create Branch - uses: peterjgrainger/action-create-branch@v2.4.0 # Pinned to v2.4.0 + uses: peterjgrainger/action-create-branch@10c7d268152480ae859347db45dc69086cef1d9c # pinned to v3.0.0 env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} with: diff --git a/.github/workflows/visualize-repo.yml b/.github/workflows/visualize-repo.yml index 037b399bf12..98d8eb6ffe5 100644 --- a/.github/workflows/visualize-repo.yml +++ b/.github/workflows/visualize-repo.yml @@ -27,7 +27,7 @@ jobs: ref: main - name: Create Branch - uses: peterjgrainger/action-create-branch@v2.4.0 # Pinned to v2.4.0 + uses: peterjgrainger/action-create-branch@10c7d268152480ae859347db45dc69086cef1d9c # pinned to v3.0.0 env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} with: