diff --git a/.github/actions/docker-image/action.yml b/.github/actions/docker-image/action.yml index 1a7dc3422..4fea8652f 100644 --- a/.github/actions/docker-image/action.yml +++ b/.github/actions/docker-image/action.yml @@ -16,21 +16,21 @@ runs: using: "composite" steps: - name: Get Docker Image layer contents - uses: MaxymVlasov/dive-action@379af3fc636888ada5899c997e8b52db6ad45023 # refs/tags/v1.0.1 + uses: MaxymVlasov/dive-action@379af3fc636888ada5899c997e8b52db6ad45023 # 1.0.1 with: image: ${{ inputs.image }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # refs/tags/v0.24.0 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: image-ref: "${{ inputs.image }}" format: sarif output: results.sarif - name: Upload artifact - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # refs/tags/v4.4.0 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # 4.4.0 with: name: sarif path: results.sarif - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@86b04fb0e47484f7282357688f21d5d0e32175fe # refs/tags/v3.26.9 + uses: github/codeql-action/upload-sarif@86b04fb0e47484f7282357688f21d5d0e32175fe # 3.26.9 with: sarif_file: results.sarif diff --git a/.github/actions/vagrant-setup/action.yml b/.github/actions/vagrant-setup/action.yml index 534a95ee4..598c93ede 100644 --- a/.github/actions/vagrant-setup/action.yml +++ b/.github/actions/vagrant-setup/action.yml @@ -17,7 +17,7 @@ runs: using: "composite" steps: - name: Cache Vagrant boxes - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # refs/tags/v4.0.2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2 with: path: ~/.vagrant.d/boxes key: ${{ runner.os }}-vagrant-${{ inputs.distro }}-${{ hashFiles('distros_supported.yml') }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index beae89dfe..335858b1d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -32,7 +32,7 @@ jobs: github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Install requirements env: OS_KOLLA_BUILD_ARGS: @@ -78,7 +78,7 @@ jobs: github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - uses: ./.github/actions/vagrant-setup with: distro: ${{ matrix.distro }} diff --git a/.github/workflows/diagram.yml b/.github/workflows/diagram.yml index d9a5c6530..ac1d78a3e 100644 --- a/.github/workflows/diagram.yml +++ b/.github/workflows/diagram.yml @@ -24,14 +24,14 @@ jobs: contents: write # for technote-space/create-pr-action to push code pull-requests: write # for technote-space/create-pr-action to create a PR steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Update diagram - uses: githubocto/repo-visualizer@a999615bdab757559bf94bda1fe6eef232765f85 # refs/tags/0.9.1 + uses: githubocto/repo-visualizer@a999615bdab757559bf94bda1fe6eef232765f85 # 0.9.1 with: excluded_paths: "ignore,.github" output_file: codebase-structure.svg should_push: false - - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # refs/tags/v2.1.4 + - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 with: COMMIT_MESSAGE: "Upgrade documentation diagram" COMMIT_NAME: "electrocucaracha bot" diff --git a/.github/workflows/distros.yml b/.github/workflows/distros.yml index 3c37a2aa0..6d43d0d9b 100644 --- a/.github/workflows/distros.yml +++ b/.github/workflows/distros.yml @@ -22,14 +22,14 @@ jobs: pull-requests: write # for technote-space/create-pr-action to create a PR runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # refs/tags/v4.0.2 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2 with: path: ~/.vagrant.d/boxes key: ${{ runner.os }}-vagrant-${{ hashFiles('distros_supported.yml') }} restore-keys: | ${{ runner.os }}-vagrant- - - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # refs/tags/v2.1.4 + - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 env: PROVIDER: virtualbox with: diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index a3bb8a803..8555a2adc 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -18,9 +18,9 @@ jobs: name: Count Lines of Code runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # refs/tags/v5.0.2 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # 5.0.2 with: go-version: ">=1.20.0" - name: Install dependencies @@ -31,15 +31,15 @@ jobs: name: Check documentation external links runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Check broken links - uses: gaurav-nelson/github-action-markdown-link-check@499c1e7f3637c131334fa8e937c45144f79d72d2 # refs/tags/v1 + uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15 check-super-linter: name: Check syntax (super-linter) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 - - uses: github/super-linter@b807e99ddd37e444d189cfd2c2ca1274d8ae8ef1 # refs/tags/v7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: github/super-linter@b807e99ddd37e444d189cfd2c2ca1274d8ae8ef1 # 7 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} LINTER_RULES_PATH: / @@ -50,7 +50,7 @@ jobs: name: Check syntax (tox) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Install tox run: pip install tox - name: Run tox lint validation diff --git a/.github/workflows/on-demand.yml b/.github/workflows/on-demand.yml index 4674352df..24233de00 100644 --- a/.github/workflows/on-demand.yml +++ b/.github/workflows/on-demand.yml @@ -28,9 +28,9 @@ jobs: ) || github.event_name != 'pull_request_review' runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Run the sh-checker - uses: luizm/action-sh-checker@17bd25a6ee188d2b91f677060038f4ba37ba14b2 # refs/tags/v0.9.0 + uses: luizm/action-sh-checker@17bd25a6ee188d2b91f677060038f4ba37ba14b2 # 0.9.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SHFMT_OPTS: -i 4 -s @@ -41,7 +41,7 @@ jobs: name: Run BDD shell specs for Bash demo runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Install ShellSpec run: curl -fsSL https://github.com/shellspec/shellspec/releases/latest/download/shellspec-dist.tar.gz | tar -xz -C .. - name: Run Shellspec diff --git a/.github/workflows/on-demand_aio.yml b/.github/workflows/on-demand_aio.yml index eb9fb7e7f..8a62fc0d2 100644 --- a/.github/workflows/on-demand_aio.yml +++ b/.github/workflows/on-demand_aio.yml @@ -31,7 +31,7 @@ jobs: github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Get matrix values id: set-matrix run: | @@ -58,7 +58,7 @@ jobs: distro: ${{ fromJson(needs.generate-json-matrix.outputs.matrix) }} runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - uses: ./.github/actions/vagrant-setup with: distro: ${{ matrix.distro }} @@ -79,7 +79,7 @@ jobs: github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Install requirements run: | sudo apt-get update diff --git a/.github/workflows/on-demand_noha.yml b/.github/workflows/on-demand_noha.yml index fafed1859..dcba66366 100644 --- a/.github/workflows/on-demand_noha.yml +++ b/.github/workflows/on-demand_noha.yml @@ -36,7 +36,7 @@ jobs: VAGRANT_EXPERIMENTAL: disks OS_NUM_COMPUTE_NODES: 1 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - uses: ./.github/actions/vagrant-setup - name: Install GNU tools run: brew install iproute2mac diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index c72868c49..f4c88c2a7 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -20,11 +20,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the latest code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 # otherwise, you will fail to push refs to dest repo - name: Automatic Rebase - uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # refs/tags/1.8 + uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scheduled_aio.yml b/.github/workflows/scheduled_aio.yml index e08f358ee..7ab69ef04 100644 --- a/.github/workflows/scheduled_aio.yml +++ b/.github/workflows/scheduled_aio.yml @@ -18,7 +18,7 @@ jobs: generate-json-matrix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: Get matrix values id: set-matrix run: | @@ -45,7 +45,7 @@ jobs: distro: ${{ fromJson(needs.generate-json-matrix.outputs.matrix) }} runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - uses: ./.github/actions/vagrant-setup - name: Deploy latest release in All-in-One instance env: diff --git a/.github/workflows/spell.yml b/.github/workflows/spell.yml index 2f9722d67..25416f773 100644 --- a/.github/workflows/spell.yml +++ b/.github/workflows/spell.yml @@ -23,14 +23,14 @@ jobs: name: Check spelling (reviewdog) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 - - uses: reviewdog/action-misspell@1de44e0dd5efaaddf131937e4892afd8a0dc4b13 # refs/tags/v1.23.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: reviewdog/action-misspell@1de44e0dd5efaaddf131937e4892afd8a0dc4b13 # 1.23.0 with: github_token: ${{ secrets.github_token }} check-spellcheck: name: Check spelling (pyspelling) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 - - uses: igsekor/pyspelling-any@155eb06641bb9259cab59b5126a40be943ecb4f7 # refs/tags/v1.0.4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: igsekor/pyspelling-any@155eb06641bb9259cab59b5126a40be943ecb4f7 # 1.0.4 name: Spellcheck diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index ac5c02f70..84a2de475 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -35,7 +35,7 @@ jobs: image: ${{ matrix.image }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - name: install dependencies shell: bash run: | @@ -51,7 +51,7 @@ jobs: esac $INSTALLER_CMD python3-pip git pip3 install pip-tools - - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # refs/tags/v2.1.4 + - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 with: EXECUTE_COMMANDS: | bash -c 'source /etc/os-release; pip-compile --output-file="requirements/${{ matrix.os_release }}/${ID,,}_${VERSION_ID%.*}.txt" "requirements/${{ matrix.os_release }}/${ID,,}_${VERSION_ID%.*}.in" --upgrade' @@ -65,8 +65,8 @@ jobs: contents: write # for technote-space/create-pr-action to push code pull-requests: write # for technote-space/create-pr-action to create a PR steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 - - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # refs/tags/v2.1.4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 with: EXECUTE_COMMANDS: | sudo apt-get update @@ -93,8 +93,8 @@ jobs: contents: write # for technote-space/create-pr-action to push code pull-requests: write # for technote-space/create-pr-action to create a PR steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # refs/tags/v4.2.0 - - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # refs/tags/v2.1.4 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 with: EXECUTE_COMMANDS: | ./ci/update_versions.sh diff --git a/ci/update_versions.sh b/ci/update_versions.sh index 505d0e0c3..0862d0842 100755 --- a/ci/update_versions.sh +++ b/ci/update_versions.sh @@ -15,9 +15,9 @@ if [[ ${OS_DEBUG:-false} == "true" ]]; then fi # Update GitHub Action commit hashes -gh_actions=$(grep -r "uses: [a-zA-Z\-]*/[\_a-z\-]*@" .github/ | sed 's/@.*//' | awk -F ': ' '{ print $3 }' | sort | uniq) +gh_actions=$(grep -r "uses: [a-zA-Z\-]*/[\_a-z\-]*@" .github/ | sed 's/@.*//' | awk -F ': ' '{ print $3 }' | sort -u ) for action in $gh_actions; do - commit_hash=$(git ls-remote --tags "https://github.com/$action" | grep 'refs/tags/[v]\?[0-9][0-9\.]*$' | awk '{ print $NF,$0 }' | sort -k1,1 -V | cut -f2- -d' ' | grep -oh '.*refs/tags/[v0-9\.]*$' | tail -1 | awk '{ printf "%s # %s\n",$1,$2 }') + commit_hash=$(git ls-remote "https://github.com/$action" | grep 'refs/tags/[v]\?[0-9][0-9\.]*$' | sed 's|refs/tags/[vV]\?[\.]\?||g' | sort -u -k2 -V | tail -1 | awk '{ printf "%s # %s\n",$1,$2 }') # shellcheck disable=SC2267 grep -ElRZ "uses: $action@" .github/ | xargs -0 -l sed -i -e "s|uses: $action@.*|uses: $action@$commit_hash|g" done