diff --git a/.github/workflows/lint_bash.yml b/.github/workflows/lint_bash.yml index 2ffdeb957..2c22cf5a0 100644 --- a/.github/workflows/lint_bash.yml +++ b/.github/workflows/lint_bash.yml @@ -29,7 +29,7 @@ jobs: extention: ["bash", "bats"] steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Run shellcheck uses: reviewdog/action-shellcheck@4c07458293ac342d477251099501a718ae5ef86e # v1 diff --git a/.github/workflows/lint_docker.yml b/.github/workflows/lint_docker.yml index 0117482f9..4afc8f4bd 100644 --- a/.github/workflows/lint_docker.yml +++ b/.github/workflows/lint_docker.yml @@ -25,7 +25,7 @@ jobs: checks: write steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Run hadolint - uses: reviewdog/action-hadolint@921946a7ebaaf08ac72607bad67209f4e52b5407 # v1 + uses: reviewdog/action-hadolint@1b2cfa6ba72072ad35158d7ff3aa49bbdc03506d # v1 diff --git a/.github/workflows/lint_go.yml b/.github/workflows/lint_go.yml index 90d3d4d56..3766c9c49 100644 --- a/.github/workflows/lint_go.yml +++ b/.github/workflows/lint_go.yml @@ -27,7 +27,7 @@ jobs: checks: write steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Run golangci-lint uses: reviewdog/action-golangci-lint@c76cceaaab89abe74e649d2e34c6c9adc26662d2 # v2 diff --git a/.github/workflows/lint_yml.yml b/.github/workflows/lint_yml.yml index abc5e5861..4f4a94730 100644 --- a/.github/workflows/lint_yml.yml +++ b/.github/workflows/lint_yml.yml @@ -25,7 +25,7 @@ jobs: checks: write steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Run yamllint - uses: reviewdog/action-yamllint@f01d8a48fd8d89f89895499fca2cff09f9e9e8c0 # v1 + uses: reviewdog/action-yamllint@b5f7217d8c815ae374d1d55840d5e569d82f01f0 # v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 746a32385..2bf7f98cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,16 +15,16 @@ jobs: contents: write steps: - name: Check out code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6 with: go-version-file: go.mod cache: false # don't rely on cache for release - name: Launch goreleaser - uses: goreleaser/goreleaser-action@1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8 # v7 + uses: goreleaser/goreleaser-action@5daf1e915a5f0af01ddbcd89a43b8061ff4f1a89 # v7 with: args: release env: diff --git a/.github/workflows/release_containers.yml b/.github/workflows/release_containers.yml index e517a5c37..1f130b75b 100644 --- a/.github/workflows/release_containers.yml +++ b/.github/workflows/release_containers.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Cache container layers - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v5 with: path: /tmp/.buildx-cache key: ${{ runner.os }}${{ matrix.containers.suffix }}-buildx-${{ github.sha }} @@ -31,11 +31,11 @@ jobs: ${{ runner.os }}${{ matrix.containers.suffix }}-buildx- - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Generate container tags and labels id: docker_meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 with: # images: kubesec/kubesec,ghcr.io/controlplaneio/kubesec images: kubesec/kubesec @@ -50,7 +50,7 @@ jobs: org.opencontainers.image.url=https://kubesec.io/ - name: Login to Docker Hub Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 with: registry: docker.io username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -64,10 +64,10 @@ jobs: # password: ${{ secrets.CR_PAT }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Build container and push tags - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 with: context: . push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/release_containers_webhook.yml b/.github/workflows/release_containers_webhook.yml index e2bb37ac6..5ba8852c3 100644 --- a/.github/workflows/release_containers_webhook.yml +++ b/.github/workflows/release_containers_webhook.yml @@ -22,14 +22,14 @@ jobs: steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: repository: controlplaneio/kubesec-webhook ref: ${{ inputs.tag }} - name: Generate container tags and labels id: docker_meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6 with: # images: kubesec/kubesec,ghcr.io/controlplaneio/kubesec images: kubesec/kubesec-webhook @@ -43,7 +43,7 @@ jobs: org.opencontainers.image.url=https://kubesec.io/ - name: Login to Docker Hub Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 with: registry: docker.io username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -57,10 +57,10 @@ jobs: # password: ${{ secrets.CR_PAT }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4 - name: Build container and push tags - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7 with: context: . push: ${{ github.event_name != 'pull_request' }} diff --git a/.github/workflows/security_analysis.yml b/.github/workflows/security_analysis.yml index 32177d76c..83c100eae 100644 --- a/.github/workflows/security_analysis.yml +++ b/.github/workflows/security_analysis.yml @@ -20,22 +20,22 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 # provide a more modern go until resolved in codeql action # https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087 - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6 with: go-version-file: go.mod - name: Initialize CodeQL - uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 with: languages: go - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 trivy: name: Trivy @@ -45,7 +45,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Build an image from Dockerfile run: | @@ -62,7 +62,7 @@ jobs: - name: Upload Trivy results to the Security tab # can't submit scan results on forks if: github.repository_owner == 'controlplaneio' - uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4 with: sarif_file: trivy-results.sarif @@ -75,11 +75,11 @@ jobs: checks: write steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: fetch-depth: 0 - name: Run Trufflehog - uses: trufflesecurity/trufflehog@17456f8c7d042d8c82c9a8ca9e937231f9f42e26 # v3.95.2 + uses: trufflesecurity/trufflehog@30d5bb91af1a771378349dbbb0c82129392acf70 # v3.95.6 with: path: ./ base: "" diff --git a/.github/workflows/test_acceptance.yml b/.github/workflows/test_acceptance.yml index 5f1572f3f..b9c54feaa 100644 --- a/.github/workflows/test_acceptance.yml +++ b/.github/workflows/test_acceptance.yml @@ -27,10 +27,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6 with: go-version-file: go.mod @@ -56,7 +56,7 @@ jobs: test: ["acceptance", "remote"] steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 with: # needed for bats tests submodules: true diff --git a/.github/workflows/test_unit.yml b/.github/workflows/test_unit.yml index e76593632..8c78d1a29 100644 --- a/.github/workflows/test_unit.yml +++ b/.github/workflows/test_unit.yml @@ -23,10 +23,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v6 - name: Set up Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6 + uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6 with: go-version-file: go.mod