diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index db66e17a..dd72d137 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -47,7 +47,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Debug uses: raven-actions/debug@9dbdeb7eea607a7d73411895c65987e71d59a466 # v1.2.0 @@ -321,7 +321,7 @@ jobs: with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 # We need full history to be able to detect branch ancestry with: fetch-depth: 0 @@ -477,7 +477,7 @@ jobs: - name: Create release if: github.ref_type == 'tag' # This may fail for workflow_dispatch if the release already exists - uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 + uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1 with: append_body: true token: ${{ steps.get-secrets-release.outputs.github-pat }} diff --git a/.github/workflows/call-build-containers.yaml b/.github/workflows/call-build-containers.yaml index 29b971a5..46c43c1e 100644 --- a/.github/workflows/call-build-containers.yaml +++ b/.github/workflows/call-build-containers.yaml @@ -37,6 +37,11 @@ on: required: false type: string default: "namespace-profile-ubuntu-latest-arm" + s390x-runner-label: + description: The label to use for the runner (if not specified then the default ubuntu-latest or equivalent is used). + required: false + type: string + default: "ubuntu-24.04-s390x" secrets: cosign_private_key: description: The optional Cosign key to use for signing the images. @@ -75,10 +80,11 @@ jobs: platform: - amd64 - arm64 + - s390x target: - production name: ${{ matrix.platform }}/${{ matrix.target }} container image build - runs-on: ${{ (contains(matrix.platform, 'arm') && inputs.arm-runner-label) || inputs.amd-runner-label }} + runs-on: ${{ (contains(matrix.platform, 'arm') && inputs.arm-runner-label) || (contains(matrix.platform, 's390x') && inputs.s390x-runner-label) || inputs.amd-runner-label }} steps: - name: Harden the runner uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 @@ -86,7 +92,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref }} @@ -104,7 +110,7 @@ jobs: # Must be removed on Namespace runners - name: Set up QEMU - if: ${{ !contains( runner.name, 'nsc-' ) }} + if: ${{ !(contains( runner.name, 'nsc-' ) || contains( matrix.platform, 's390x' )) }} uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 - name: Set up Docker Buildx diff --git a/.github/workflows/call-build-linux-packages.yaml b/.github/workflows/call-build-linux-packages.yaml index 558df183..44ce33ca 100644 --- a/.github/workflows/call-build-linux-packages.yaml +++ b/.github/workflows/call-build-linux-packages.yaml @@ -78,7 +78,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout ${{ inputs.ref }} code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.ref }} repository: telemetryforge/agent diff --git a/.github/workflows/call-build-macos-packages.yaml b/.github/workflows/call-build-macos-packages.yaml index 6cebe6ba..a1938545 100644 --- a/.github/workflows/call-build-macos-packages.yaml +++ b/.github/workflows/call-build-macos-packages.yaml @@ -47,7 +47,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout ${{ inputs.ref }} code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.ref }} repository: telemetryforge/agent @@ -98,6 +98,8 @@ jobs: -DOPENSSL_USE_STATIC_LIBS=ON \ -DCMAKE_BUILD_TYPE=Release \ -DCPACK_GENERATOR=productbuild \ + -DTELEMETRY_FORGE_AGENT_DISTRO=${{ matrix.config.runner }} \ + -DTELEMETRY_FORGE_AGENT_PACKAGE_TYPE=PACKAGE \ -DFLB_NIGHTLY_BUILD=${{ inputs.nightly-build-info }} ../ cmake --build . diff --git a/.github/workflows/call-build-windows-packages.yaml b/.github/workflows/call-build-windows-packages.yaml index 24ec2e79..c2854d9a 100644 --- a/.github/workflows/call-build-windows-packages.yaml +++ b/.github/workflows/call-build-windows-packages.yaml @@ -52,7 +52,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout ${{ inputs.ref }} code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ inputs.ref }} repository: telemetryforge/agent @@ -106,7 +106,7 @@ jobs: - name: Restore cached packages of vcpkg id: cache-vcpkg-sources - uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: | C:\vcpkg\installed @@ -150,7 +150,7 @@ jobs: - name: Save packages of vcpkg id: save-vcpkg-sources - uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: | C:\vcpkg\installed diff --git a/.github/workflows/call-test-containers-k8s.yaml b/.github/workflows/call-test-containers-k8s.yaml index b7e1fffc..7618d9ba 100644 --- a/.github/workflows/call-test-containers-k8s.yaml +++ b/.github/workflows/call-test-containers-k8s.yaml @@ -46,7 +46,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref || github.ref }} @@ -60,7 +60,7 @@ jobs: password: ${{ secrets.github-token }} - name: Set up Helm - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 + uses: azure/setup-helm@9bc31f4ebc9c6b171d7bfbaa5d006ae7abdb4310 # v5.0.1 with: version: v3.19.2 diff --git a/.github/workflows/call-test-containers.yaml b/.github/workflows/call-test-containers.yaml index d0ab1a9c..09714d67 100644 --- a/.github/workflows/call-test-containers.yaml +++ b/.github/workflows/call-test-containers.yaml @@ -39,7 +39,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref || github.ref }} @@ -70,7 +70,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref || github.ref }} @@ -132,7 +132,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref || github.ref }} diff --git a/.github/workflows/call-test-packages.yaml b/.github/workflows/call-test-packages.yaml index c038ab4a..004fd24e 100644 --- a/.github/workflows/call-test-packages.yaml +++ b/.github/workflows/call-test-packages.yaml @@ -130,7 +130,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref }} @@ -208,7 +208,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ inputs.ref }} diff --git a/.github/workflows/cron-auto-release.yaml b/.github/workflows/cron-auto-release.yaml index 47405b4b..e92f1abc 100644 --- a/.github/workflows/cron-auto-release.yaml +++ b/.github/workflows/cron-auto-release.yaml @@ -47,7 +47,7 @@ jobs: with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: 25.10 run if: github.event_name == 'schedule' && github.event.schedule=='0 14 1 * *' @@ -138,7 +138,7 @@ jobs: secrets: |- github-pat:projects/626836145334/secrets/GITHUB_CI_PAT - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ needs.find-last-good.outputs.sha }} # The tag must be pushed using a PAT to ensure workflows then run. diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index c9af2d2e..494b7775 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -30,7 +30,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: "Checkout Repository" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: "Dependency Review" uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 with: diff --git a/.github/workflows/lint-packages.yaml b/.github/workflows/lint-packages.yaml index b2ac0908..312d155a 100644 --- a/.github/workflows/lint-packages.yaml +++ b/.github/workflows/lint-packages.yaml @@ -37,7 +37,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout for config file - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download package uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 9c876d8f..d1a2e9d8 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -27,11 +27,11 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false # Ignores do not work: https://github.com/reviewdog/action-hadolint/issues/35 is resolved - - uses: reviewdog/action-hadolint@921946a7ebaaf08ac72607bad67209f4e52b5407 # v1.50.5 + - uses: reviewdog/action-hadolint@1b2cfa6ba72072ad35158d7ff3aa49bbdc03506d # v1.51.0 shellcheck-pr: runs-on: ubuntu-latest @@ -45,7 +45,7 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: reviewdog/action-shellcheck@4c07458293ac342d477251099501a718ae5ef86e # v1.32.0 @@ -68,7 +68,7 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - run: | @@ -85,7 +85,7 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - run: ./scripts/format-yaml-files.sh @@ -148,7 +148,7 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: suzuki-shunsuke/pinact-action@896d595f299e71d65b9d28349d6956abe144390a # v3.0.0 @@ -169,12 +169,12 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 + uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7 with: # We only want to scan our workflows, no other included source input: | diff --git a/.github/workflows/pr-comment-build.yaml b/.github/workflows/pr-comment-build.yaml index 9cd85c63..ca4ff020 100644 --- a/.github/workflows/pr-comment-build.yaml +++ b/.github/workflows/pr-comment-build.yaml @@ -120,7 +120,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: refs/pull/${{ github.event.issue.number }}/merge diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6ccdb161..ed526eba 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -42,7 +42,7 @@ jobs: egress-policy: ${{ vars.STEP_SECURITY_EGRESS_POLICY || 'audit' }} - name: "Checkout code" - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false @@ -66,6 +66,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a1e6394d..a40f1ca8 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -35,7 +35,7 @@ jobs: with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: repository: telemetryforge/agent ref: ${{ github.event.inputs.ref || github.ref }} diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index 5007d331..4f840cfb 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -57,7 +57,7 @@ jobs: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ github.event.inputs.ref || github.ref }} @@ -120,6 +120,9 @@ jobs: FLB_BACKTRACE=Off FLB_SHARED_LIB=Off + TELEMETRY_FORGE_AGENT_DISTRO=ubuntu/latest + TELEMETRY_FORGE_AGENT_PACKAGE_TYPE=PACKAGE + ${{ matrix.config.options }} run-build: false diff --git a/.github/workflows/update-lts-branches.yaml b/.github/workflows/update-lts-branches.yaml index 31870d97..22a060c1 100644 --- a/.github/workflows/update-lts-branches.yaml +++ b/.github/workflows/update-lts-branches.yaml @@ -39,7 +39,7 @@ jobs: with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: ${{ matrix.branch }} diff --git a/.github/workflows/update-version.yaml b/.github/workflows/update-version.yaml index 2d7ef565..cf6dcff3 100644 --- a/.github/workflows/update-version.yaml +++ b/.github/workflows/update-version.yaml @@ -41,7 +41,7 @@ jobs: uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 with: egress-policy: ${{ env.STEP_SECURITY_EGRESS_POLICY }} - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 # Fetch all history including tags