diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3f59649..11cc092 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -19,18 +19,18 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6 with: distribution: goreleaser version: v2 @@ -40,7 +40,7 @@ jobs: REGISTRY: "" - name: Run Trivy vulnerability scanner (k3kcli) - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: ignore-unfixed: true severity: 'MEDIUM,HIGH,CRITICAL' @@ -50,13 +50,13 @@ jobs: output: 'trivy-results-k3kcli.sarif' - name: Upload Trivy scan results to GitHub Security tab (k3kcli) - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@4bdb89f48054571735e3792627da6195c57459e2 # v3 with: sarif_file: trivy-results-k3kcli.sarif category: k3kcli - name: Run Trivy vulnerability scanner (k3k) - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: ignore-unfixed: true severity: 'MEDIUM,HIGH,CRITICAL' @@ -66,13 +66,13 @@ jobs: output: 'trivy-results-k3k.sarif' - name: Upload Trivy scan results to GitHub Security tab (k3k) - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@4bdb89f48054571735e3792627da6195c57459e2 # v3 with: sarif_file: trivy-results-k3k.sarif category: k3k - name: Run Trivy vulnerability scanner (k3k-kubelet) - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 with: ignore-unfixed: true severity: 'MEDIUM,HIGH,CRITICAL' @@ -82,7 +82,7 @@ jobs: output: 'trivy-results-k3k-kubelet.sarif' - name: Upload Trivy scan results to GitHub Security tab (k3k-kubelet) - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@4bdb89f48054571735e3792627da6195c57459e2 # v3 with: sarif_file: trivy-results-k3k-kubelet.sarif category: k3k-kubelet diff --git a/.github/workflows/chart.yml b/.github/workflows/chart.yml index 3337e10..b0e25f5 100644 --- a/.github/workflows/chart.yml +++ b/.github/workflows/chart.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 @@ -21,12 +21,12 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 with: config: .cr.yaml env: diff --git a/.github/workflows/release-delete.yml b/.github/workflows/release-delete.yml index 14f1f88..127f247 100644 --- a/.github/workflows/release-delete.yml +++ b/.github/workflows/release-delete.yml @@ -24,7 +24,7 @@ jobs: run: echo "::error::Missing tag from input" && exit 1 - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Check if release is draft run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 845b938..6aef9af 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true @@ -31,12 +31,12 @@ jobs: run: git checkout ${{ inputs.commit }} - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3 - name: "Read secrets" uses: rancher-eio/read-vault-secrets@main @@ -55,7 +55,7 @@ jobs: echo "DOCKER_PASSWORD=${{ github.token }}" >> $GITHUB_ENV - name: Login to container registry - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ${{ env.REGISTRY }} username: ${{ env.DOCKER_USERNAME }} @@ -78,7 +78,7 @@ jobs: echo "CURRENT_TAG=${CURRENT_TAG}" >> "$GITHUB_OUTPUT" - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6 + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6 with: distribution: goreleaser version: v2 diff --git a/.github/workflows/test-conformance-shared.yaml b/.github/workflows/test-conformance-shared.yaml index b0e5ad5..26584e4 100644 --- a/.github/workflows/test-conformance-shared.yaml +++ b/.github/workflows/test-conformance-shared.yaml @@ -21,17 +21,17 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod - name: Install helm - uses: azure/setup-helm@v4.3.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 - name: Install hydrophone run: go install sigs.k8s.io/hydrophone@latest @@ -131,7 +131,7 @@ jobs: --output-dir /tmp - name: Archive conformance logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: conformance-${{ matrix.type }}-logs diff --git a/.github/workflows/test-conformance-virtual.yaml b/.github/workflows/test-conformance-virtual.yaml index dc57c18..5590291 100644 --- a/.github/workflows/test-conformance-virtual.yaml +++ b/.github/workflows/test-conformance-virtual.yaml @@ -21,17 +21,17 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod - name: Install helm - uses: azure/setup-helm@v4.3.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 - name: Install hydrophone run: go install sigs.k8s.io/hydrophone@latest @@ -104,21 +104,21 @@ jobs: kubectl logs -n k3k-system -l "app.kubernetes.io/name=k3k" --tail=-1 > /tmp/k3k.log - name: Archive K3s logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: k3s-${{ matrix.type }}-logs path: /tmp/k3s.log - name: Archive K3k logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: k3k-${{ matrix.type }}-logs path: /tmp/k3k.log - name: Archive conformance logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: conformance-${{ matrix.type }}-logs diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml index fa2d2f0..f72146b 100644 --- a/.github/workflows/test-e2e.yaml +++ b/.github/workflows/test-e2e.yaml @@ -16,12 +16,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod @@ -64,28 +64,28 @@ jobs: run: go tool covdata textfmt -i=${GOCOVERDIR} -o ${GOCOVERDIR}/cover.out - name: Upload coverage reports to Codecov (controller) - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ${GOCOVERDIR}/cover.out flags: controller - name: Upload coverage reports to Codecov (e2e) - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./cover.out flags: e2e - name: Archive k3s logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: e2e-k3s-logs path: /tmp/k3s.log - name: Archive k3k logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: e2e-k3k-logs @@ -95,12 +95,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod @@ -143,28 +143,28 @@ jobs: run: go tool covdata textfmt -i=${GOCOVERDIR} -o ${GOCOVERDIR}/cover.out - name: Upload coverage reports to Codecov (controller) - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ${GOCOVERDIR}/cover.out flags: controller - name: Upload coverage reports to Codecov (e2e) - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./cover.out flags: e2e - name: Archive k3s logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: e2e-k3s-logs path: /tmp/k3s.log - name: Archive k3k logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: e2e-k3k-logs diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 4d4295f..b45eb7c 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -16,9 +16,9 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod @@ -26,7 +26,7 @@ jobs: run: make test-unit - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ./cover.out @@ -37,12 +37,12 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: fetch-depth: 0 fetch-tags: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5 with: go-version-file: go.mod @@ -78,21 +78,21 @@ jobs: run: go tool covdata textfmt -i=${{ github.workspace }}/covdata -o ${{ github.workspace }}/covdata/cover.out - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 with: token: ${{ secrets.CODECOV_TOKEN }} files: ${{ github.workspace }}/covdata/cover.out flags: cli - name: Archive k3s logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: cli-k3s-logs path: /tmp/k3s.log - name: Archive k3k logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 if: always() with: name: cli-k3k-logs