diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 642c19cff..ba2a06cf0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,11 +33,11 @@ jobs: steps: - name : Checkout repository # https://github.com/actions/checkout/releases/tag/v4.1.1 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Setup Go # https://github.com/actions/setup-go/releases/tag/v5.0.0 - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: 'go.mod' - name: Install golangci-lint diff --git a/.github/workflows/publish-head.yaml b/.github/workflows/publish-head.yaml index 3b549ba79..1e27c791e 100644 --- a/.github/workflows/publish-head.yaml +++ b/.github/workflows/publish-head.yaml @@ -20,9 +20,9 @@ jobs: - arm64 steps: - name : Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Setup Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: go-version-file: 'go.mod' - name: Build and package @@ -53,7 +53,7 @@ jobs: needs: build steps: - name : Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Download the artifacts uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: @@ -71,9 +71,9 @@ jobs: secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Log in to the Container registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: @@ -113,7 +113,7 @@ jobs: pattern: digests-* merge-multiple: true - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: "Read vault secrets" uses: rancher-eio/read-vault-secrets@main with: diff --git a/.github/workflows/release-charts.yaml b/.github/workflows/release-charts.yaml index a5af82f9f..dc33a701c 100644 --- a/.github/workflows/release-charts.yaml +++ b/.github/workflows/release-charts.yaml @@ -29,7 +29,7 @@ jobs: # Required for vault id-token: write steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: ref: "${{ env.WEBHOOK_REF }}" path: webhook @@ -41,7 +41,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY # Fetch github token just for the charts repository - - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2 + - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 id: app-token with: app-id: ${{ env.APP_ID }} @@ -50,7 +50,7 @@ jobs: charts - name: Checkout charts repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: repository: ${{ github.repository_owner }}/charts ref: "${{ env.CHARTS_REF }}" diff --git a/.github/workflows/release-rancher.yaml b/.github/workflows/release-rancher.yaml index 5d9a09c64..c37c4340e 100644 --- a/.github/workflows/release-rancher.yaml +++ b/.github/workflows/release-rancher.yaml @@ -32,7 +32,7 @@ jobs: - name: Install dependencies run: sudo snap install yq --channel=v4/stable - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: ref: "${{ env.WEBHOOK_REF }}" path: webhook @@ -44,7 +44,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY # Fetch github token just for the rancher repository - - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2 + - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 id: app-token with: app-id: ${{ env.APP_ID }} @@ -53,7 +53,7 @@ jobs: rancher - name: Checkout rancher repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: repository: ${{ github.repository_owner }}/rancher ref: "${{ env.RANCHER_REF }}" @@ -71,7 +71,7 @@ jobs: charts_branch=$(grep '"chart-default-branch"' pkg/settings/setting.go | cut -d'"' -f4) echo "charts_branch=$charts_branch" >> $GITHUB_OUTPUT - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 + - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with: repository: ${{ github.repository_owner }}/charts ref: "${{ steps.find_charts_branch.outputs.charts_branch }}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4d1846ed6..dd5ea06e8 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,11 +25,11 @@ jobs: steps: - name : Checkout repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 # https://github.com/actions/checkout/releases/tag/v4.1.1 - name: Setup Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 # https://github.com/actions/setup-go/releases/tag/v5.0.0 with: go-version-file: 'go.mod' @@ -66,7 +66,7 @@ jobs: - name : Checkout repository # https://github.com/actions/checkout/releases/tag/v4.1.1 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: package-helm run: ./scripts/package-helm @@ -113,7 +113,7 @@ jobs: steps: - name : Checkout repository # https://github.com/actions/checkout/releases/tag/v4.1.1 - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 - name: Download the artifacts uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 @@ -137,10 +137,10 @@ jobs: - name: Set up QEMU # https://github.com/docker/setup-qemu-action/releases/tag/v3.1.0 - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 # https://github.com/docker/setup-buildx-action/releases/tag/v3.4.0 - name: Log in to the Container registry @@ -191,7 +191,7 @@ jobs: merge-multiple: true - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 # https://github.com/docker/setup-buildx-action/releases/tag/v3.4.0 - name: "Read vault secrets" diff --git a/.github/workflows/sync-deps.yaml b/.github/workflows/sync-deps.yaml index 15122c8ad..a6a79ac92 100644 --- a/.github/workflows/sync-deps.yaml +++ b/.github/workflows/sync-deps.yaml @@ -33,7 +33,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY # Fetch github token just for the webhook repository - - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2 + - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 id: app-token with: app-id: ${{ env.APP_ID }} @@ -42,7 +42,7 @@ jobs: webhook - name : Checkout webhook repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: ref: "${{ env.WEBHOOK_REF }}" path: webhook @@ -51,7 +51,7 @@ jobs: persist-credentials: true - name : Checkout rancher repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: repository: "${{ github.event.inputs.rancher_repository }}" ref: "${{ env.RANCHER_REF }}"