diff --git a/.github/workflows/asciinema.yml b/.github/workflows/asciinema.yml index bd7fdbe75..85b7a2161 100644 --- a/.github/workflows/asciinema.yml +++ b/.github/workflows/asciinema.yml @@ -15,7 +15,7 @@ jobs: contents: read pull-requests: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: token: ${{ secrets.NUNKI_CI_COMMIT_PUSH_PR }} - uses: ./.github/actions/setup_nix diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml index e363a4534..530d3cdaa 100644 --- a/.github/workflows/backport.yml +++ b/.github/workflows/backport.yml @@ -22,7 +22,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: token: ${{ secrets.NUNKI_CI_COMMIT_PUSH_PR }} - name: Create backport PRs diff --git a/.github/workflows/cluster_recreate.yml b/.github/workflows/cluster_recreate.yml index 33e597f5a..bb6453d73 100644 --- a/.github/workflows/cluster_recreate.yml +++ b/.github/workflows/cluster_recreate.yml @@ -10,7 +10,7 @@ jobs: recreate: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs_publish.yml b/.github/workflows/docs_publish.yml index bb656eaf4..660e1c1bc 100644 --- a/.github/workflows/docs_publish.yml +++ b/.github/workflows/docs_publish.yml @@ -33,7 +33,7 @@ jobs: env: PREVIEW: ${{ !(github.event_name == 'push' && github.ref_name == 'main') }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }} @@ -45,7 +45,7 @@ jobs: nix build -L .#contrast-docs - name: Publish docs to GitHub Pages if: env.PREVIEW == 'false' - uses: JamesIves/github-pages-deploy-action@920cbb300dcd3f0568dbc42700c61e2fd9e6139c # v4.6.4 + uses: JamesIves/github-pages-deploy-action@881db5376404c5c8d621010bcbec0310b58d5e29 # v4.6.8 with: folder: ./result branch: gh-pages diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index b9904e786..9cd667935 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -32,7 +32,7 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - if: ${{ !inputs.self-hosted }} uses: ./.github/actions/setup_nix with: @@ -80,7 +80,7 @@ jobs: --skip-undeploy="${{ inputs.skip-undeploy && 'true' || 'false' }}" - name: Upload logs if: always() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: e2e_pod_logs-${{ inputs.platform }}-${{ inputs.test-name }} path: workspace/namespace-logs diff --git a/.github/workflows/e2e_runtime-reproducibility.yml b/.github/workflows/e2e_runtime-reproducibility.yml index 1491dcfd8..5e2f0188f 100644 --- a/.github/workflows/e2e_runtime-reproducibility.yml +++ b/.github/workflows/e2e_runtime-reproducibility.yml @@ -24,7 +24,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }} @@ -41,12 +41,12 @@ jobs: rebuild_checksum="$(jq -r '.manifests[0].digest' rebuild/index.json)" echo "rebuild-checksum-${{ matrix.os }}-${{ matrix.build-target}}=$rebuild_checksum" >> "$GITHUB_OUTPUT" - name: Upload Build Artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ matrix.build-target }}-${{ matrix.os }} path: result - name: Upload Build Artifacts (Rebuild) - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ matrix.build-target }}-${{ matrix.os }}-rebuild path: rebuild diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c15a0707b..5fc14630b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -49,7 +49,7 @@ jobs: NEXT_MINOR_PRE_WITHOUT_V: ${{ steps.version-info.outputs.NEXT_MINOR_PRE_WITHOUT_V }} NEXT_PATCH_PRE_WITHOUT_V: ${{ steps.version-info.outputs.NEXT_PATCH_PRE_WITHOUT_V }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Working branch run: | echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" @@ -123,12 +123,12 @@ jobs: WORKING_BRANCH: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} steps: - name: Checkout working branch - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} path: contrast-working - name: Checkout main - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: main path: contrast-main @@ -219,7 +219,7 @@ jobs: WORKING_BRANCH: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} - uses: ./.github/actions/setup_nix @@ -287,7 +287,7 @@ jobs: echo "ghcr.io/edgelesssys/contrast/nydus-snapshotter:latest=$nydusSnapshotterImgTagged" } > image-replacements.txt - name: Upload image replacements file (for main branch PR) - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: image-replacements.txt path: ./image-replacements.txt @@ -322,7 +322,7 @@ jobs: run: | nix build -L .#cli-release - name: Upload release artifacts (for main branch PR) - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: contrast-release-artifacts path: | @@ -375,7 +375,7 @@ jobs: packages: read needs: release steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - if: ${{ !matrix.platform.self-hosted }} uses: ./.github/actions/setup_nix with: @@ -423,7 +423,7 @@ jobs: NEXT_MINOR: ${{ needs.process-inputs.outputs.NEXT_MINOR }} GH_TOKEN: ${{ github.token }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ needs.process-inputs.outputs.WORKING_BRANCH }} - name: Create backport label diff --git a/.github/workflows/release_publish.yml b/.github/workflows/release_publish.yml index 23a1dad4e..c1d70e857 100644 --- a/.github/workflows/release_publish.yml +++ b/.github/workflows/release_publish.yml @@ -23,7 +23,7 @@ jobs: FULL_VERSION: ${{ github.event.release.tag_name }}${{ github.event.inputs.tag }} steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 # fetch all history token: ${{ secrets.NUNKI_CI_COMMIT_PUSH_PR }} diff --git a/.github/workflows/rpm_updates.yml b/.github/workflows/rpm_updates.yml index 3ab44f31b..112f2958b 100644 --- a/.github/workflows/rpm_updates.yml +++ b/.github/workflows/rpm_updates.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 60 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || github.token }} diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 78dc82ad4..2b9698845 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 15 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }} @@ -25,7 +25,7 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 25 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || github.token }} @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 15 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }} @@ -60,7 +60,7 @@ jobs: runs-on: ubuntu-22.04 timeout-minutes: 15 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }}