diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index c7959997bfc..65588de6c47 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -37,7 +37,7 @@ jobs: fi - name: Checkout source code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false fetch-depth: 0 @@ -90,7 +90,7 @@ jobs: fi - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false fetch-depth: 0 @@ -161,7 +161,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: image-digest clang path: image-digest @@ -179,7 +179,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: image-digest/ diff --git a/.github/workflows/build-deploy-docs.yaml b/.github/workflows/build-deploy-docs.yaml index cd701b37bd9..afebaf3dcea 100644 --- a/.github/workflows/build-deploy-docs.yaml +++ b/.github/workflows/build-deploy-docs.yaml @@ -20,13 +20,13 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod - name: Setup Pages id: pages - uses: actions/configure-pages@f156874f8191504dae5b037505266ed5dda6c382 # v3.0.6 + uses: actions/configure-pages@1f0c5cde4bc74cd7e1254d0cb4de8d49e9068c7d # v4.0.0 - name: Setup Hugo uses: peaceiris/actions-hugo@16361eb4acea8698b220b76c0d4e84e1fd22c61d # v2.6.0 @@ -35,7 +35,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: '18' cache: 'npm' @@ -78,5 +78,5 @@ jobs: steps: - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@12ab2b16cf43a7a061fe99da74b6f8f11fb77f5b # v2.0.3 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index eb4552c0e83..b22d6264e7c 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -60,7 +60,7 @@ jobs: fi - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false ref: ${{ steps.tag.outputs.tag }} @@ -191,7 +191,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -209,7 +209,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: image-digest/ diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index 6a30ccec3f2..2a2fe9ff488 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -50,7 +50,7 @@ jobs: echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false fetch-depth: 0 @@ -140,7 +140,7 @@ jobs: # Upload artifact digests - name: Upload artifact digests - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: image-digest ${{ matrix.name }} path: image-digest @@ -158,7 +158,7 @@ jobs: mkdir -p image-digest/ - name: Download digests of all images built - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: path: image-digest/ @@ -185,7 +185,7 @@ jobs: uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.8.0 - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false fetch-depth: 0 @@ -203,7 +203,7 @@ jobs: # Cache tarball releases for later - name: Save tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }}.tar.gz Tarball - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-${{ steps.tag.outputs.tag }}-${{ matrix.arch }} path: release/ @@ -216,7 +216,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Set up Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 @@ -229,13 +229,13 @@ jobs: run: make cli-release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-amd64.tar.gz - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-${{ steps.tag.outputs.tag }}-amd64 path: release - name: Retrieve tetragon-${{ steps.tag.outputs.tag }}-arm64.tar.gz - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-${{ steps.tag.outputs.tag }}-arm64 path: release diff --git a/.github/workflows/check-links-cron.yaml b/.github/workflows/check-links-cron.yaml index 8f539d775e9..bdaf5342d3a 100644 --- a/.github/workflows/check-links-cron.yaml +++ b/.github/workflows/check-links-cron.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/check-links-pr.yaml b/.github/workflows/check-links-pr.yaml index f4f8496cf0a..052718bcd7f 100644 --- a/.github/workflows/check-links-pr.yaml +++ b/.github/workflows/check-links-pr.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/checkpatch.yaml b/.github/workflows/checkpatch.yaml index caddc5c0d62..cae17f0be2c 100644 --- a/.github/workflows/checkpatch.yaml +++ b/.github/workflows/checkpatch.yaml @@ -7,7 +7,7 @@ jobs: checkpatch: runs-on: ubuntu-latest steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: fetch-depth: 0 - name: Run checkpatch.pl diff --git a/.github/workflows/digestcheck.yaml b/.github/workflows/digestcheck.yaml index 93b9675ff25..9085c86092f 100644 --- a/.github/workflows/digestcheck.yaml +++ b/.github/workflows/digestcheck.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install crane env: diff --git a/.github/workflows/generated-files.yaml b/.github/workflows/generated-files.yaml index 99a1d280f68..b4eaa5c0763 100644 --- a/.github/workflows/generated-files.yaml +++ b/.github/workflows/generated-files.yaml @@ -14,7 +14,7 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: diff --git a/.github/workflows/gotests.yml b/.github/workflows/gotests.yml index b5ff5a8f9d7..bb0a15141b0 100644 --- a/.github/workflows/gotests.yml +++ b/.github/workflows/gotests.yml @@ -18,7 +18,7 @@ jobs: os: [ ubuntu-20.04, buildjet-2vcpu-ubuntu-2204-arm ] steps: - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: path: go/src/github.com/cilium/tetragon/ @@ -63,7 +63,7 @@ jobs: - name: Upload Tetragon logs if: failure() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-json path: /tmp/tetragon.gotest* @@ -71,7 +71,7 @@ jobs: - name: Upload bugtool dumps if: failure() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-bugtool path: /tmp/tetragon-bugtool* diff --git a/.github/workflows/lint-codeql.yml b/.github/workflows/lint-codeql.yml index 4e5d5898fea..cbd83061afa 100644 --- a/.github/workflows/lint-codeql.yml +++ b/.github/workflows/lint-codeql.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout code if: ${{ !github.event.pull_request }} - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false - name: Check code changes @@ -50,7 +50,7 @@ jobs: security-events: write steps: - name: Checkout repo - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false fetch-depth: 1 diff --git a/.github/workflows/lint-helm.yaml b/.github/workflows/lint-helm.yaml index 3a4886d4c4d..5165ffc42d6 100644 --- a/.github/workflows/lint-helm.yaml +++ b/.github/workflows/lint-helm.yaml @@ -14,7 +14,7 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Run install/kubernetes/test.sh run: | cd install/kubernetes && ./test.sh diff --git a/.github/workflows/packages-e2e-tests.yaml b/.github/workflows/packages-e2e-tests.yaml index 367e26bf689..837d6f5d435 100644 --- a/.github/workflows/packages-e2e-tests.yaml +++ b/.github/workflows/packages-e2e-tests.yaml @@ -26,7 +26,7 @@ jobs: uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.8.0 - name: Checkout Source Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/podinfo-test.yaml b/.github/workflows/podinfo-test.yaml index 4576256c5b3..914144f6281 100644 --- a/.github/workflows/podinfo-test.yaml +++ b/.github/workflows/podinfo-test.yaml @@ -18,7 +18,7 @@ jobs: timeout-minutes: 40 steps: - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Set Up Job Variables id: vars diff --git a/.github/workflows/renovate-config-validator.yaml b/.github/workflows/renovate-config-validator.yaml index a4bf80896dd..ba4e6891b03 100644 --- a/.github/workflows/renovate-config-validator.yaml +++ b/.github/workflows/renovate-config-validator.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout configuration - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 # this step uses latest renovate slim release - name: Validate configuration diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 266632d1452..e263ad1c10f 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -37,7 +37,7 @@ jobs: # transfer the docker CLI plugin binary. - name: Cache Buildx CLI plugin download id: cache-buildx - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: /tmp/docker-buildx key: ${{ runner.os }}-${{ env.buildx_version }}-buildx @@ -60,7 +60,7 @@ jobs: # renovate clones the repository again in its container fs but it needs # the renovate configuration to start. - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Self-hosted Renovate uses: renovatebot/github-action@23a02fe7be9e93f857a953cc8162e57d2c8401ef # v39.0.1 diff --git a/.github/workflows/run-e2e-tests.yaml b/.github/workflows/run-e2e-tests.yaml index 7163a3e1474..91c57ee6297 100644 --- a/.github/workflows/run-e2e-tests.yaml +++ b/.github/workflows/run-e2e-tests.yaml @@ -26,7 +26,7 @@ jobs: os: [ ubuntu-22.04, buildjet-4vcpu-ubuntu-2204-arm ] steps: - name: Checkout Code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: path: go/src/github.com/cilium/tetragon/ @@ -81,7 +81,7 @@ jobs: - name: Upload Tetragon Logs if: failure() || cancelled() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-logs path: /tmp/tetragon.e2e.* diff --git a/.github/workflows/static-checks.yaml b/.github/workflows/static-checks.yaml index 0ff720afd75..bf4100bb6dc 100644 --- a/.github/workflows/static-checks.yaml +++ b/.github/workflows/static-checks.yaml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 @@ -32,7 +32,7 @@ jobs: cache: false - name: Run golangci-lint - uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 + uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4.0.1 with: # renovate: datasource=docker depName=docker.io/golangci/golangci-lint version: v1.54.2 @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 @@ -72,7 +72,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Install Go uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 @@ -90,7 +90,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 - name: Build CLI release binaries run: make cli-release diff --git a/.github/workflows/vmtests.yml b/.github/workflows/vmtests.yml index b25610ea4bf..4e9dff20adc 100644 --- a/.github/workflows/vmtests.yml +++ b/.github/workflows/vmtests.yml @@ -25,7 +25,7 @@ jobs: go-version: '1.21.1' - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 with: path: go/src/github.com/cilium/tetragon/ @@ -55,7 +55,7 @@ jobs: tar cz --exclude='tetragon/.git' -f /tmp/tetragon.tar ./tetragon - name: upload build - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 with: name: tetragon-build path: /tmp/tetragon.tar @@ -96,7 +96,7 @@ jobs: sudo chmod go+rX -R /boot/ - name: download build data - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: tetragon-build @@ -141,7 +141,7 @@ jobs: - name: Upload test results on failure or cancelation if: failure() || cancelled() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: tetragon-vmtests-${{ matrix.kernel }}-${{ matrix.group }}-results path: go/src/github.com/cilium/tetragon/tests/vmtests/vmtests-results-* @@ -155,7 +155,7 @@ jobs: run: | touch /tmp/tetragon.tar - name: Upload truncated file - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4 with: name: tetragon-build path: /tmp/tetragon.tar