diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7ac0430738d..001bfb57ecb 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -41,20 +41,20 @@ jobs: contents: read steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.6.0 + - uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true # will use the latest release available for ko - - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa + - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - name: Set up Cloud SDK - uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v0.8.1 + uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # v1.0.0 with: workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-cosign' service_account: 'github-actions@projectsigstore.iam.gserviceaccount.com' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ad98d3ffbc8..7702a0755dd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -47,10 +47,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Utilize Go Module Cache - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.3 + uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 with: path: | ~/go/pkg/mod @@ -60,7 +60,7 @@ jobs: ${{ runner.os }}-go- - name: Set correct version of Golang to use during CodeQL run - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.1.5 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/cross.yaml b/.github/workflows/cross.yaml index 94316735c9e..621c2b46001 100644 --- a/.github/workflows/cross.yaml +++ b/.github/workflows/cross.yaml @@ -1,13 +1,13 @@ on: push: paths: - - '**' - - '!**.md' - - '!doc/**' - - '!**.txt' - - '!images/**' - - '!LICENSE' - - 'test/**' + - '**' + - '!**.md' + - '!doc/**' + - '!**.txt' + - '!images/**' + - '!LICENSE' + - 'test/**' branches: - main - release-* @@ -37,12 +37,12 @@ jobs: COSIGN_PASSWORD: COSIGN_PASSWORD steps: - name: Install Go - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true - name: Checkout code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: build cosign run: | make cosign && mv ./cosign ./${{matrix.COSIGN_TARGET}} @@ -79,4 +79,3 @@ jobs: sget-* sget.-*sha256 sget-*.sig - diff --git a/.github/workflows/cut-release.yml b/.github/workflows/cut-release.yml index b00ac50bfaa..41fc01b999a 100644 --- a/.github/workflows/cut-release.yml +++ b/.github/workflows/cut-release.yml @@ -32,4 +32,3 @@ jobs: workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-cosign' service_account: 'github-actions-cosign@projectsigstore.iam.gserviceaccount.com' repo: 'cosign' - diff --git a/.github/workflows/e2e-with-binary.yml b/.github/workflows/e2e-with-binary.yml index da2d435a3ae..7624090d9ff 100644 --- a/.github/workflows/e2e-with-binary.yml +++ b/.github/workflows/e2e-with-binary.yml @@ -18,13 +18,13 @@ name: e2e-with-binary on: push: paths: - - '**' - - '!**.md' - - '!doc/**' - - '!**.txt' - - '!images/**' - - '!LICENSE' - - 'test/**' + - '**' + - '!**.md' + - '!doc/**' + - '!**.txt' + - '!images/**' + - '!LICENSE' + - 'test/**' branches: [ 'main' ] workflow_dispatch: @@ -45,8 +45,8 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/e2e_tests.yml b/.github/workflows/e2e_tests.yml index bb02eb7685e..0dfa1567f30 100644 --- a/.github/workflows/e2e_tests.yml +++ b/.github/workflows/e2e_tests.yml @@ -19,13 +19,13 @@ name: e2e-tests on: push: paths: - - '**' - - '!**.md' - - '!doc/**' - - '!**.txt' - - '!images/**' - - '!LICENSE' - - 'test/**' + - '**' + - '!**.md' + - '!doc/**' + - '!**.txt' + - '!images/**' + - '!LICENSE' + - 'test/**' branches: - "main" workflow_dispatch: @@ -43,13 +43,13 @@ jobs: os: [macos-latest, ubuntu-latest, windows-latest] steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v0.5.1 + uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 with: project_id: projectsigstore service_account_key: ${{ secrets.GCP_CI_SERVICE_ACCOUNT }} diff --git a/.github/workflows/github-oidc.yaml b/.github/workflows/github-oidc.yaml index 721b3991bfd..b9e31699a86 100644 --- a/.github/workflows/github-oidc.yaml +++ b/.github/workflows/github-oidc.yaml @@ -16,13 +16,13 @@ name: Test GitHub OIDC on: push: paths: - - '**' - - '!**.md' - - '!doc/**' - - '!**.txt' - - '!images/**' - - '!LICENSE' - - 'test/**' + - '**' + - '!**.md' + - '!doc/**' + - '!**.txt' + - '!images/**' + - '!LICENSE' + - 'test/**' branches: [ 'main', 'release-*' ] schedule: - cron: '0 1 * * *' # 1AM UTC @@ -43,15 +43,15 @@ jobs: KO_PREFIX: ghcr.io/${{ github.repository }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true cache: true # Install tools. - - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa + - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - name: build cosign from the HEAD run: | diff --git a/.github/workflows/kind-verify-attestation.yaml b/.github/workflows/kind-verify-attestation.yaml index dcb1f006fa4..5fa6fe62077 100644 --- a/.github/workflows/kind-verify-attestation.yaml +++ b/.github/workflows/kind-verify-attestation.yaml @@ -47,17 +47,17 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true # will use the latest release available for ko - - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa + - uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - name: Install yq - uses: mikefarah/yq@5e490527de24715db37869037083f7f391dde5a6 # v4.27.5 + uses: mikefarah/yq@5e490527de24715db37869037083f7f391dde5a6 # v4.29.2 - name: build cosign run: | diff --git a/.github/workflows/milestone.yaml b/.github/workflows/milestone.yaml index af21795b3b0..91d1c00f388 100644 --- a/.github/workflows/milestone.yaml +++ b/.github/workflows/milestone.yaml @@ -23,7 +23,7 @@ jobs: statuses: none steps: - - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.0 + - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.3 with: script: | if (!context.payload.pull_request.merged) { diff --git a/.github/workflows/scorecard_action.yml b/.github/workflows/scorecard_action.yml index 1727a07522c..c1e6ccd42bb 100644 --- a/.github/workflows/scorecard_action.yml +++ b/.github/workflows/scorecard_action.yml @@ -23,12 +23,12 @@ jobs: id-token: write steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.1 + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # vv2.0.6 with: results_file: results.sarif results_format: sarif @@ -44,7 +44,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v2.3.1 + uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index bee081d59c2..456d0fd9fe2 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,7 +1,7 @@ name: "Close stale issues/pull requests" on: schedule: - - cron: "30 1 * * *" + - cron: "30 1 * * *" jobs: stale: @@ -12,18 +12,18 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@9c1b1c6e115ca2af09755448e0dbba24e5061cc8 # v5.1.1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days.' - stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.' - close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.' - close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.' - stale-issue-label: 'no-issue-activity' - exempt-issue-labels: 'bug,core feature,enhancement,good first issue,help wanted,needs discussion' - stale-pr-label: 'no-pr-activity' - exempt-pr-labels: 'awaiting-approval,work-in-progress' - days-before-pr-stale: '30' - days-before-pr-close: '10' - days-before-issue-stale: '60' - days-before-close: '5' + - uses: actions/stale@5ebf00ea0e4c1561e9b43a292ed34424fb1d4578 # v6.0.1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days.' + stale-pr-message: 'This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 10 days.' + close-issue-message: 'This issue was closed because it has been stalled for 5 days with no activity.' + close-pr-message: 'This PR was closed because it has been stalled for 10 days with no activity.' + stale-issue-label: 'no-issue-activity' + exempt-issue-labels: 'bug,core feature,enhancement,good first issue,help wanted,needs discussion' + stale-pr-label: 'no-pr-activity' + exempt-pr-labels: 'awaiting-approval,work-in-progress' + days-before-pr-stale: '30' + days-before-pr-close: '10' + days-before-issue-stale: '60' + days-before-close: '5' diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index f9b07d8d04d..84b8e60c400 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -18,13 +18,13 @@ on: workflow_dispatch: push: paths: - - '**' - - '!**.md' - - '!doc/**' - - '!**.txt' - - '!images/**' - - '!LICENSE' - - 'test/**' + - '**' + - '!**.md' + - '!doc/**' + - '!**.txt' + - '!images/**' + - '!LICENSE' + - 'test/**' branches: ['main', 'release-*'] pull_request: @@ -46,9 +46,9 @@ jobs: OS: ${{ matrix.os }} steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.3 + - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 with: # In order: # * Module download cache @@ -63,7 +63,7 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -88,9 +88,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.3 + - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 with: # In order: # * Module download cache @@ -105,7 +105,7 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.1.5 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -130,14 +130,14 @@ jobs: name: Run PowerShell E2E tests runs-on: windows-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: ${{ env.GO_VERSION }} check-latest: true # https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds - - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.3 + - uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 with: # In order: # * Module download cache @@ -156,8 +156,8 @@ jobs: name: license boilerplate check runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -172,13 +172,13 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: 1.19 check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@07db5389c99593f11ad7b44463c2d4233066a9b1 # v3 + uses: golangci/golangci-lint-action@07db5389c99593f11ad7b44463c2d4233066a9b1 # v3.3.0 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. version: v1.49 diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index f4b8b44bb46..45545a5e3b7 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -43,7 +43,7 @@ jobs: COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.13.1@sha256:fd5b09be23ef1027e1bdd490ce78dcc65d2b15902e1f4ba8e04f3b4019cc1057 steps: - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.0.2 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - name: Check Signature run: | diff --git a/.github/workflows/verify-docgen.yaml b/.github/workflows/verify-docgen.yaml index 71f0f5836af..7b557f2c038 100644 --- a/.github/workflows/verify-docgen.yaml +++ b/.github/workflows/verify-docgen.yaml @@ -31,8 +31,8 @@ jobs: steps: - name: deps run: sudo apt-get update && sudo apt-get install -yq libpcsclite-dev - - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v2.4.0 - - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v2.2.0 + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 with: go-version: '1.19' check-latest: true diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index 07b89b5368e..e3c357c84bd 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 #v2.4.0 + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 - uses: chainguard-dev/actions/trailing-space@84c993eaf02da1c325854fb272a4df9184bd80fc # main if: ${{ always() }}