diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 990bf8ce..99e847af 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -71,7 +71,7 @@ jobs: matrix: # Python versions to run tests for python-version: ["3.11"] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up Python ${{ matrix.python-version }} @@ -90,7 +90,7 @@ jobs: pytest test-k8s: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # disabled since the major deployment platform is currently # docker compose anyways if: ${{ false }} @@ -158,14 +158,14 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: kind-cluster-dump.txt path: | kind-cluster-dump.txt build-air-gapped-installer: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: ${{ github.event_name == 'pull_request' }} steps: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml index 0c367392..462b1945 100644 --- a/.github/workflows/lint-pr-title.yaml +++ b/.github/workflows/lint-pr-title.yaml @@ -12,7 +12,7 @@ permissions: read-all jobs: check-pr-title: name: Validate PR title - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: pull-requests: write steps: diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 0c9c41fb..b60075e0 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -9,12 +9,12 @@ permissions: read-all jobs: release-please: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: write pull-requests: write steps: - - uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3.7.13 + - uses: google-github-actions/release-please-action@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee # v4.1.1 with: token: ${{ secrets.RELEASE_PLEASE_GITHUB_TOKEN }} release-type: simple diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 721eb18f..6c1e18b9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -8,7 +8,7 @@ permissions: {} jobs: publish-helm-chart: name: publish helm chart - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write @@ -65,7 +65,7 @@ jobs: cosign sign --yes "ghcr.io/${{ github.repository }}/charts/prerequisites:${CHART_VERSION}" - - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: helm-charts path: | @@ -73,7 +73,7 @@ jobs: prerequisites-chart.tgz build-air-gapped-installer: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 @@ -81,7 +81,7 @@ jobs: ./build-air-gapped-installer.sh - name: Upload air-gapped installer artifact - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: air-gapped-installers path: | @@ -91,7 +91,7 @@ jobs: prepare-artifacts: name: prepare artifacts - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - publish-helm-chart - build-air-gapped-installer @@ -104,13 +104,13 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Download Helm chart - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: helm-charts path: /tmp - name: Download air-gapped installers - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: air-gapped-installers path: /tmp @@ -137,7 +137,7 @@ jobs: echo "hashes=$(base64 -w0 < checksums.sha256)" >> "$GITHUB_OUTPUT" - name: upload assets to release - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # tag=v1 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2 with: files: | dist/*.tgz @@ -151,7 +151,7 @@ jobs: id-token: write contents: write # can't be referenced by digest. See - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.prepare-artifacts.outputs.hashes }}" compile-generator: true # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163 diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index c552a586..59edfabe 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@ff15f0306b3f739f7b6fd43fb5d26cd321bd4de5 # v3.2.1 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4d85deb8548d03be541760228f3fe9e6a4d5d27d # v2.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif