diff --git a/.github/workflows/acceptance_tests_eks.yaml b/.github/workflows/acceptance_tests_eks.yaml index 8b7cfb4ce7..93360a6ca2 100644 --- a/.github/workflows/acceptance_tests_eks.yaml +++ b/.github/workflows/acceptance_tests_eks.yaml @@ -36,18 +36,13 @@ jobs: acceptance_tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 + uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0 with: aws-region: ${{ github.event.inputs.region }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -56,7 +51,7 @@ jobs: role-session-name: github-actions-tests-${{ github.run_number }} role-duration-seconds: 14400 - name: Install Terraform - uses: hashicorp/setup-terraform@v1 + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: terraform_version: ${{ github.event.inputs.terraformVersion }} - name: Provision EKS Cluster diff --git a/.github/workflows/acceptance_tests_gke.yaml b/.github/workflows/acceptance_tests_gke.yaml index 0897853e78..397fec35fe 100644 --- a/.github/workflows/acceptance_tests_gke.yaml +++ b/.github/workflows/acceptance_tests_gke.yaml @@ -45,23 +45,18 @@ jobs: env: KUBECONFIG: ${{ github.workspace }}/kubernetes/test-infra/gke/kubeconfig steps: - - uses: actions/checkout@v3 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: Authenticate to Google Cloud - uses: "google-github-actions/auth@v0" + uses: google-github-actions/auth@v1 with: credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }} access_token_lifetime: "10800s" - name: Install Terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: terraform_version: ${{ github.event.inputs.terraformVersion }} terraform_wrapper: false @@ -75,7 +70,7 @@ jobs: terraform init terraform apply -auto-approve - name: "Persist state" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: gke-cluster retention-days: 1 @@ -89,16 +84,11 @@ jobs: outputs: test-case-matrix: ${{ steps.generate.outputs.test-case-matrix }} steps: - - uses: actions/checkout@v3 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: "Generate testcase matrix" id: generate run: | @@ -106,7 +96,7 @@ jobs: ./kubernetes.test -test.list '${{ github.event.inputs.runTests }}' | go run tools/batchacc.go -sort -depth 3 | tee groups.json echo "::set-output name=test-case-matrix::$(cat groups.json)" - name: "Persist test binary" - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: test-binary retention-days: 1 @@ -122,23 +112,18 @@ jobs: matrix: test-case: ${{ fromJson(needs.generate-case-matrix.outputs.test-case-matrix) }} steps: - - uses: actions/checkout@v3 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: Authenticate to Google Cloud - uses: "google-github-actions/auth@v0" + uses: google-github-actions/auth@v1 with: credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }} access_token_lifetime: "10800s" - name: "Set up Cloud SDK" - uses: "google-github-actions/setup-gcloud@v0" + uses: google-github-actions/setup-gcloud@v1 with: install_components: "beta,gke-gcloud-auth-plugin" - name: "Initialize gcloud SDK" @@ -146,13 +131,13 @@ jobs: gcloud init gcloud info - name: "Fetch kubeconfig" - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: gke-cluster path: | ${{ github.workspace }}/kubernetes/test-infra/gke - name: "Fetch test binary" - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: test-binary path: | @@ -171,25 +156,25 @@ jobs: needs: [prepare-gke-environment, acceptance-tests] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: "Retrieve state" - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: gke-cluster path: | ${{ github.workspace }}/kubernetes/test-infra/gke - name: Authenticate to Google Cloud - uses: "google-github-actions/auth@v0" + uses: google-github-actions/auth@v1 with: credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }} access_token_lifetime: "10800s" - name: Install Terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: terraform_version: ${{ github.event.inputs.terraformVersion }} terraform_wrapper: false - name: "Set up Cloud SDK" - uses: "google-github-actions/setup-gcloud@v0" + uses: google-github-actions/setup-gcloud@v1 with: install_components: "beta,gke-gcloud-auth-plugin" - name: "Initialize gcloud SDK" diff --git a/.github/workflows/acceptance_tests_kind.yaml b/.github/workflows/acceptance_tests_kind.yaml index e38713a5ff..c53aeeee9d 100644 --- a/.github/workflows/acceptance_tests_kind.yaml +++ b/.github/workflows/acceptance_tests_kind.yaml @@ -17,22 +17,17 @@ jobs: acceptance_tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: Install Terraform - uses: hashicorp/setup-terraform@v1 + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: terraform_version: ${{ github.event.inputs.terraformVersion }} - name: Setup kind - uses: engineerd/setup-kind@v0.5.0 + uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: version: v${{ github.event.inputs.kindVersion }} - name: Run Acceptance Test Suite diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml index f624459fd0..40c09cdff2 100644 --- a/.github/workflows/changelog-checker.yml +++ b/.github/workflows/changelog-checker.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 # by default the checkout action doesn't checkout all branches @@ -32,4 +32,4 @@ jobs: exit 1 else echo "Found .changelog entry in PR!" - fi \ No newline at end of file + fi diff --git a/.github/workflows/check_examples.yaml b/.github/workflows/check_examples.yaml index a960aeb444..2947a86233 100644 --- a/.github/workflows/check_examples.yaml +++ b/.github/workflows/check_examples.yaml @@ -27,24 +27,19 @@ jobs: KUBE_CONFIG_PATH: "~/.kube/config" TERM: linux steps: - - uses: hashicorp/setup-terraform@v1 + - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: terraform_version: ${{ matrix.terraform_version }} - - uses: actions/checkout@v2 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: Go mod verify run: go mod verify - name: Go build run: go build - - uses: engineerd/setup-kind@v0.5.0 + - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: version: "v0.11.1" - name: Check examples run diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5c9874c9d8..54f1373d8c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. @@ -38,7 +38,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@515828d97454b8354517688ddc5b48402b723750 # v2.1.38 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -49,7 +49,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@515828d97454b8354517688ddc5b48402b723750 # v2.1.38 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -63,4 +63,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@515828d97454b8354517688ddc5b48402b723750 # v2.1.38 diff --git a/.github/workflows/issue-comment-created.yml b/.github/workflows/issue-comment-created.yml index ff22567549..0c4f898c40 100644 --- a/.github/workflows/issue-comment-created.yml +++ b/.github/workflows/issue-comment-created.yml @@ -8,7 +8,7 @@ jobs: issue_comment_triage: runs-on: ubuntu-latest steps: - - uses: actions-ecosystem/action-remove-labels@v1 + - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0 with: labels: | stale diff --git a/.github/workflows/issue-opened.yml b/.github/workflows/issue-opened.yml index c3a4c065d8..ffc5cdd73d 100644 --- a/.github/workflows/issue-opened.yml +++ b/.github/workflows/issue-opened.yml @@ -8,8 +8,8 @@ jobs: issue_triage: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: github/issue-labeler@v2.4 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: github/issue-labeler@6ca237433dbbb8e475241b7f38f4600d9e296c57 # v2.5 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" configuration-path: .github/labeler-issue-triage.yml diff --git a/.github/workflows/manifest_acc.yaml b/.github/workflows/manifest_acc.yaml index d7a0146d08..537ed5dc1d 100644 --- a/.github/workflows/manifest_acc.yaml +++ b/.github/workflows/manifest_acc.yaml @@ -28,17 +28,12 @@ jobs: - 1.1.9 - 1.0.11 steps: - - uses: actions/checkout@v2 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} - - uses: engineerd/setup-kind@v0.5.0 + go-version-file: 'go.mod' + - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 with: version: v0.11.1 image: kindest/node:${{ matrix.kubernetes_version }} diff --git a/.github/workflows/manifest_unit.yaml b/.github/workflows/manifest_unit.yaml index 87b9e3b413..b0ab8ee43d 100644 --- a/.github/workflows/manifest_unit.yaml +++ b/.github/workflows/manifest_unit.yaml @@ -16,16 +16,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 - - name: Read go-version - id: go-version - uses: juliangruber/read-file-action@v1 - with: - path: ./.go-version + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: - go-version: ${{ steps.go-version.outputs.content }} + go-version-file: 'go.mod' - name: Go mod verify run: go mod verify - name: Run unit tests diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index e5d75a5625..2174966a59 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -6,7 +6,7 @@ jobs: triage: runs-on: ubuntu-latest steps: - - uses: actions/labeler@v3 + - uses: actions/labeler@5c7539237e04b714afd8ad9b4aed733815b9fab4 # v4.0.2 with: configuration-path: .github/labeler-pull-request-triage.yml repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c0c4859b41..2152b9ccd5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,18 +14,18 @@ jobs: outputs: version: ${{ steps.go-version.outputs.version }} steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - id: go-version run: echo "::set-output name=version::$(cat ./.go-version)" release-notes: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: fetch-depth: 0 - name: Generate Release Notes run: sed -n -e "1{/# /d;}" -e "2{/^$/d;}" -e "/# $(git describe --abbrev=0 --exclude="$(git describe --abbrev=0 --match='v*.*.*' --tags)" --match='v*.*.*' --tags | tr -d v)/q;p" CHANGELOG.md > release-notes.txt - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: release-notes path: release-notes.txt diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f17cfd00d4..994d56b432 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,9 +10,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Run markdown link checker - uses: gaurav-nelson/github-action-markdown-link-check@0fe4911067fa322422f325b002d2038ba5602170 + uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1.0.14 with: config-file: '.github/workflows/markdown.links.config.json' folder-path: 'website/' @@ -25,19 +25,19 @@ jobs: os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - - name: Install Go - uses: actions/setup-go@37335c7bb261b353407cff977110895fa0b4f7d8 + - name: Set up Go + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ matrix.go-version }} # Secrets are not available on pull requests. - name: Login to Docker Hub if: github.ref == 'refs/heads/main' - uses: docker/login-action@v1 + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0 with: username: ${{ secrets.RO_DOCKERHUB_USER }} password: ${{ secrets.RO_DOCKERHUB_TOKEN }} - name: Checkout code - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - name: Install cookie run: scripts/gogetcookie.sh - name: Run tests