Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-25 23:49:37 -05:00
Code Issues Packages Projects Releases Wiki Activity

deps: update all 3rdparty github actions

Browse Source
This commit is contained in:
Malte Poll 2024-02-21 15:29:06 +01:00
parent cdd80a4f3f
commit 2300a31276
47 changed files with 81 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/artifact_download/action.yml vendored
View File

@ -28,7 +28,7 @@ runs:
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT" run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
- name: Download the artifact - name: Download the artifact
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: ${{ inputs.name }} name: ${{ inputs.name }}
path: ${{ steps.tempdir.outputs.directory }} path: ${{ steps.tempdir.outputs.directory }}

2
.github/actions/build_cli/action.yml vendored
View File

@ -79,7 +79,7 @@ runs:
# once it has the functionality # once it has the functionality
- name: Install Cosign - name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@c85d0e205a72a294fe064f618a87dbac13084086 # v2.8.1 uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: Install Rekor - name: Install Rekor
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''

4
.github/actions/build_micro_service/action.yml vendored
View File

@ -42,7 +42,7 @@ runs:
- name: Docker metadata - name: Docker metadata
id: meta id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: | images: |
ghcr.io/${{ github.repository }}/${{ inputs.name }} ghcr.io/${{ github.repository }}/${{ inputs.name }}
@ -62,7 +62,7 @@ runs:
- name: Build and push container image - name: Build and push container image
id: build-micro-service id: build-micro-service
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with: with:
context: . context: .
file: ${{ inputs.dockerfile }} file: ${{ inputs.dockerfile }}

4
.github/actions/cdbg_deploy/action.yml vendored
View File

@ -54,7 +54,7 @@ runs:
- name: Login to AWS (IAM service principal) - name: Login to AWS (IAM service principal)
if: inputs.cloudProvider == 'aws' if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1 aws-region: eu-central-1
@ -73,7 +73,7 @@ runs:
- name: Login to AWS (Cluster service principal) - name: Login to AWS (Cluster service principal)
if: inputs.cloudProvider == 'aws' if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1 aws-region: eu-central-1

3
.github/actions/constellation_destroy/action.yml vendored
View File

@ -58,7 +58,7 @@ runs:
- name: Login to AWS (Cluster role) - name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws' if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1 aws-region: eu-central-1
@ -75,4 +75,3 @@ runs:
shell: bash shell: bash
run: | run: |
constellation terminate --yes --tf-log=DEBUG constellation terminate --yes --tf-log=DEBUG

2
.github/actions/constellation_iam_destroy/action.yml vendored
View File

@ -23,7 +23,7 @@ runs:
- name: Login to AWS (IAM role) - name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws' if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/actions/container_sbom/action.yml vendored
View File

@ -19,7 +19,7 @@ runs:
steps: steps:
- name: Install Cosign - name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@c85d0e205a72a294fe064f618a87dbac13084086 # v2.8.1 uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: Download Syft & Grype - name: Download Syft & Grype
uses: ./.github/actions/install_syft_grype uses: ./.github/actions/install_syft_grype

2
.github/actions/deploy_logcollection/action.yml vendored
View File

@ -67,7 +67,7 @@ runs:
# Make sure that helm is installed # Make sure that helm is installed
# This is not always the case, e.g. on MacOS runners # This is not always the case, e.g. on MacOS runners
- name: Install Helm - name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 uses: azure/setup-helm@29960d0f5f19214b88e1d9ba750a9914ab0f1a2f # v4.0.0
with: with:
version: v3.9.0 version: v3.9.0

20
.github/actions/download_release_binaries/action.yml vendored
View File

@ -5,51 +5,51 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Download CLI binaries darwin-amd64 - name: Download CLI binaries darwin-amd64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-darwin-amd64 name: constellation-darwin-amd64
- name: Download CLI binaries darwin-arm64 - name: Download CLI binaries darwin-arm64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-darwin-arm64 name: constellation-darwin-arm64
- name: Download CLI binaries linux-amd64 - name: Download CLI binaries linux-amd64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-linux-amd64 name: constellation-linux-amd64
- name: Download CLI binaries linux-arm64 - name: Download CLI binaries linux-arm64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-linux-arm64 name: constellation-linux-arm64
- name: Download CLI binaries windows-amd64 - name: Download CLI binaries windows-amd64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-windows-amd64 name: constellation-windows-amd64
- name: Download Terraform module - name: Download Terraform module
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: terraform-module name: terraform-module
- name: Download Terraform provider binary darwin-amd64 - name: Download Terraform provider binary darwin-amd64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: terraform-provider-constellation-darwin-amd64 name: terraform-provider-constellation-darwin-amd64
- name: Download Terraform provider binary darwin-arm64 - name: Download Terraform provider binary darwin-arm64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: terraform-provider-constellation-darwin-arm64 name: terraform-provider-constellation-darwin-arm64
- name: Download Terraform provider binary linux-amd64 - name: Download Terraform provider binary linux-amd64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: terraform-provider-constellation-linux-amd64 name: terraform-provider-constellation-linux-amd64
- name: Download Terraform provider binary linux-arm64 - name: Download Terraform provider binary linux-arm64
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: terraform-provider-constellation-linux-arm64 name: terraform-provider-constellation-linux-arm64

2
.github/actions/e2e_attestationconfigapi/action.yml vendored
View File

@ -25,7 +25,7 @@ runs:
buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }} buildBuddyApiKey: ${{ inputs.buildBuddyApiKey }}
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubTestResourceAPI role-to-assume: arn:aws:iam::795746500882:role/GithubTestResourceAPI
aws-region: eu-west-1 aws-region: eu-west-1

2
.github/actions/e2e_benchmark/action.yml vendored
View File

@ -150,7 +150,7 @@ runs:
encryptionSecret: ${{ inputs.encryptionSecret }} encryptionSecret: ${{ inputs.encryptionSecret }}
- name: Assume AWS role to retrieve and update benchmarks in S3 - name: Assume AWS role to retrieve and update benchmarks in S3
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks
aws-region: us-east-2 aws-region: us-east-2

2
.github/actions/e2e_mini/action.yml vendored
View File

@ -25,7 +25,7 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Install terraform - name: Install terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
with: with:
terraform_wrapper: false terraform_wrapper: false

2
.github/actions/e2e_sonobuoy/action.yml vendored
View File

@ -64,7 +64,7 @@ runs:
- name: Publish test results - name: Publish test results
if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e') if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e')
uses: mikepenz/action-junit-report@150e2f992e4fad1379da2056d1d1c279f520e058 # v3.8.0 uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 # v4.1.0
with: with:
report_paths: "**/junit_01.xml" report_paths: "**/junit_01.xml"
fail_on_failure: true fail_on_failure: true

4
.github/actions/e2e_test/action.yml vendored
View File

@ -220,7 +220,7 @@ runs:
- name: Login to AWS (IAM role) - name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws' if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1 aws-region: eu-central-1
@ -269,7 +269,7 @@ runs:
- name: Login to AWS (Cluster role) - name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws' if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/actions/e2e_verify/action.yml vendored
View File

@ -78,7 +78,7 @@ runs:
- name: Login to AWS - name: Login to AWS
if: github.ref_name == 'main' if: github.ref_name == 'main'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/actions/find_latest_image/action.yml vendored
View File

@ -38,7 +38,7 @@ runs:
- name: Login to AWS - name: Login to AWS
if: inputs.imageVersion == '' if: inputs.imageVersion == ''
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/actions/login_azure/action.yml vendored
View File

@ -10,6 +10,6 @@ runs:
# As described at: # As described at:
# https://github.com/Azure/login#configure-deployment-credentials # https://github.com/Azure/login#configure-deployment-credentials
- name: Login to Azure - name: Login to Azure
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with: with:
creds: ${{ inputs.azure_credentials }} creds: ${{ inputs.azure_credentials }}

4
.github/actions/login_gcp/action.yml vendored
View File

@ -20,11 +20,11 @@ runs:
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV" echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
- name: Authorize GCP access - name: Authorize GCP access
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1 uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1
with: with:
workload_identity_provider: projects/796962942582/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider workload_identity_provider: projects/796962942582/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider
service_account: ${{ inputs.service_account }} service_account: ${{ inputs.service_account }}
# Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil. # Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil.
- name: Set up Cloud SDK - name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0

2
.github/actions/notify_e2e_failure/action.yml vendored
View File

@ -37,7 +37,7 @@ runs:
run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV run: echo "CURRENT_DATE=$(date +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
- name: Encode URI component - name: Encode URI component
uses: Ablestor/encode-uri-component-action@v1.1 uses: Ablestor/encode-uri-component-action@790ea01bcf2d5ca4d0dbe8c15351a87b47f22f61 # v1.3
id: encode-uri-component id: encode-uri-component
with: with:
string: ${{ inputs.test }} string: ${{ inputs.test }}

2
.github/actions/publish_helmchart/action.yml vendored
View File

@ -29,7 +29,7 @@ runs:
echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT
- name: Create pull request - name: Create pull request
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with: with:
path: helm path: helm
branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}" branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}"

2
.github/actions/select_image/action.yml vendored
View File

@ -18,7 +18,7 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/actions/setup_bazel_nix/action.yml vendored
View File

@ -120,7 +120,7 @@ runs:
- name: Install nix - name: Install nix
if: steps.check_inputs.outputs.nixPreinstalled == 'false' if: steps.check_inputs.outputs.nixPreinstalled == 'false'
uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
- name: Set $USER if not set - name: Set $USER if not set
shell: bash shell: bash

4
.github/workflows/aws-snp-launchmeasurement.yml vendored
View File

@ -23,11 +23,11 @@ jobs:
sudo python3 -m pip install --user --require-hashes -r constellation/.github/workflows/aws-snp-launchmeasurements-requirements.txt sudo python3 -m pip install --user --require-hashes -r constellation/.github/workflows/aws-snp-launchmeasurements-requirements.txt
- name: Install Nix - name: Install Nix
uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
- name: Download Firmware release - name: Download Firmware release
id: download-firmware id: download-firmware
uses: robinraju/release-downloader@efa4cd07bd0195e6cc65e9e30c251b49ce4d3e51 # tag=v1.8 uses: robinraju/release-downloader@368754b9c6f47c345fcfbf42bcb577c2f0f5f395 # v1.9
with: with:
repository: aws/uefi repository: aws/uefi
latest: true latest: true

4
.github/workflows/build-ccm-gcp.yml vendored
View File

@ -76,7 +76,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: | images: |
ghcr.io/edgelesssys/cloud-provider-gcp ghcr.io/edgelesssys/cloud-provider-gcp
@ -113,7 +113,7 @@ jobs:
- name: Build and push container image - name: Build and push container image
id: build id: build
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with: with:
context: ./cloud-provider-gcp context: ./cloud-provider-gcp
push: ${{ github.ref_name == 'main' }} push: ${{ github.ref_name == 'main' }}

4
.github/workflows/build-gcp-guest-agent.yml vendored
View File

@ -85,7 +85,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
if: steps.needs-build.outputs.out == 'true' if: steps.needs-build.outputs.out == 'true'
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with: with:
images: | images: |
${{ env.REGISTRY }}/edgelesssys/gcp-guest-agent ${{ env.REGISTRY }}/edgelesssys/gcp-guest-agent
@ -114,7 +114,7 @@ jobs:
- name: Build and push container image - name: Build and push container image
if: steps.needs-build.outputs.out == 'true' if: steps.needs-build.outputs.out == 'true'
id: build id: build
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with: with:
context: ./guest-agent context: ./guest-agent
file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile

2
.github/workflows/build-os-image-scheduled.yml vendored
View File

@ -99,7 +99,7 @@ jobs:
run: rm -f internal/attestation/measurements/measurement-generator/generate run: rm -f internal/attestation/measurements/measurement-generator/generate
- name: Create pull request - name: Create pull request
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with: with:
branch: "image/automated/update-measurements-${{ github.run_number }}" branch: "image/automated/update-measurements-${{ github.run_number }}"
base: main base: main

2
.github/workflows/build-os-image.yml vendored
View File

@ -147,7 +147,7 @@ jobs:
useCache: "false" useCache: "false"
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/workflows/check-links.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Link Checker - name: Link Checker
uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0 uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3
with: with:
args: "--config ./.lychee.toml './**/*.md' './**/*.html'" args: "--config ./.lychee.toml './**/*.md' './**/*.html'"
fail: true fail: true

4
.github/workflows/codeql.yml vendored
View File

@ -44,7 +44,7 @@ jobs:
cache: false cache: false
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1 uses: github/codeql-action/init@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
@ -63,6 +63,6 @@ jobs:
echo "::endgroup::" echo "::endgroup::"
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1 uses: github/codeql-action/analyze@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
with: with:
category: "/language:${{ matrix.language }}" category: "/language:${{ matrix.language }}"

14
.github/workflows/draft-release.yml vendored
View File

@ -227,7 +227,7 @@ jobs:
uses: ./.github/actions/download_release_binaries uses: ./.github/actions/download_release_binaries
- name: Download CLI SBOM - name: Download CLI SBOM
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation.spdx.sbom name: constellation.spdx.sbom
@ -261,7 +261,7 @@ jobs:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
- name: Install Cosign - name: Install Cosign
uses: sigstore/cosign-installer@c85d0e205a72a294fe064f618a87dbac13084086 # v2.8.1 uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: Download Syft & Grype - name: Download Syft & Grype
uses: ./.github/actions/install_syft_grype uses: ./.github/actions/install_syft_grype
@ -340,12 +340,12 @@ jobs:
uses: ./.github/actions/download_release_binaries uses: ./.github/actions/download_release_binaries
- name: Download CLI SBOM - name: Download CLI SBOM
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation.spdx.sbom name: constellation.spdx.sbom
- name: Download provenance - name: Download provenance
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: ${{ needs.provenance.outputs.provenance-name }} name: ${{ needs.provenance.outputs.provenance-name }}
@ -418,17 +418,17 @@ jobs:
uses: ./.github/actions/download_release_binaries uses: ./.github/actions/download_release_binaries
- name: Download CLI SBOM - name: Download CLI SBOM
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation.spdx.sbom name: constellation.spdx.sbom
- name: Download Constellation CLI SBOM's signature - name: Download Constellation CLI SBOM's signature
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation.spdx.sbom.sig name: constellation.spdx.sbom.sig
- name: Download Constellation provenance - name: Download Constellation provenance
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: ${{ needs.provenance.outputs.provenance-name }} name: ${{ needs.provenance.outputs.provenance-name }}

2
.github/workflows/e2e-mini.yml vendored
View File

@ -34,7 +34,7 @@ jobs:
ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }} ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with: with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}

2
.github/workflows/e2e-test-daily.yml vendored
View File

@ -153,7 +153,7 @@ jobs:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with: with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}

2
.github/workflows/e2e-test-release.yml vendored
View File

@ -282,7 +282,7 @@ jobs:
- name: Set up gcloud CLI (macOS) - name: Set up gcloud CLI (macOS)
if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS' if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
- name: Run E2E test - name: Run E2E test
id: e2e_test id: e2e_test

2
.github/workflows/e2e-test-weekly.yml vendored
View File

@ -385,7 +385,7 @@ jobs:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with: with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}

2
.github/workflows/e2e-test.yml vendored
View File

@ -221,7 +221,7 @@ jobs:
- name: Set up gcloud CLI (macOS) - name: Set up gcloud CLI (macOS)
if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS' if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0
- name: Run manual E2E test - name: Run manual E2E test
id: e2e_test id: e2e_test

10
.github/workflows/e2e-upgrade.yml vendored
View File

@ -298,7 +298,7 @@ jobs:
buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }} buildBuddyApiKey: ${{ secrets.BUILDBUDDY_ORG_API_KEY }}
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1 aws-region: eu-central-1
@ -320,7 +320,7 @@ jobs:
- name: Login to AWS (IAM role) - name: Login to AWS (IAM role)
if: needs.generate-input-parameters.outputs.cloudProvider == 'aws' if: needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1 aws-region: eu-central-1
@ -334,7 +334,7 @@ jobs:
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
- name: Download CLI - name: Download CLI
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-upgrade-${{ inputs.attestationVariant }} name: constellation-upgrade-${{ inputs.attestationVariant }}
path: build path: build
@ -376,7 +376,7 @@ jobs:
- name: Login to AWS (Cluster role) - name: Login to AWS (Cluster role)
if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'aws' if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1 aws-region: eu-central-1
@ -457,7 +457,7 @@ jobs:
ref: ${{ inputs.gitRef }} ref: ${{ inputs.gitRef }}
- name: Download CLI - name: Download CLI
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: constellation-upgrade-${{ inputs.attestationVariant }} name: constellation-upgrade-${{ inputs.attestationVariant }}
path: build path: build

2
.github/workflows/e2e-windows.yml vendored
View File

@ -50,7 +50,7 @@ jobs:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download CLI artifact - name: Download CLI artifact
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
name: "constell-exe" name: "constell-exe"

2
.github/workflows/on-release.yml vendored
View File

@ -144,7 +144,7 @@ jobs:
useCache: "false" useCache: "false"
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/workflows/purge-main.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
ref: ${{ github.head_ref }} ref: ${{ github.head_ref }}
- name: Login to AWS - name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1 aws-region: eu-central-1

2
.github/workflows/release.yml vendored
View File

@ -96,7 +96,7 @@ jobs:
npm run docusaurus docs:version "${MAJOR_MINOR}" npm run docusaurus docs:version "${MAJOR_MINOR}"
- name: Create docs pull request - name: Create docs pull request
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with: with:
branch: ${{ env.BRANCH }} branch: ${{ env.BRANCH }}
base: main base: main

4
.github/workflows/reproducible-builds.yml vendored
View File

@ -145,7 +145,7 @@ jobs:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download binaries - name: Download binaries
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
pattern: "binaries-${{ matrix.target }}-*" pattern: "binaries-${{ matrix.target }}-*"
merge-multiple: true merge-multiple: true
@ -179,7 +179,7 @@ jobs:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download os images - name: Download os images
uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110 # v4.1.0 uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
with: with:
pattern: "osimages-${{ matrix.target }}-*" pattern: "osimages-${{ matrix.target }}-*"
merge-multiple: true merge-multiple: true

4
.github/workflows/scorecard.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
persist-credentials: false persist-credentials: false
- name: Run analysis - name: Run analysis
uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
with: with:
results_file: results.sarif results_file: results.sarif
results_format: sarif results_format: sarif
@ -37,6 +37,6 @@ jobs:
retention-days: 5 retention-days: 5
- name: Upload to code-scanning - name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1 uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
with: with:
sarif_file: results.sarif sarif_file: results.sarif

4
.github/workflows/sync-terraform-docs.yml vendored
View File

@ -40,7 +40,7 @@ jobs:
- name: Create pull request - name: Create pull request
id: create-pull-request id: create-pull-request
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with: with:
path: terraform-provider-constellation path: terraform-provider-constellation
branch: "feat/docs/update" branch: "feat/docs/update"
@ -58,7 +58,7 @@ jobs:
delete-branch: true delete-branch: true
- name: Merge pull request - name: Merge pull request
uses: peter-evans/enable-pull-request-automerge@v3 uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3.0.0
with: with:
pull-request-number: ${{ steps.create-pull-request.outputs.pull-request-number }} pull-request-number: ${{ steps.create-pull-request.outputs.pull-request-number }}
merge-method: squash merge-method: squash

2
.github/workflows/test-tidy.yml vendored
View File

@ -38,7 +38,7 @@ jobs:
- name: Assume AWS role to upload Bazel dependencies to S3 - name: Assume AWS role to upload Bazel dependencies to S3
if: startsWith(github.head_ref, 'renovate/') if: startsWith(github.head_ref, 'renovate/')
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1 aws-region: eu-central-1

4
.github/workflows/test-unittest.yml vendored
View File

@ -50,7 +50,7 @@ jobs:
rm -rf awscliv2.zip aws rm -rf awscliv2.zip aws
- name: Login to AWS (IAM role) - name: Login to AWS (IAM role)
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionGocoverage role-to-assume: arn:aws:iam::795746500882:role/GithubActionGocoverage
aws-region: eu-central-1 aws-region: eu-central-1
@ -70,7 +70,7 @@ jobs:
- name: Comment coverage - name: Comment coverage
if: steps.coverage.outputs.uploadable == 'true' && github.event_name == 'pull_request' if: steps.coverage.outputs.uploadable == 'true' && github.event_name == 'pull_request'
uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0 uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
with: with:
header: coverage header: coverage
path: coverage_diff.md path: coverage_diff.md

4
.github/workflows/update-rpms.yml vendored
View File

@ -16,7 +16,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Assume AWS role to upload Bazel dependencies to S3 - name: Assume AWS role to upload Bazel dependencies to S3
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1 aws-region: eu-central-1
@ -40,7 +40,7 @@ jobs:
fi fi
- name: Create pull request - name: Create pull request
uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
with: with:
branch: "image/automated/update-rpms-${{ github.run_number }}" branch: "image/automated/update-rpms-${{ github.run_number }}"
base: main base: main

6
.github/workflows/versionsapi.yml vendored
View File

@ -149,21 +149,21 @@ jobs:
- name: Login to AWS without write access - name: Login to AWS without write access
if: steps.check-rights.outputs.write == 'false' if: steps.check-rights.outputs.write == 'false'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1 aws-region: eu-central-1
- name: Login to AWS with write access - name: Login to AWS with write access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false' if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite
aws-region: eu-central-1 aws-region: eu-central-1
- name: Login to AWS with write and image remove access - name: Login to AWS with write and image remove access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true' if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true'
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with: with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove
aws-region: eu-central-1 aws-region: eu-central-1