deps: update GitHub action dependencies (major) (#3746)

* deps: update GitHub action dependencies * allow unrestricted namespaces when building on ubuntu 24.04 --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2025-04-11 18:39:44 -04:00 · 2025-04-10 09:26:36 +02:00 · 2025-04-10 09:26:36 +02:00 · 55ffe967e4
commit 55ffe967e4
parent 8e6c934741
5 changed files with 12 additions and 6 deletions
--- a/.github/actions/check_measurements_reproducibility/action.yml
+++ b/.github/actions/check_measurements_reproducibility/action.yml
@ -30,6 +30,12 @@ runs:
          jd-diff-patch
          moreutils

+    - name: Allow unrestricted user namespaces
+      shell: bash
+      run: |
+        sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0
+        sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0
+
    - name: Build images
      id: build-images
      shell: bash
@ -46,12 +52,12 @@ runs:
      shell: bash
      run: |
        curl -fsLO https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/${{ inputs.version }}/image/measurements.json
-    
+
    - name: Cleanup release measurements and generate our own
      shell: bash
      run: |
        ${{ github.action_path }}/create_measurements.sh "${{ steps.build-images.outputs.buildPath }}"
-        
+
    - name: Compare measurements
      shell: bash
      run: |
--- a/.github/actions/setup_bazel_nix/action.yml
+++ b/.github/actions/setup_bazel_nix/action.yml
@ -114,7 +114,7 @@ runs:

    - name: Install nix
      if: steps.check_inputs.outputs.nixPreinstalled == 'false'
-      uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
+      uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31
      with:
        install_url: "https://releases.nixos.org/nix/nix-${{ steps.check_inputs.outputs.nixVersion }}/install"

--- a/.github/workflows/aws-snp-launchmeasurement.yml
+++ b/.github/workflows/aws-snp-launchmeasurement.yml
@ -17,7 +17,7 @@ jobs:
        path: constellation

    - name: Install Nix
-      uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
+      uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31

    - name: Download Firmware release
      id: download-firmware
--- a/.github/workflows/check-measurements-reproducibility.yml
+++ b/.github/workflows/check-measurements-reproducibility.yml
@ -13,7 +13,7 @@ on:

 jobs:
  check-reproducibility:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
--- a/.github/workflows/e2e-windows.yml
+++ b/.github/workflows/e2e-windows.yml
@ -52,7 +52,7 @@ jobs:

  e2e-test:
    name: E2E Test Windows
-    runs-on: windows-2022
+    runs-on: windows-2025
    needs: build-cli
    steps:
      - name: Checkout