From 55ffe967e40ef9a0ed4bb2fdf49afab328f0cf12 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 10 Apr 2025 09:26:36 +0200 Subject: [PATCH] deps: update GitHub action dependencies (major) (#3746) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update GitHub action dependencies * allow unrestricted namespaces when building on ubuntu 24.04 --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße --- .../check_measurements_reproducibility/action.yml | 10 ++++++++-- .github/actions/setup_bazel_nix/action.yml | 2 +- .github/workflows/aws-snp-launchmeasurement.yml | 2 +- .../workflows/check-measurements-reproducibility.yml | 2 +- .github/workflows/e2e-windows.yml | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/.github/actions/check_measurements_reproducibility/action.yml b/.github/actions/check_measurements_reproducibility/action.yml index ea2407115..184e1221f 100644 --- a/.github/actions/check_measurements_reproducibility/action.yml +++ b/.github/actions/check_measurements_reproducibility/action.yml @@ -30,6 +30,12 @@ runs: jd-diff-patch moreutils + - name: Allow unrestricted user namespaces + shell: bash + run: | + sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0 + sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0 + - name: Build images id: build-images shell: bash @@ -46,12 +52,12 @@ runs: shell: bash run: | curl -fsLO https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/${{ inputs.version }}/image/measurements.json - + - name: Cleanup release measurements and generate our own shell: bash run: | ${{ github.action_path }}/create_measurements.sh "${{ steps.build-images.outputs.buildPath }}" - + - name: Compare measurements shell: bash run: | diff --git a/.github/actions/setup_bazel_nix/action.yml b/.github/actions/setup_bazel_nix/action.yml index 97beb3a6f..b1981c7a8 100644 --- a/.github/actions/setup_bazel_nix/action.yml +++ b/.github/actions/setup_bazel_nix/action.yml @@ -114,7 +114,7 @@ runs: - name: Install nix if: steps.check_inputs.outputs.nixPreinstalled == 'false' - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 + uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31 with: install_url: "https://releases.nixos.org/nix/nix-${{ steps.check_inputs.outputs.nixVersion }}/install" diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index 5f923de2f..0f0cc0220 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -17,7 +17,7 @@ jobs: path: constellation - name: Install Nix - uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 + uses: cachix/install-nix-action@d1ca217b388ee87b2507a9a93bf01368bde7cec2 # v31 - name: Download Firmware release id: download-firmware diff --git a/.github/workflows/check-measurements-reproducibility.yml b/.github/workflows/check-measurements-reproducibility.yml index dede0918a..ce8093c38 100644 --- a/.github/workflows/check-measurements-reproducibility.yml +++ b/.github/workflows/check-measurements-reproducibility.yml @@ -13,7 +13,7 @@ on: jobs: check-reproducibility: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 856048fab..c4c28c1be 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -52,7 +52,7 @@ jobs: e2e-test: name: E2E Test Windows - runs-on: windows-2022 + runs-on: windows-2025 needs: build-cli steps: - name: Checkout