Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-11 23:49:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

deps: update GitHub action dependencies (#3507)

Browse Source 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot] 2024-11-28 16:15:26 +01:00 committed by GitHub
parent 6dbb8ac56a
commit 8f3d6c42f2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
47 changed files with 125 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/artifact_upload/action.yml vendored
View File

@ -69,7 +69,7 @@ runs:
done done
- name: Upload archive as artifact - name: Upload archive as artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: ${{ inputs.name }} name: ${{ inputs.name }}
path: ${{ steps.tempdir.outputs.directory }}/archive.7z path: ${{ steps.tempdir.outputs.directory }}/archive.7z

2
.github/actions/build_cli/action.yml vendored
View File

@ -79,7 +79,7 @@ runs:
# once it has the functionality # once it has the functionality
- name: Install Cosign - name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Install Rekor - name: Install Rekor
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''

4
.github/actions/build_micro_service/action.yml vendored
View File

@ -42,7 +42,7 @@ runs:
- name: Docker metadata - name: Docker metadata
id: meta id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with: with:
images: | images: |
ghcr.io/${{ github.repository }}/${{ inputs.name }} ghcr.io/${{ github.repository }}/${{ inputs.name }}
@ -62,7 +62,7 @@ runs:
- name: Build and push container image - name: Build and push container image
id: build-micro-service id: build-micro-service
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with: with:
context: . context: .
file: ${{ inputs.dockerfile }} file: ${{ inputs.dockerfile }}

2
.github/actions/container_sbom/action.yml vendored
View File

@ -19,7 +19,7 @@ runs:
steps: steps:
- name: Install Cosign - name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Download Syft & Grype - name: Download Syft & Grype
uses: ./.github/actions/install_syft_grype uses: ./.github/actions/install_syft_grype

4
.github/actions/e2e_benchmark/action.yml vendored
View File

@ -32,7 +32,7 @@ runs:
steps: steps:
- name: Setup python - name: Setup python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with: with:
python-version: "3.10" python-version: "3.10"
@ -48,7 +48,7 @@ runs:
install kubestr /usr/local/bin install kubestr /usr/local/bin
- name: Checkout k8s-bench-suite - name: Checkout k8s-bench-suite
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
repository: "edgelesssys/k8s-bench-suite" repository: "edgelesssys/k8s-bench-suite"

2
.github/actions/e2e_mini/action.yml vendored
View File

@ -25,7 +25,7 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Install terraform - name: Install terraform
uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with: with:
terraform_wrapper: false terraform_wrapper: false

4
.github/actions/find_latest_image/action.yml vendored
View File

@ -26,13 +26,13 @@ runs:
steps: steps:
- name: Checkout head - name: Checkout head
if: inputs.imageVersion == '' && inputs.git-ref == 'head' if: inputs.imageVersion == '' && inputs.git-ref == 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref - name: Checkout ref
if: inputs.imageVersion == '' && inputs.git-ref != 'head' if: inputs.imageVersion == '' && inputs.git-ref != 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.git-ref }} ref: ${{ inputs.git-ref }}

2
.github/actions/login_azure/action.yml vendored
View File

@ -10,6 +10,6 @@ runs:
# As described at: # As described at:
# https://github.com/Azure/login#configure-deployment-credentials # https://github.com/Azure/login#configure-deployment-credentials
- name: Login to Azure - name: Login to Azure
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with: with:
creds: ${{ inputs.azure_credentials }} creds: ${{ inputs.azure_credentials }}

4
.github/actions/login_gcp/action.yml vendored
View File

@ -20,11 +20,11 @@ runs:
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV" echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
- name: Authorize GCP access - name: Authorize GCP access
uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
with: with:
workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider
service_account: ${{ inputs.service_account }} service_account: ${{ inputs.service_account }}
# Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil. # Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil.
- name: Set up Cloud SDK - name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2

2
.github/actions/publish_helmchart/action.yml vendored
View File

@ -13,7 +13,7 @@ runs:
using: "composite" using: "composite"
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: edgelesssys/helm repository: edgelesssys/helm
ref: main ref: main

2
.github/actions/upload_terraform_module/action.yml vendored
View File

@ -15,7 +15,7 @@ runs:
zip -r terraform-module.zip terraform-module zip -r terraform-module.zip terraform-module
- name: Upload artifact - name: Upload artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: terraform-module name: terraform-module
path: terraform-module.zip path: terraform-module.zip

2
.github/workflows/assign_reviewer.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]' if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]'
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Pick assignee - name: Pick assignee
id: pick-assignee id: pick-assignee
uses: ./.github/actions/pick_assignee uses: ./.github/actions/pick_assignee

4
.github/workflows/aws-snp-launchmeasurement.yml vendored
View File

@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ github.head_ref }} ref: ${{ github.head_ref }}
path: constellation path: constellation
@ -44,7 +44,7 @@ jobs:
echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT"
popd || exit 1 popd || exit 1
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: virtee/sev-snp-measure-go.git repository: virtee/sev-snp-measure-go.git
ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8 ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8

2
.github/workflows/build-binaries.yml vendored
View File

@ -22,7 +22,7 @@ jobs:
runs-on: [arc-runner-set] runs-on: [arc-runner-set]
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

14
.github/workflows/build-ccm-gcp.yml vendored
View File

@ -19,17 +19,17 @@ jobs:
latest: ${{ steps.find-latest.outputs.latest }} latest: ${{ steps.find-latest.outputs.latest }}
steps: steps:
- name: Checkout Constellation - name: Checkout Constellation
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Checkout kubernetes/cloud-provider-gcp - name: Checkout kubernetes/cloud-provider-gcp
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: "kubernetes/cloud-provider-gcp" repository: "kubernetes/cloud-provider-gcp"
path: "cloud-provider-gcp" path: "cloud-provider-gcp"
fetch-depth: 0 fetch-depth: 0
- name: Setup Go environment - name: Setup Go environment
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with: with:
go-version: "1.23.2" go-version: "1.23.2"
cache: false cache: false
@ -65,10 +65,10 @@ jobs:
version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }} version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }}
steps: steps:
- name: Checkout Constellation - name: Checkout Constellation
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Checkout kubernetes/cloud-provider-gcp - name: Checkout kubernetes/cloud-provider-gcp
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: "kubernetes/cloud-provider-gcp" repository: "kubernetes/cloud-provider-gcp"
path: "cloud-provider-gcp" path: "cloud-provider-gcp"
@ -76,7 +76,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with: with:
images: | images: |
ghcr.io/edgelesssys/cloud-provider-gcp ghcr.io/edgelesssys/cloud-provider-gcp
@ -113,7 +113,7 @@ jobs:
- name: Build and push container image - name: Build and push container image
id: build id: build
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with: with:
context: ./cloud-provider-gcp context: ./cloud-provider-gcp
push: ${{ github.ref_name == 'main' }} push: ${{ github.ref_name == 'main' }}

8
.github/workflows/build-gcp-guest-agent.yml vendored
View File

@ -69,7 +69,7 @@ jobs:
- name: Checkout GoogleCloudPlatform/guest-agent - name: Checkout GoogleCloudPlatform/guest-agent
if: steps.needs-build.outputs.out == 'true' if: steps.needs-build.outputs.out == 'true'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: "GoogleCloudPlatform/guest-agent" repository: "GoogleCloudPlatform/guest-agent"
ref: refs/tags/${{ steps.latest-release.outputs.latest }} ref: refs/tags/${{ steps.latest-release.outputs.latest }}
@ -77,7 +77,7 @@ jobs:
- name: Checkout Constellation - name: Checkout Constellation
if: steps.needs-build.outputs.out == 'true' if: steps.needs-build.outputs.out == 'true'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
path: "constellation" path: "constellation"
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -85,7 +85,7 @@ jobs:
- name: Docker meta - name: Docker meta
id: meta id: meta
if: steps.needs-build.outputs.out == 'true' if: steps.needs-build.outputs.out == 'true'
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with: with:
images: | images: |
${{ env.REGISTRY }}/edgelesssys/gcp-guest-agent ${{ env.REGISTRY }}/edgelesssys/gcp-guest-agent
@ -114,7 +114,7 @@ jobs:
- name: Build and push container image - name: Build and push container image
if: steps.needs-build.outputs.out == 'true' if: steps.needs-build.outputs.out == 'true'
id: build id: build
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with: with:
context: ./guest-agent context: ./guest-agent
file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile

2
.github/workflows/build-libvirt-container.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
packages: write packages: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup bazel - name: Setup bazel
uses: ./.github/actions/setup_bazel_nix uses: ./.github/actions/setup_bazel_nix

2
.github/workflows/build-logcollector-images.yml vendored
View File

@ -20,7 +20,7 @@ jobs:
steps: steps:
- name: Check out repository - name: Check out repository
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

6
.github/workflows/build-os-image-scheduled.yml vendored
View File

@ -59,13 +59,13 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ github.head_ref }} ref: ${{ github.head_ref }}
token: ${{ secrets.CI_COMMIT_PUSH_PR }} token: ${{ secrets.CI_COMMIT_PUSH_PR }}
- name: Setup Go environment - name: Setup Go environment
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with: with:
go-version: "1.23.2" go-version: "1.23.2"
cache: false cache: false
@ -120,7 +120,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ github.head_ref }} ref: ${{ github.head_ref }}

4
.github/workflows/build-os-image.yml vendored
View File

@ -59,7 +59,7 @@ jobs:
cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }} cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -138,7 +138,7 @@ jobs:
contents: read contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}

4
.github/workflows/check-links.yml vendored
View File

@ -20,12 +20,12 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Link Checker - name: Link Checker
uses: lycheeverse/lychee-action@7da8ec1fc4e01b5a12062ac6c589c10a4ce70d67 # v2.0.0 uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0
with: with:
args: "--config ./.lychee.toml './**/*.md' './**/*.html'" args: "--config ./.lychee.toml './**/*.md' './**/*.html'"
fail: true fail: true

8
.github/workflows/codeql.yml vendored
View File

@ -34,17 +34,17 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go environment - name: Setup Go environment
if: matrix.language == 'go' if: matrix.language == 'go'
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with: with:
go-version: "1.23.2" go-version: "1.23.2"
cache: false cache: false
- name: Initialize CodeQL - name: Initialize CodeQL
uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with: with:
languages: ${{ matrix.language }} languages: ${{ matrix.language }}
@ -63,6 +63,6 @@ jobs:
echo "::endgroup::" echo "::endgroup::"
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with: with:
category: "/language:${{ matrix.language }}" category: "/language:${{ matrix.language }}"

4
.github/workflows/docs-vale.yml vendored
View File

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
# Work around https://github.com/errata-ai/vale-action/issues/128. # Work around https://github.com/errata-ai/vale-action/issues/128.
@ -25,7 +25,7 @@ jobs:
python3 -m venv "$venv" python3 -m venv "$venv"
echo "$venv/bin" >> "$GITHUB_PATH" echo "$venv/bin" >> "$GITHUB_PATH"
- name: Vale - name: Vale
uses: errata-ai/vale-action@91ac403e8d26f5aa1b3feaa86ca63065936a85b6 # tag=reviewdog uses: errata-ai/vale-action@2690bc95f0ed3cb5220492575af09c51b04fbea9 # tag=reviewdog
with: with:
files: docs/docs files: docs/docs
fail_on_error: true fail_on_error: true

34
.github/workflows/draft-release.yml vendored
View File

@ -72,7 +72,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -92,7 +92,7 @@ jobs:
cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Upload CLI as artifact (unix) - name: Upload CLI as artifact (unix)
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if : ${{ matrix.os != 'windows' }} if : ${{ matrix.os != 'windows' }}
with: with:
name: constellation-${{ matrix.os }}-${{ matrix.arch }} name: constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -101,7 +101,7 @@ jobs:
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig
- name: Upload CLI as artifact (windows) - name: Upload CLI as artifact (windows)
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if : ${{ matrix.os == 'windows' }} if : ${{ matrix.os == 'windows' }}
with: with:
name: constellation-${{ matrix.os }}-${{ matrix.arch }} name: constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -133,7 +133,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -149,7 +149,7 @@ jobs:
targetArch: ${{ matrix.arch }} targetArch: ${{ matrix.arch }}
- name: Upload Terraform Provider Binary as artifact (unix) - name: Upload Terraform Provider Binary as artifact (unix)
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if : ${{ matrix.os != 'windows' }} if : ${{ matrix.os != 'windows' }}
with: with:
name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -157,7 +157,7 @@ jobs:
build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
- name: Upload Terraform Provider Binary as artifact (windows) - name: Upload Terraform Provider Binary as artifact (windows)
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if : ${{ matrix.os == 'windows' }} if : ${{ matrix.os == 'windows' }}
with: with:
name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -169,7 +169,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -187,7 +187,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -219,7 +219,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -256,12 +256,12 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
- name: Install Cosign - name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Download Syft & Grype - name: Download Syft & Grype
uses: ./.github/actions/install_syft_grype uses: ./.github/actions/install_syft_grype
@ -296,13 +296,13 @@ jobs:
COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Upload Constellation CLI SBOM - name: Upload Constellation CLI SBOM
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: constellation.spdx.sbom name: constellation.spdx.sbom
path: constellation.spdx.sbom path: constellation.spdx.sbom
- name: Upload Constellation CLI SBOM's signature - name: Upload Constellation CLI SBOM's signature
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: constellation.spdx.sbom.sig name: constellation.spdx.sbom.sig
path: constellation.spdx.sbom.sig path: constellation.spdx.sbom.sig
@ -332,7 +332,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -405,7 +405,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -472,7 +472,7 @@ jobs:
- name: Create release with artifacts - name: Create release with artifacts
id: create-release id: create-release
# GitHub endorsed release project. See: https://github.com/actions/create-release # GitHub endorsed release project. See: https://github.com/actions/create-release
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with: with:
draft: true draft: true
generate_release_notes: true generate_release_notes: true
@ -487,7 +487,7 @@ jobs:
terraform-module.zip terraform-module.zip
- name: Create Terraform provider release with artifcats - name: Create Terraform provider release with artifcats
uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
with: with:
draft: true draft: true
generate_release_notes: false generate_release_notes: false

2
.github/workflows/e2e-attestationconfigapi.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
# Don't trigger in forks, use head on pull requests, use default otherwise. # Don't trigger in forks, use head on pull requests, use default otherwise.
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }}

2
.github/workflows/e2e-cleanup-weekly.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
id-token: write id-token: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Cleanup - name: Cleanup
uses: ./.github/actions/e2e_cleanup_timeframe uses: ./.github/actions/e2e_cleanup_timeframe

4
.github/workflows/e2e-mini.yml vendored
View File

@ -29,12 +29,12 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }} ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with: with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}

8
.github/workflows/e2e-test-daily.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -59,7 +59,7 @@ jobs:
needs: [find-latest-image] needs: [find-latest-image]
steps: steps:
- name: Check out repository - name: Check out repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -159,12 +159,12 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with: with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}

2
.github/workflows/e2e-test-provider-example.yml vendored
View File

@ -71,7 +71,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}

4
.github/workflows/e2e-test-release.yml vendored
View File

@ -326,7 +326,7 @@ jobs:
run: brew install coreutils kubectl bash run: brew install coreutils kubectl bash
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ inputs.ref || github.head_ref }} ref: ${{ inputs.ref || github.head_ref }}
@ -342,7 +342,7 @@ jobs:
- name: Set up gcloud CLI (macOS) - name: Set up gcloud CLI (macOS)
if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS' if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
- name: Run E2E test - name: Run E2E test
id: e2e_test id: e2e_test

8
.github/workflows/e2e-test-weekly.yml vendored
View File

@ -22,7 +22,7 @@ jobs:
image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -323,7 +323,7 @@ jobs:
needs: [find-latest-image] needs: [find-latest-image]
steps: steps:
- name: Check out repository - name: Check out repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -448,12 +448,12 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
with: with:
client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }}

10
.github/workflows/e2e-test.yml vendored
View File

@ -175,13 +175,13 @@ jobs:
steps: steps:
- name: Checkout head - name: Checkout head
if: inputs.git-ref == 'head' if: inputs.git-ref == 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref - name: Checkout ref
if: inputs.git-ref != 'head' if: inputs.git-ref != 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.git-ref }} ref: ${{ inputs.git-ref }}
@ -212,19 +212,19 @@ jobs:
- name: Checkout head - name: Checkout head
if: inputs.git-ref == 'head' if: inputs.git-ref == 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref - name: Checkout ref
if: inputs.git-ref != 'head' if: inputs.git-ref != 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ inputs.git-ref }} ref: ${{ inputs.git-ref }}
- name: Set up gcloud CLI (macOS) - name: Set up gcloud CLI (macOS)
if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS' if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
- name: Run manual E2E test - name: Run manual E2E test
id: e2e_test id: e2e_test

14
.github/workflows/e2e-upgrade.yml vendored
View File

@ -147,14 +147,14 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
if: inputs.gitRef == 'head' if: inputs.gitRef == 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref - name: Checkout ref
if: inputs.gitRef != 'head' if: inputs.gitRef != 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ inputs.gitRef }} ref: ${{ inputs.gitRef }}
@ -232,14 +232,14 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
if: inputs.gitRef == 'head' if: inputs.gitRef == 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref - name: Checkout ref
if: inputs.gitRef != 'head' if: inputs.gitRef != 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ inputs.gitRef }} ref: ${{ inputs.gitRef }}
@ -268,7 +268,7 @@ jobs:
push: true push: true
- name: Upload CLI binary # is needed for the cleanup step - name: Upload CLI binary # is needed for the cleanup step
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: constellation-upgrade-${{ inputs.attestationVariant }} name: constellation-upgrade-${{ inputs.attestationVariant }}
path: build/constellation path: build/constellation
@ -411,14 +411,14 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
if: inputs.gitRef == 'head' if: inputs.gitRef == 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref - name: Checkout ref
if: inputs.gitRef != 'head' if: inputs.gitRef != 'head'
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 fetch-depth: 0
ref: ${{ inputs.gitRef }} ref: ${{ inputs.gitRef }}

8
.github/workflows/e2e-windows.yml vendored
View File

@ -21,7 +21,7 @@ jobs:
packages: write packages: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -45,7 +45,7 @@ jobs:
push: true push: true
- name: Upload CLI artifact - name: Upload CLI artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
path: build/constellation.exe path: build/constellation.exe
name: "constell-exe" name: "constell-exe"
@ -56,7 +56,7 @@ jobs:
needs: build-cli needs: build-cli
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -186,7 +186,7 @@ jobs:
inputs.scheduled inputs.scheduled
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

8
.github/workflows/on-release.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
WORKING_BRANCH: ${{ env.WORKING_BRANCH }} WORKING_BRANCH: ${{ env.WORKING_BRANCH }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
fetch-depth: 0 # fetch all history fetch-depth: 0 # fetch all history
@ -49,7 +49,7 @@ jobs:
latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Override latest - name: Override latest
if: github.event.inputs.latest == 'true' if: github.event.inputs.latest == 'true'
@ -123,7 +123,7 @@ jobs:
contents: write contents: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Remove temporary branch - name: Remove temporary branch
run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}" run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}"
@ -137,7 +137,7 @@ jobs:
contents: read contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/setup_bazel_nix - uses: ./.github/actions/setup_bazel_nix

2
.github/workflows/purge-main.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
contents: read contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ github.head_ref }} ref: ${{ github.head_ref }}

12
.github/workflows/release.yml vendored
View File

@ -33,7 +33,7 @@ jobs:
RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }} RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }}
WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }} WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Working branch - name: Working branch
run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV"
@ -84,7 +84,7 @@ jobs:
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: main ref: main
@ -147,7 +147,7 @@ jobs:
WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
@ -185,7 +185,7 @@ jobs:
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
@ -250,12 +250,12 @@ jobs:
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
- name: Setup Go environment - name: Setup Go environment
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with: with:
go-version: "1.23.2" go-version: "1.23.2"
cache: true cache: true

16
.github/workflows/reproducible-builds.yml vendored
View File

@ -37,7 +37,7 @@ jobs:
runs-on: ${{ matrix.runner }} runs-on: ${{ matrix.runner }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -77,13 +77,13 @@ jobs:
run: shasum -a 256 "${binary}" | tee "${binary}.sha256" run: shasum -a 256 "${binary}" | tee "${binary}.sha256"
- name: Upload binary artifact - name: Upload binary artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: "binaries-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" name: "binaries-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}"
path: "${{ env.binary }}" path: "${{ env.binary }}"
- name: Upload hash artifact - name: Upload hash artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}"
path: "${{ env.binary }}.sha256" path: "${{ env.binary }}.sha256"
@ -116,7 +116,7 @@ jobs:
sudo apt-get remove -y apparmor sudo apt-get remove -y apparmor
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -142,13 +142,13 @@ jobs:
run: shasum -a 256 "${binary}" | tee "${binary}.sha256" run: shasum -a 256 "${binary}" | tee "${binary}.sha256"
- name: Upload binary artifact - name: Upload binary artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: "osimages-${{ matrix.target }}-${{ matrix.runner }}" name: "osimages-${{ matrix.target }}-${{ matrix.runner }}"
path: "${{ env.binary }}" path: "${{ env.binary }}"
- name: Upload hash artifact - name: Upload hash artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}" name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
path: "${{ env.binary }}.sha256" path: "${{ env.binary }}.sha256"
@ -166,7 +166,7 @@ jobs:
- "cli_enterprise_windows_amd64" - "cli_enterprise_windows_amd64"
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -200,7 +200,7 @@ jobs:
- "gcp_gcp-sev-snp_nightly" - "gcp_gcp-sev-snp_nightly"
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

6
.github/workflows/scorecard.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
persist-credentials: false persist-credentials: false
@ -30,13 +30,13 @@ jobs:
publish_results: true publish_results: true
- name: Upload artifact - name: Upload artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with: with:
name: SARIF file name: SARIF file
path: results.sarif path: results.sarif
retention-days: 5 retention-days: 5
- name: Upload to code-scanning - name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with: with:
sarif_file: results.sarif sarif_file: results.sarif

4
.github/workflows/sync-terraform-docs.yml vendored
View File

@ -18,14 +18,14 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- name: Checkout constellation repo - name: Checkout constellation repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
fetch-depth: 0 fetch-depth: 0
path: constellation path: constellation
- name: Checkout terraform-provider-constellation repo - name: Checkout terraform-provider-constellation repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
repository: edgelesssys/terraform-provider-constellation repository: edgelesssys/terraform-provider-constellation
ref: main ref: main

2
.github/workflows/test-integration.yml vendored
View File

@ -25,7 +25,7 @@ jobs:
CTEST_OUTPUT_ON_FAILURE: True CTEST_OUTPUT_ON_FAILURE: True
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

4
.github/workflows/test-operator-codegen.yml vendored
View File

@ -21,12 +21,12 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Setup Go environment - name: Setup Go environment
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with: with:
go-version: "1.23.2" go-version: "1.23.2"
cache: true cache: true

2
.github/workflows/test-tfsec.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

2
.github/workflows/test-tidy.yml vendored
View File

@ -17,7 +17,7 @@ jobs:
contents: read contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
# No token available for forks, so we can't push changes # No token available for forks, so we can't push changes

2
.github/workflows/test-unittest.yml vendored
View File

@ -30,7 +30,7 @@ jobs:
pull-requests: write pull-requests: write
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
fetch-depth: 0 fetch-depth: 0

2
.github/workflows/update-rpms.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
contents: read contents: read
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
token: ${{ secrets.CI_COMMIT_PUSH_PR }} token: ${{ secrets.CI_COMMIT_PUSH_PR }}

2
.github/workflows/versionsapi.yml vendored
View File

@ -115,7 +115,7 @@ jobs:
steps: steps:
- name: Check out repository - name: Check out repository
id: checkout id: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}