Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-11-08 14:54:51 -05:00
Code Issues Projects Releases Packages Wiki Activity

deps: update GitHub action dependencies

Browse source
This commit is contained in:
renovate[bot] 2025-10-21 07:24:05 +00:00 committed by GitHub
parent d02c256130
commit 9f2a73bf15
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
56 changed files with 147 additions and 147 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/actions/artifact_download/action.yml vendored
View file

@ -28,7 +28,7 @@ runs:
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
- name: Download the artifact
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ inputs.name }}
path: ${{ steps.tempdir.outputs.directory }}

2
.github/actions/build_cli/action.yml vendored
View file

@ -77,7 +77,7 @@ runs:
- name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- name: Install Rekor
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''

4
.github/actions/cdbg_deploy/action.yml vendored
View file

@ -61,7 +61,7 @@ runs:
- name: Login to AWS (IAM service principal)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1
@ -80,7 +80,7 @@ runs:
- name: Login to AWS (Cluster service principal)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/actions/check_measurements_reproducibility/action.yml vendored
View file

@ -15,7 +15,7 @@ runs:
using: "composite"
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref }}
path: ./release

2
.github/actions/constellation_destroy/action.yml vendored
View file

@ -67,7 +67,7 @@ runs:
- name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/actions/constellation_iam_destroy/action.yml vendored
View file

@ -23,7 +23,7 @@ runs:
- name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1

2
.github/actions/container_sbom/action.yml vendored
View file

@ -19,7 +19,7 @@ runs:
steps:
- name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- name: Download Syft & Grype
uses: ./.github/actions/install_syft_grype

20
.github/actions/download_release_binaries/action.yml vendored
View file

@ -5,51 +5,51 @@ runs:
using: "composite"
steps:
- name: Download CLI binaries darwin-amd64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation-darwin-amd64
- name: Download CLI binaries darwin-arm64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation-darwin-arm64
- name: Download CLI binaries linux-amd64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation-linux-amd64
- name: Download CLI binaries linux-arm64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation-linux-arm64
- name: Download CLI binaries windows-amd64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation-windows-amd64
- name: Download Terraform module
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: terraform-module
- name: Download Terraform provider binary darwin-amd64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: terraform-provider-constellation-darwin-amd64
- name: Download Terraform provider binary darwin-arm64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: terraform-provider-constellation-darwin-arm64
- name: Download Terraform provider binary linux-amd64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: terraform-provider-constellation-linux-amd64
- name: Download Terraform provider binary linux-arm64
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: terraform-provider-constellation-linux-arm64

2
.github/actions/e2e_attestationconfigapi/action.yml vendored
View file

@ -19,7 +19,7 @@ runs:
uses: ./.github/actions/setup_bazel_nix
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubTestResourceAPI
aws-region: eu-west-1

6
.github/actions/e2e_benchmark/action.yml vendored
View file

@ -32,7 +32,7 @@ runs:
steps:
- name: Setup python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
with:
python-version: "3.14"
@ -48,7 +48,7 @@ runs:
install kubestr /usr/local/bin
- name: Checkout k8s-bench-suite
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
repository: "edgelesssys/k8s-bench-suite"
@ -166,7 +166,7 @@ runs:
encryptionSecret: ${{ inputs.encryptionSecret }}
- name: Assume AWS role to retrieve and update benchmarks in S3
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks
aws-region: us-east-2

2
.github/actions/e2e_cleanup_timeframe/action.yml vendored
View file

@ -22,7 +22,7 @@ runs:
using: "composite"
steps:
- name: Authenticate AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
aws-region: eu-central-1

2
.github/actions/e2e_sonobuoy/action.yml vendored
View file

@ -70,7 +70,7 @@ runs:
- name: Publish test results
if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e')
uses: mikepenz/action-junit-report@3585e9575db828022551b4231f165eb59a0e74e3 # v5.6.2
uses: mikepenz/action-junit-report@5b7ee5a21e8674b695313d769f3cbdfd5d4d53a4 # v6.0.0
with:
report_paths: "**/junit_01.xml"
fail_on_failure: true

4
.github/actions/e2e_test/action.yml vendored
View file

@ -229,7 +229,7 @@ runs:
- name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1
@ -300,7 +300,7 @@ runs:
- name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/actions/e2e_verify/action.yml vendored
View file

@ -82,7 +82,7 @@ runs:
- name: Login to AWS
if: github.ref_name == 'main'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1

6
.github/actions/find_latest_image/action.yml vendored
View file

@ -26,19 +26,19 @@ runs:
steps:
- name: Checkout head
if: inputs.imageVersion == '' && inputs.git-ref == 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.imageVersion == '' && inputs.git-ref != 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.git-ref }}
- name: Login to AWS
if: inputs.imageVersion == ''
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1

4
.github/actions/login_gcp/action.yml vendored
View file

@ -20,11 +20,11 @@ runs:
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
- name: Authorize GCP access
uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2.1.13
uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
with:
workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider
service_account: ${{ inputs.service_account }}
# Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil.
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2.2.1
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1

2
.github/actions/publish_helmchart/action.yml vendored
View file

@ -13,7 +13,7 @@ runs:
using: "composite"
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: edgelesssys/helm
ref: main

2
.github/actions/select_image/action.yml vendored
View file

@ -18,7 +18,7 @@ runs:
using: "composite"
steps:
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1

2
.github/workflows/assign_reviewer.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]'
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Pick assignee
id: pick-assignee
uses: ./.github/actions/pick_assignee

4
.github/workflows/aws-snp-launchmeasurement.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.head_ref }}
path: constellation
@ -44,7 +44,7 @@ jobs:
echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT"
popd || exit 1
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: virtee/sev-snp-measure-go.git
ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8

2
.github/workflows/build-binaries.yml vendored
View file

@ -22,7 +22,7 @@ jobs:
runs-on: [arc-runner-set]
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

10
.github/workflows/build-ccm-gcp.yml vendored
View file

@ -19,17 +19,17 @@ jobs:
latest: ${{ steps.find-latest.outputs.latest }}
steps:
- name: Checkout Constellation
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Checkout kubernetes/cloud-provider-gcp
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: "kubernetes/cloud-provider-gcp"
path: "cloud-provider-gcp"
fetch-depth: 0
- name: Setup Go environment
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version: "1.24.3"
cache: false
@ -65,10 +65,10 @@ jobs:
version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }}
steps:
- name: Checkout Constellation
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Checkout kubernetes/cloud-provider-gcp
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: "kubernetes/cloud-provider-gcp"
path: "cloud-provider-gcp"

4
.github/workflows/build-gcp-guest-agent.yml vendored
View file

@ -69,7 +69,7 @@ jobs:
- name: Checkout GoogleCloudPlatform/guest-agent
if: steps.needs-build.outputs.out == 'true'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: "GoogleCloudPlatform/guest-agent"
ref: refs/tags/${{ steps.latest-release.outputs.latest }}
@ -77,7 +77,7 @@ jobs:
- name: Checkout Constellation
if: steps.needs-build.outputs.out == 'true'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
path: "constellation"
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

2
.github/workflows/build-libvirt-container.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
packages: write
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup bazel
uses: ./.github/actions/setup_bazel_nix

2
.github/workflows/build-logcollector-images.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

6
.github/workflows/build-os-image-scheduled.yml vendored
View file

@ -59,13 +59,13 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.CI_COMMIT_PUSH_PR }}
- name: Setup Go environment
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version: "1.24.3"
cache: false
@ -120,7 +120,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.head_ref }}

6
.github/workflows/build-os-image.yml vendored
View file

@ -59,7 +59,7 @@ jobs:
cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -138,7 +138,7 @@ jobs:
contents: read
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -147,7 +147,7 @@ jobs:
useCache: "false"
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1

2
.github/workflows/check-links.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

2
.github/workflows/check-measurements-reproducibility.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.ref }}

8
.github/workflows/codeql.yml vendored
View file

@ -34,17 +34,17 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup Go environment
if: matrix.language == 'go'
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version: "1.24.3"
cache: false
- name: Initialize CodeQL
uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
with:
languages: ${{ matrix.language }}
@ -63,6 +63,6 @@ jobs:
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
with:
category: "/language:${{ matrix.language }}"

2
.github/workflows/docs-vale.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
# Work around https://github.com/errata-ai/vale-action/issues/128.

30
.github/workflows/draft-release.yml vendored
View file

@ -72,7 +72,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -133,7 +133,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -169,7 +169,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -187,7 +187,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -219,7 +219,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -227,7 +227,7 @@ jobs:
uses: ./.github/actions/download_release_binaries
- name: Download CLI SBOM
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation.spdx.sbom
@ -256,12 +256,12 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
- name: Install Cosign
uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
- name: Download Syft & Grype
uses: ./.github/actions/install_syft_grype
@ -332,7 +332,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -340,12 +340,12 @@ jobs:
uses: ./.github/actions/download_release_binaries
- name: Download CLI SBOM
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation.spdx.sbom
- name: Download provenance
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ needs.provenance.outputs.provenance-name }}
@ -405,7 +405,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -418,17 +418,17 @@ jobs:
uses: ./.github/actions/download_release_binaries
- name: Download CLI SBOM
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation.spdx.sbom
- name: Download Constellation CLI SBOM's signature
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation.spdx.sbom.sig
- name: Download Constellation provenance
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: ${{ needs.provenance.outputs.provenance-name }}

2
.github/workflows/e2e-attestationconfigapi.yml vendored
View file

@ -26,7 +26,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
# Don't trigger in forks, use head on pull requests, use default otherwise.
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }}

2
.github/workflows/e2e-cleanup.yml vendored
View file

@ -14,7 +14,7 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Cleanup
uses: ./.github/actions/e2e_cleanup_timeframe

2
.github/workflows/e2e-mini.yml vendored
View file

@ -29,7 +29,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }}

6
.github/workflows/e2e-test-daily.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -59,7 +59,7 @@ jobs:
needs: [find-latest-image]
steps:
- name: Check out repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -159,7 +159,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

4
.github/workflows/e2e-test-provider-example.yml vendored
View file

@ -71,7 +71,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.ref || github.head_ref }}
@ -154,7 +154,7 @@ jobs:
- name: Login to AWS (IAM + Cluster role)
if: steps.determine.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
aws-region: eu-central-1

4
.github/workflows/e2e-test-release.yml vendored
View file

@ -146,7 +146,7 @@ jobs:
run: brew install coreutils kubectl bash
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ inputs.ref || github.head_ref }}
@ -162,7 +162,7 @@ jobs:
- name: Set up gcloud CLI (macOS)
if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2.2.1
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
- name: Run E2E test
id: e2e_test

4
.github/workflows/e2e-test-stackit.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -53,7 +53,7 @@ jobs:
needs: [find-latest-image]
steps:
- name: Check out repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

6
.github/workflows/e2e-test-weekly.yml vendored
View file

@ -22,7 +22,7 @@ jobs:
image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -350,7 +350,7 @@ jobs:
needs: [find-latest-image]
steps:
- name: Check out repository
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -475,7 +475,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

10
.github/workflows/e2e-test.yml vendored
View file

@ -184,13 +184,13 @@ jobs:
steps:
- name: Checkout head
if: inputs.git-ref == 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.git-ref != 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.git-ref }}
@ -221,19 +221,19 @@ jobs:
- name: Checkout head
if: inputs.git-ref == 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.git-ref != 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.git-ref }}
- name: Set up gcloud CLI (macOS)
if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2.2.1
uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1
- name: Run manual E2E test
id: e2e_test

20
.github/workflows/e2e-upgrade.yml vendored
View file

@ -147,14 +147,14 @@ jobs:
steps:
- name: Checkout
if: inputs.gitRef == 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.gitRef != 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ inputs.gitRef }}
@ -232,14 +232,14 @@ jobs:
steps:
- name: Checkout
if: inputs.gitRef == 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.gitRef != 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ inputs.gitRef }}
@ -274,7 +274,7 @@ jobs:
path: build/constellation
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1
@ -296,7 +296,7 @@ jobs:
- name: Login to AWS (IAM role)
if: needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1
@ -347,7 +347,7 @@ jobs:
- name: Login to AWS (Cluster role)
if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1
@ -411,20 +411,20 @@ jobs:
steps:
- name: Checkout
if: inputs.gitRef == 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.gitRef != 'head'
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ inputs.gitRef }}
- name: Download CLI
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: constellation-upgrade-${{ inputs.attestationVariant }}
path: build

8
.github/workflows/e2e-windows.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
packages: write
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -56,12 +56,12 @@ jobs:
needs: build-cli
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download CLI artifact
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
name: "constell-exe"
@ -186,7 +186,7 @@ jobs:
inputs.scheduled
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

10
.github/workflows/on-release.yml vendored
View file

@ -26,7 +26,7 @@ jobs:
WORKING_BRANCH: ${{ env.WORKING_BRANCH }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0 # fetch all history
@ -49,7 +49,7 @@ jobs:
latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Override latest
if: github.event.inputs.latest == 'true'
@ -123,7 +123,7 @@ jobs:
contents: write
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Remove temporary branch
run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}"
@ -137,12 +137,12 @@ jobs:
contents: read
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: ./.github/actions/setup_bazel_nix
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1

4
.github/workflows/purge-main.yml vendored
View file

@ -18,12 +18,12 @@ jobs:
contents: read
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.head_ref }}
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1

14
.github/workflows/release.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }}
WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }}
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Working branch
run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV"
@ -84,7 +84,7 @@ jobs:
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: main
@ -147,7 +147,7 @@ jobs:
WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
@ -185,7 +185,7 @@ jobs:
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
@ -245,7 +245,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
@ -266,12 +266,12 @@ jobs:
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
- name: Setup Go environment
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version: "1.24.3"
cache: true

12
.github/workflows/reproducible-builds.yml vendored
View file

@ -40,7 +40,7 @@ jobs:
runs-on: ${{ matrix.runner }}
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -120,7 +120,7 @@ jobs:
sudo apt-get remove -y apparmor
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -170,12 +170,12 @@ jobs:
- "cli_enterprise_windows_amd64"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download binaries
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
pattern: "binaries-${{ matrix.target }}-*"
merge-multiple: true
@ -204,12 +204,12 @@ jobs:
- "gcp_gcp-sev-snp_nightly"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Download os images
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
with:
pattern: "osimages-${{ matrix.target }}-*"
merge-multiple: true

4
.github/workflows/scorecard.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@ -37,6 +37,6 @@ jobs:
retention-days: 5
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
with:
sarif_file: results.sarif

4
.github/workflows/sync-terraform-docs.yml vendored
View file

@ -18,14 +18,14 @@ jobs:
pull-requests: write
steps:
- name: Checkout constellation repo
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
fetch-depth: 0
path: constellation
- name: Checkout terraform-provider-constellation repo
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: edgelesssys/terraform-provider-constellation
ref: main

2
.github/workflows/test-integration.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
CTEST_OUTPUT_ON_FAILURE: True
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

4
.github/workflows/test-operator-codegen.yml vendored
View file

@ -21,12 +21,12 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Setup Go environment
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
with:
go-version: "1.24.3"
cache: true

2
.github/workflows/test-tfsec.yml vendored
View file

@ -23,7 +23,7 @@ jobs:
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

4
.github/workflows/test-tidy.yml vendored
View file

@ -17,7 +17,7 @@ jobs:
contents: read
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
# No token available for forks, so we can't push changes
@ -37,7 +37,7 @@ jobs:
- name: Assume AWS role to upload Bazel dependencies to S3
if: startsWith(github.head_ref, 'renovate/')
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1

4
.github/workflows/test-unittest.yml vendored
View file

@ -30,7 +30,7 @@ jobs:
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
fetch-depth: 0
@ -49,7 +49,7 @@ jobs:
rm -rf awscliv2.zip aws
- name: Login to AWS (IAM role)
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionGocoverage
aws-region: eu-central-1

4
.github/workflows/update-rpms.yml vendored
View file

@ -13,12 +13,12 @@ jobs:
contents: read
steps:
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
token: ${{ secrets.CI_COMMIT_PUSH_PR }}
- name: Assume AWS role to upload Bazel dependencies to S3
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1

8
.github/workflows/versionsapi.yml vendored
View file

@ -115,7 +115,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
@ -149,21 +149,21 @@ jobs:
- name: Login to AWS without write access
if: steps.check-rights.outputs.write == 'false'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1
- name: Login to AWS with write access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite
aws-region: eu-central-1
- name: Login to AWS with write and image remove access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true'
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove
aws-region: eu-central-1