From 9f2a73bf15dbfb01fd48443b0ccec3e5ef9360ed Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 07:24:05 +0000 Subject: [PATCH] deps: update GitHub action dependencies --- .github/actions/artifact_download/action.yml | 2 +- .github/actions/build_cli/action.yml | 2 +- .github/actions/cdbg_deploy/action.yml | 4 +-- .../action.yml | 2 +- .../actions/constellation_destroy/action.yml | 2 +- .../constellation_iam_destroy/action.yml | 2 +- .github/actions/container_sbom/action.yml | 2 +- .../download_release_binaries/action.yml | 20 ++++++------- .../e2e_attestationconfigapi/action.yml | 2 +- .github/actions/e2e_benchmark/action.yml | 6 ++-- .../actions/e2e_cleanup_timeframe/action.yml | 2 +- .github/actions/e2e_sonobuoy/action.yml | 2 +- .github/actions/e2e_test/action.yml | 4 +-- .github/actions/e2e_verify/action.yml | 2 +- .github/actions/find_latest_image/action.yml | 6 ++-- .github/actions/login_gcp/action.yml | 4 +-- .github/actions/publish_helmchart/action.yml | 2 +- .github/actions/select_image/action.yml | 2 +- .github/workflows/assign_reviewer.yml | 2 +- .../workflows/aws-snp-launchmeasurement.yml | 4 +-- .github/workflows/build-binaries.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 10 +++---- .github/workflows/build-gcp-guest-agent.yml | 4 +-- .github/workflows/build-libvirt-container.yml | 2 +- .../workflows/build-logcollector-images.yml | 2 +- .../workflows/build-os-image-scheduled.yml | 6 ++-- .github/workflows/build-os-image.yml | 6 ++-- .github/workflows/check-links.yml | 2 +- .../check-measurements-reproducibility.yml | 2 +- .github/workflows/codeql.yml | 8 ++--- .github/workflows/docs-vale.yml | 2 +- .github/workflows/draft-release.yml | 30 +++++++++---------- .../workflows/e2e-attestationconfigapi.yml | 2 +- .github/workflows/e2e-cleanup.yml | 2 +- .github/workflows/e2e-mini.yml | 2 +- .github/workflows/e2e-test-daily.yml | 6 ++-- .../workflows/e2e-test-provider-example.yml | 4 +-- .github/workflows/e2e-test-release.yml | 4 +-- .github/workflows/e2e-test-stackit.yml | 4 +-- .github/workflows/e2e-test-weekly.yml | 6 ++-- .github/workflows/e2e-test.yml | 10 +++---- .github/workflows/e2e-upgrade.yml | 20 ++++++------- .github/workflows/e2e-windows.yml | 8 ++--- .github/workflows/on-release.yml | 10 +++---- .github/workflows/purge-main.yml | 4 +-- .github/workflows/release.yml | 14 ++++----- .github/workflows/reproducible-builds.yml | 12 ++++---- .github/workflows/scorecard.yml | 4 +-- .github/workflows/sync-terraform-docs.yml | 4 +-- .github/workflows/test-integration.yml | 2 +- .github/workflows/test-operator-codegen.yml | 4 +-- .github/workflows/test-tfsec.yml | 2 +- .github/workflows/test-tidy.yml | 4 +-- .github/workflows/test-unittest.yml | 4 +-- .github/workflows/update-rpms.yml | 4 +-- .github/workflows/versionsapi.yml | 8 ++--- 56 files changed, 147 insertions(+), 147 deletions(-) diff --git a/.github/actions/artifact_download/action.yml b/.github/actions/artifact_download/action.yml index e3cf3d1f8..813b8706f 100644 --- a/.github/actions/artifact_download/action.yml +++ b/.github/actions/artifact_download/action.yml @@ -28,7 +28,7 @@ runs: run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT" - name: Download the artifact - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ inputs.name }} path: ${{ steps.tempdir.outputs.directory }} diff --git a/.github/actions/build_cli/action.yml b/.github/actions/build_cli/action.yml index 0d8298102..41300685b 100644 --- a/.github/actions/build_cli/action.yml +++ b/.github/actions/build_cli/action.yml @@ -77,7 +77,7 @@ runs: - name: Install Cosign if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' - uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Install Rekor if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' diff --git a/.github/actions/cdbg_deploy/action.yml b/.github/actions/cdbg_deploy/action.yml index fe18ce354..ecce70cc0 100644 --- a/.github/actions/cdbg_deploy/action.yml +++ b/.github/actions/cdbg_deploy/action.yml @@ -61,7 +61,7 @@ runs: - name: Login to AWS (IAM service principal) if: inputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM aws-region: eu-central-1 @@ -80,7 +80,7 @@ runs: - name: Login to AWS (Cluster service principal) if: inputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster aws-region: eu-central-1 diff --git a/.github/actions/check_measurements_reproducibility/action.yml b/.github/actions/check_measurements_reproducibility/action.yml index 7600ce620..6c70d72ff 100644 --- a/.github/actions/check_measurements_reproducibility/action.yml +++ b/.github/actions/check_measurements_reproducibility/action.yml @@ -15,7 +15,7 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref }} path: ./release diff --git a/.github/actions/constellation_destroy/action.yml b/.github/actions/constellation_destroy/action.yml index 2d484187e..3cae8bcbf 100644 --- a/.github/actions/constellation_destroy/action.yml +++ b/.github/actions/constellation_destroy/action.yml @@ -67,7 +67,7 @@ runs: - name: Login to AWS (Cluster role) if: inputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster aws-region: eu-central-1 diff --git a/.github/actions/constellation_iam_destroy/action.yml b/.github/actions/constellation_iam_destroy/action.yml index b40672606..784979133 100644 --- a/.github/actions/constellation_iam_destroy/action.yml +++ b/.github/actions/constellation_iam_destroy/action.yml @@ -23,7 +23,7 @@ runs: - name: Login to AWS (IAM role) if: inputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM aws-region: eu-central-1 diff --git a/.github/actions/container_sbom/action.yml b/.github/actions/container_sbom/action.yml index 99dd4877c..5057a8d2e 100644 --- a/.github/actions/container_sbom/action.yml +++ b/.github/actions/container_sbom/action.yml @@ -19,7 +19,7 @@ runs: steps: - name: Install Cosign if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' - uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Download Syft & Grype uses: ./.github/actions/install_syft_grype diff --git a/.github/actions/download_release_binaries/action.yml b/.github/actions/download_release_binaries/action.yml index 6b5604c24..7a52c140a 100644 --- a/.github/actions/download_release_binaries/action.yml +++ b/.github/actions/download_release_binaries/action.yml @@ -5,51 +5,51 @@ runs: using: "composite" steps: - name: Download CLI binaries darwin-amd64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation-darwin-amd64 - name: Download CLI binaries darwin-arm64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation-darwin-arm64 - name: Download CLI binaries linux-amd64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation-linux-amd64 - name: Download CLI binaries linux-arm64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation-linux-arm64 - name: Download CLI binaries windows-amd64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation-windows-amd64 - name: Download Terraform module - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: terraform-module - name: Download Terraform provider binary darwin-amd64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: terraform-provider-constellation-darwin-amd64 - name: Download Terraform provider binary darwin-arm64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: terraform-provider-constellation-darwin-arm64 - name: Download Terraform provider binary linux-amd64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: terraform-provider-constellation-linux-amd64 - name: Download Terraform provider binary linux-arm64 - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: terraform-provider-constellation-linux-arm64 diff --git a/.github/actions/e2e_attestationconfigapi/action.yml b/.github/actions/e2e_attestationconfigapi/action.yml index 9e4efffda..11b1ca89a 100644 --- a/.github/actions/e2e_attestationconfigapi/action.yml +++ b/.github/actions/e2e_attestationconfigapi/action.yml @@ -19,7 +19,7 @@ runs: uses: ./.github/actions/setup_bazel_nix - name: Login to AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubTestResourceAPI aws-region: eu-west-1 diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index f07e68b1f..46c9d8f68 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -32,7 +32,7 @@ runs: steps: - name: Setup python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.14" @@ -48,7 +48,7 @@ runs: install kubestr /usr/local/bin - name: Checkout k8s-bench-suite - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 repository: "edgelesssys/k8s-bench-suite" @@ -166,7 +166,7 @@ runs: encryptionSecret: ${{ inputs.encryptionSecret }} - name: Assume AWS role to retrieve and update benchmarks in S3 - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks aws-region: us-east-2 diff --git a/.github/actions/e2e_cleanup_timeframe/action.yml b/.github/actions/e2e_cleanup_timeframe/action.yml index 417b2d8ac..ae9656748 100644 --- a/.github/actions/e2e_cleanup_timeframe/action.yml +++ b/.github/actions/e2e_cleanup_timeframe/action.yml @@ -22,7 +22,7 @@ runs: using: "composite" steps: - name: Authenticate AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy aws-region: eu-central-1 diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index 945801dd3..da1b164ec 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -70,7 +70,7 @@ runs: - name: Publish test results if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e') - uses: mikepenz/action-junit-report@3585e9575db828022551b4231f165eb59a0e74e3 # v5.6.2 + uses: mikepenz/action-junit-report@5b7ee5a21e8674b695313d769f3cbdfd5d4d53a4 # v6.0.0 with: report_paths: "**/junit_01.xml" fail_on_failure: true diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 4931b0e40..22b213a4c 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -229,7 +229,7 @@ runs: - name: Login to AWS (IAM role) if: inputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM aws-region: eu-central-1 @@ -300,7 +300,7 @@ runs: - name: Login to AWS (Cluster role) if: inputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster aws-region: eu-central-1 diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml index c31080db5..6ef6805ee 100644 --- a/.github/actions/e2e_verify/action.yml +++ b/.github/actions/e2e_verify/action.yml @@ -82,7 +82,7 @@ runs: - name: Login to AWS if: github.ref_name == 'main' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline aws-region: eu-central-1 diff --git a/.github/actions/find_latest_image/action.yml b/.github/actions/find_latest_image/action.yml index a038ee192..1d5ffff47 100644 --- a/.github/actions/find_latest_image/action.yml +++ b/.github/actions/find_latest_image/action.yml @@ -26,19 +26,19 @@ runs: steps: - name: Checkout head if: inputs.imageVersion == '' && inputs.git-ref == 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.imageVersion == '' && inputs.git-ref != 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.git-ref }} - name: Login to AWS if: inputs.imageVersion == '' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead aws-region: eu-central-1 diff --git a/.github/actions/login_gcp/action.yml b/.github/actions/login_gcp/action.yml index 8918e6474..4750a648a 100644 --- a/.github/actions/login_gcp/action.yml +++ b/.github/actions/login_gcp/action.yml @@ -20,11 +20,11 @@ runs: echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV" - name: Authorize GCP access - uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2.1.13 + uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 with: workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider service_account: ${{ inputs.service_account }} # Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil. - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2.2.1 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 diff --git a/.github/actions/publish_helmchart/action.yml b/.github/actions/publish_helmchart/action.yml index df23e4476..3b9c6b2c2 100644 --- a/.github/actions/publish_helmchart/action.yml +++ b/.github/actions/publish_helmchart/action.yml @@ -13,7 +13,7 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: edgelesssys/helm ref: main diff --git a/.github/actions/select_image/action.yml b/.github/actions/select_image/action.yml index f28883734..d906796c1 100644 --- a/.github/actions/select_image/action.yml +++ b/.github/actions/select_image/action.yml @@ -18,7 +18,7 @@ runs: using: "composite" steps: - name: Login to AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead aws-region: eu-central-1 diff --git a/.github/workflows/assign_reviewer.yml b/.github/workflows/assign_reviewer.yml index e24460aa8..89f3f81b1 100644 --- a/.github/workflows/assign_reviewer.yml +++ b/.github/workflows/assign_reviewer.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]' steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Pick assignee id: pick-assignee uses: ./.github/actions/pick_assignee diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index 5382781cd..fa1f60758 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.head_ref }} path: constellation @@ -44,7 +44,7 @@ jobs: echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" popd || exit 1 - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: virtee/sev-snp-measure-go.git ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8 diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index af46a886c..9bfd82fa8 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -22,7 +22,7 @@ jobs: runs-on: [arc-runner-set] steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index bf00b3b65..6e03ba352 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -19,17 +19,17 @@ jobs: latest: ${{ steps.find-latest.outputs.latest }} steps: - name: Checkout Constellation - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" fetch-depth: 0 - name: Setup Go environment - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.24.3" cache: false @@ -65,10 +65,10 @@ jobs: version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }} steps: - name: Checkout Constellation - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index 7a90d8ace..6a9bde549 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -69,7 +69,7 @@ jobs: - name: Checkout GoogleCloudPlatform/guest-agent if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: "GoogleCloudPlatform/guest-agent" ref: refs/tags/${{ steps.latest-release.outputs.latest }} @@ -77,7 +77,7 @@ jobs: - name: Checkout Constellation if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: path: "constellation" ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-libvirt-container.yml b/.github/workflows/build-libvirt-container.yml index 2f1e9454d..b67c1215f 100644 --- a/.github/workflows/build-libvirt-container.yml +++ b/.github/workflows/build-libvirt-container.yml @@ -19,7 +19,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup bazel uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/build-logcollector-images.yml b/.github/workflows/build-logcollector-images.yml index 1a8c5a315..a886c0e9d 100644 --- a/.github/workflows/build-logcollector-images.yml +++ b/.github/workflows/build-logcollector-images.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index cd9311051..09eae2fa9 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -59,13 +59,13 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.head_ref }} token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Setup Go environment - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.24.3" cache: false @@ -120,7 +120,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 6c7095ff3..7d9a208d2 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -59,7 +59,7 @@ jobs: cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -138,7 +138,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -147,7 +147,7 @@ jobs: useCache: "false" - name: Login to AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline aws-region: eu-central-1 diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index c35c12d15..a409c9a91 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/check-measurements-reproducibility.yml b/.github/workflows/check-measurements-reproducibility.yml index afcd8317a..70f4e839b 100644 --- a/.github/workflows/check-measurements-reproducibility.yml +++ b/.github/workflows/check-measurements-reproducibility.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.ref }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e9ba26695..5097a044b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,17 +34,17 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup Go environment if: matrix.language == 'go' - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.24.3" cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 + uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v4.30.9 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 + uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v4.30.9 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docs-vale.yml b/.github/workflows/docs-vale.yml index 52449fbc9..d9b5a2e81 100644 --- a/.github/workflows/docs-vale.yml +++ b/.github/workflows/docs-vale.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} # Work around https://github.com/errata-ai/vale-action/issues/128. diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index b5f2f8e33..dace7575c 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -169,7 +169,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -187,7 +187,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -219,7 +219,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -227,7 +227,7 @@ jobs: uses: ./.github/actions/download_release_binaries - name: Download CLI SBOM - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation.spdx.sbom @@ -256,12 +256,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} - name: Install Cosign - uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Download Syft & Grype uses: ./.github/actions/install_syft_grype @@ -332,7 +332,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -340,12 +340,12 @@ jobs: uses: ./.github/actions/download_release_binaries - name: Download CLI SBOM - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation.spdx.sbom - name: Download provenance - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ needs.provenance.outputs.provenance-name }} @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -418,17 +418,17 @@ jobs: uses: ./.github/actions/download_release_binaries - name: Download CLI SBOM - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation.spdx.sbom - name: Download Constellation CLI SBOM's signature - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation.spdx.sbom.sig - name: Download Constellation provenance - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ needs.provenance.outputs.provenance-name }} diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index 99bef215d..4ac0fb625 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # Don't trigger in forks, use head on pull requests, use default otherwise. ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }} diff --git a/.github/workflows/e2e-cleanup.yml b/.github/workflows/e2e-cleanup.yml index 1c4c30abf..a60d7135d 100644 --- a/.github/workflows/e2e-cleanup.yml +++ b/.github/workflows/e2e-cleanup.yml @@ -14,7 +14,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Cleanup uses: ./.github/actions/e2e_cleanup_timeframe diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index b18c1516b..654643d58 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 89af1ee52..a92fa6d96 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -21,7 +21,7 @@ jobs: image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -59,7 +59,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -159,7 +159,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index f08b151ab..5724b2206 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.ref || github.head_ref }} @@ -154,7 +154,7 @@ jobs: - name: Login to AWS (IAM + Cluster role) if: steps.determine.outputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform aws-region: eu-central-1 diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 5ba353ca9..a294c266f 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -146,7 +146,7 @@ jobs: run: brew install coreutils kubectl bash - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ inputs.ref || github.head_ref }} @@ -162,7 +162,7 @@ jobs: - name: Set up gcloud CLI (macOS) if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS' - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2.2.1 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Run E2E test id: e2e_test diff --git a/.github/workflows/e2e-test-stackit.yml b/.github/workflows/e2e-test-stackit.yml index c6b133800..9312d42da 100644 --- a/.github/workflows/e2e-test-stackit.yml +++ b/.github/workflows/e2e-test-stackit.yml @@ -16,7 +16,7 @@ jobs: image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -53,7 +53,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 7ec71d9be..ac594b94f 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -22,7 +22,7 @@ jobs: image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -350,7 +350,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -475,7 +475,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index ac9a84539..d3ad1f816 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -184,13 +184,13 @@ jobs: steps: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.git-ref }} @@ -221,19 +221,19 @@ jobs: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ inputs.git-ref }} - name: Set up gcloud CLI (macOS) if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS' - uses: google-github-actions/setup-gcloud@e427ad8a34f8676edf47cf7d7925499adf3eb74f # v2.2.1 + uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Run manual E2E test id: e2e_test diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 788b34946..e7ade5778 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -147,14 +147,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -232,14 +232,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -274,7 +274,7 @@ jobs: path: build/constellation - name: Login to AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead aws-region: eu-central-1 @@ -296,7 +296,7 @@ jobs: - name: Login to AWS (IAM role) if: needs.generate-input-parameters.outputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM aws-region: eu-central-1 @@ -347,7 +347,7 @@ jobs: - name: Login to AWS (Cluster role) if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'aws' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster aws-region: eu-central-1 @@ -411,20 +411,20 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} - name: Download CLI - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: constellation-upgrade-${{ inputs.attestationVariant }} path: build diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 6b9bad2b8..906b31f52 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -21,7 +21,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -56,12 +56,12 @@ jobs: needs: build-cli steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Download CLI artifact - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: "constell-exe" @@ -186,7 +186,7 @@ jobs: inputs.scheduled steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml index 3399a0808..ad0bcdea3 100644 --- a/.github/workflows/on-release.yml +++ b/.github/workflows/on-release.yml @@ -26,7 +26,7 @@ jobs: WORKING_BRANCH: ${{ env.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 # fetch all history @@ -49,7 +49,7 @@ jobs: latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Override latest if: github.event.inputs.latest == 'true' @@ -123,7 +123,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Remove temporary branch run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}" @@ -137,12 +137,12 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - uses: ./.github/actions/setup_bazel_nix - name: Login to AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline aws-region: eu-central-1 diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml index f5407805b..d016cf203 100644 --- a/.github/workflows/purge-main.yml +++ b/.github/workflows/purge-main.yml @@ -18,12 +18,12 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.head_ref }} - name: Login to AWS - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead aws-region: eu-central-1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 505c85685..fcc839b60 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }} WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Working branch run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" @@ -84,7 +84,7 @@ jobs: MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: main @@ -147,7 +147,7 @@ jobs: WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -185,7 +185,7 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -245,7 +245,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -266,12 +266,12 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} - name: Setup Go environment - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.24.3" cache: true diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index 2931b8a9d..75abb38a6 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -40,7 +40,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -120,7 +120,7 @@ jobs: sudo apt-get remove -y apparmor - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -170,12 +170,12 @@ jobs: - "cli_enterprise_windows_amd64" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Download binaries - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: pattern: "binaries-${{ matrix.target }}-*" merge-multiple: true @@ -204,12 +204,12 @@ jobs: - "gcp_gcp-sev-snp_nightly" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Download os images - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: pattern: "osimages-${{ matrix.target }}-*" merge-multiple: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ed998dc50..2c633450e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -37,6 +37,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9 + uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-terraform-docs.yml b/.github/workflows/sync-terraform-docs.yml index 90204fd19..a2c945ee0 100644 --- a/.github/workflows/sync-terraform-docs.yml +++ b/.github/workflows/sync-terraform-docs.yml @@ -18,14 +18,14 @@ jobs: pull-requests: write steps: - name: Checkout constellation repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 path: constellation - name: Checkout terraform-provider-constellation repo - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: repository: edgelesssys/terraform-provider-constellation ref: main diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index 5d5dad396..915a55974 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -25,7 +25,7 @@ jobs: CTEST_OUTPUT_ON_FAILURE: True steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 444e50605..e91df0e16 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -21,12 +21,12 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: "1.24.3" cache: true diff --git a/.github/workflows/test-tfsec.yml b/.github/workflows/test-tfsec.yml index 82df0e3c8..b7fa8e560 100644 --- a/.github/workflows/test-tfsec.yml +++ b/.github/workflows/test-tfsec.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index a451d1038..3fc602487 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} # No token available for forks, so we can't push changes @@ -37,7 +37,7 @@ jobs: - name: Assume AWS role to upload Bazel dependencies to S3 if: startsWith(github.head_ref, 'renovate/') - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite aws-region: eu-central-1 diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index 048dc5935..8bccb10d0 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -30,7 +30,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 @@ -49,7 +49,7 @@ jobs: rm -rf awscliv2.zip aws - name: Login to AWS (IAM role) - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubActionGocoverage aws-region: eu-central-1 diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index 7c9d8b51a..f9654ac81 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -13,12 +13,12 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Assume AWS role to upload Bazel dependencies to S3 - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite aws-region: eu-central-1 diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml index 660ccda4d..356f9f686 100644 --- a/.github/workflows/versionsapi.yml +++ b/.github/workflows/versionsapi.yml @@ -115,7 +115,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -149,21 +149,21 @@ jobs: - name: Login to AWS without write access if: steps.check-rights.outputs.write == 'false' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead aws-region: eu-central-1 - name: Login to AWS with write access if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite aws-region: eu-central-1 - name: Login to AWS with write and image remove access if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true' - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 with: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove aws-region: eu-central-1