diff --git a/.github/actions/setup-arc-e2e/action.yaml b/.github/actions/setup-arc-e2e/action.yaml index b4877a28..ec5b55af 100644 --- a/.github/actions/setup-arc-e2e/action.yaml +++ b/.github/actions/setup-arc-e2e/action.yaml @@ -36,6 +36,7 @@ runs: driver-opts: image=moby/buildkit:v0.10.6 - name: Build controller image + # https://github.com/docker/build-push-action/releases/tag/v6.15.0 uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 with: file: Dockerfile @@ -56,9 +57,9 @@ runs: - name: Get configure token id: config-token + # https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 with: application_id: ${{ inputs.app-id }} application_private_key: ${{ inputs.app-pk }} organization: ${{ inputs.target-org}} - diff --git a/.github/actions/setup-docker-environment/action.yaml b/.github/actions/setup-docker-environment/action.yaml index e9bd35aa..6053125e 100644 --- a/.github/actions/setup-docker-environment/action.yaml +++ b/.github/actions/setup-docker-environment/action.yaml @@ -24,15 +24,18 @@ runs: shell: bash - name: Set up QEMU + # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0 uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - name: Set up Docker Buildx + # https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 with: version: latest - name: Login to DockerHub if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.password != '' }} + # https://github.com/docker/login-action/releases/tag/v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: username: ${{ inputs.username }} @@ -40,6 +43,7 @@ runs: - name: Login to GitHub Container Registry if: ${{ github.event_name == 'release' || github.event_name == 'push' && github.ref == 'refs/heads/master' && inputs.ghcr_password != '' }} + # https://github.com/docker/login-action/releases/tag/v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: registry: ghcr.io diff --git a/.github/workflows/arc-publish-chart.yaml b/.github/workflows/arc-publish-chart.yaml index f670ea4f..5cada00e 100644 --- a/.github/workflows/arc-publish-chart.yaml +++ b/.github/workflows/arc-publish-chart.yaml @@ -45,6 +45,7 @@ jobs: fetch-depth: 0 - name: Set up Helm + # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 with: version: ${{ env.HELM_VERSION }} @@ -63,6 +64,7 @@ jobs: python-version: "3.11" - name: Set up chart-testing + # https://github.com/helm/chart-testing-action/releases/tag/v2.7.0 uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b - name: Run chart-testing (list-changed) @@ -79,6 +81,7 @@ jobs: - name: Create kind cluster if: steps.list-changed.outputs.changed == 'true' + # https://github.com/helm/kind-action/releases/tag/v1.12.0 uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # We need cert-manager already installed in the cluster because we assume the CRDs exist @@ -145,6 +148,7 @@ jobs: - name: Get Token id: get_workflow_token + # https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 with: application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} diff --git a/.github/workflows/arc-publish.yaml b/.github/workflows/arc-publish.yaml index 37d67e9f..1a9328ca 100644 --- a/.github/workflows/arc-publish.yaml +++ b/.github/workflows/arc-publish.yaml @@ -9,17 +9,17 @@ on: workflow_dispatch: inputs: release_tag_name: - description: 'Tag name of the release to publish' + description: "Tag name of the release to publish" required: true push_to_registries: - description: 'Push images to registries' + description: "Push images to registries" required: true type: boolean default: false permissions: - contents: write - packages: write + contents: write + packages: write env: TARGET_ORG: actions-runner-controller @@ -43,7 +43,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version-file: 'go.mod' + go-version-file: "go.mod" - name: Install tools run: | @@ -73,6 +73,7 @@ jobs: - name: Get Token id: get_workflow_token + # https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 with: application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} diff --git a/.github/workflows/arc-release-runners.yaml b/.github/workflows/arc-release-runners.yaml index 55ced306..da1fbf54 100644 --- a/.github/workflows/arc-release-runners.yaml +++ b/.github/workflows/arc-release-runners.yaml @@ -7,10 +7,10 @@ on: # are available to the workflow run push: branches: - - 'master' + - "master" paths: - - 'runner/VERSION' - - '.github/workflows/arc-release-runners.yaml' + - "runner/VERSION" + - ".github/workflows/arc-release-runners.yaml" env: # Safeguard to prevent pushing images to registeries after build @@ -39,6 +39,7 @@ jobs: - name: Get Token id: get_workflow_token + # https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 with: application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} diff --git a/.github/workflows/arc-validate-chart.yaml b/.github/workflows/arc-validate-chart.yaml index 31c55855..0d273ae2 100644 --- a/.github/workflows/arc-validate-chart.yaml +++ b/.github/workflows/arc-validate-chart.yaml @@ -45,7 +45,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v4.2 + # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 with: version: ${{ env.HELM_VERSION }} @@ -73,6 +73,7 @@ jobs: python-version: "3.11" - name: Set up chart-testing + # https://github.com/helm/chart-testing-action/releases/tag/v2.7.0 uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b - name: Run chart-testing (list-changed) @@ -88,6 +89,7 @@ jobs: ct lint --config charts/.ci/ct-config.yaml - name: Create kind cluster + # https://github.com/helm/kind-action/releases/tag/v1.12.0 uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/gha-publish-chart.yaml b/.github/workflows/gha-publish-chart.yaml index 08ee67e2..572f5da3 100644 --- a/.github/workflows/gha-publish-chart.yaml +++ b/.github/workflows/gha-publish-chart.yaml @@ -72,6 +72,7 @@ jobs: echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Set up QEMU + # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0 uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - name: Set up Docker Buildx @@ -84,6 +85,7 @@ jobs: driver-opts: image=moby/buildkit:v0.10.6 - name: Login to GitHub Container Registry + # https://github.com/docker/login-action/releases/tag/v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: registry: ghcr.io @@ -91,6 +93,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build & push controller image + # https://github.com/docker/build-push-action/releases/tag/v6.15.0 uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 with: file: Dockerfile @@ -140,7 +143,7 @@ jobs: echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v4.2 + # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 with: version: ${{ env.HELM_VERSION }} @@ -188,7 +191,7 @@ jobs: echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v4.2 + # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 with: version: ${{ env.HELM_VERSION }} diff --git a/.github/workflows/gha-validate-chart.yaml b/.github/workflows/gha-validate-chart.yaml index 64e4cd2a..4ff1e023 100644 --- a/.github/workflows/gha-validate-chart.yaml +++ b/.github/workflows/gha-validate-chart.yaml @@ -41,7 +41,7 @@ jobs: fetch-depth: 0 - name: Set up Helm - # Using https://github.com/Azure/setup-helm/releases/tag/v4.2 + # Using https://github.com/Azure/setup-helm/releases/tag/v4.2.0 uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 with: version: ${{ env.HELM_VERSION }} @@ -52,6 +52,7 @@ jobs: python-version: "3.11" - name: Set up chart-testing + # https://github.com/helm/chart-testing-action/releases/tag/v2.7.0 uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b - name: Run chart-testing (list-changed) @@ -74,6 +75,7 @@ jobs: version: latest - name: Build controller image + # https://github.com/docker/build-push-action/releases/tag/v6.15.0 uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 if: steps.list-changed.outputs.changed == 'true' with: @@ -89,6 +91,7 @@ jobs: cache-to: type=gha,mode=max - name: Create kind cluster + # https://github.com/helm/kind-action/releases/tag/v1.12.0 uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 if: steps.list-changed.outputs.changed == 'true' with: diff --git a/.github/workflows/global-publish-canary.yaml b/.github/workflows/global-publish-canary.yaml index 9d5986a3..9d84a10e 100644 --- a/.github/workflows/global-publish-canary.yaml +++ b/.github/workflows/global-publish-canary.yaml @@ -59,6 +59,7 @@ jobs: - name: Get Token id: get_workflow_token + # https://github.com/peter-murray/workflow-application-token-action/releases/tag/v3.0.0 uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 with: application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }} @@ -93,6 +94,7 @@ jobs: uses: actions/checkout@v4 - name: Login to GitHub Container Registry + # https://github.com/docker/login-action/releases/tag/v3.4.0 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: registry: ghcr.io @@ -110,15 +112,18 @@ jobs: echo "repository_owner=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT - name: Set up QEMU + # https://github.com/docker/setup-qemu-action/releases/tag/v3.6.0 uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 - name: Set up Docker Buildx + # https://github.com/docker/setup-buildx-action/releases/tag/v3.10.0 uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 with: version: latest # Unstable builds - run at your own risk - name: Build and Push + # https://github.com/docker/build-push-action/releases/tag/v6.15.0 uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 with: context: . diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index 536ca3d2..10fe3eb1 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -48,6 +48,7 @@ jobs: go-version-file: "go.mod" cache: false - name: golangci-lint + # https://github.com/golangci/golangci-lint-action/releases/tag/v6.5.2 uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 with: only-new-issues: true diff --git a/acceptance/pipelines/eks-integration-tests.yaml b/acceptance/pipelines/eks-integration-tests.yaml index 690676de..0fb86e95 100644 --- a/acceptance/pipelines/eks-integration-tests.yaml +++ b/acceptance/pipelines/eks-integration-tests.yaml @@ -13,6 +13,7 @@ jobs: runs-on: ["self-hosted", "Linux"] steps: - name: Test aws-actions/configure-aws-credentials Action + # https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.1.0 uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 with: aws-region: ${{ env.AWS_REGION }} @@ -29,6 +30,7 @@ jobs: - /var/run/secrets/eks.amazonaws.com/serviceaccount/token:/var/run/secrets/eks.amazonaws.com/serviceaccount/token steps: - name: Test aws-actions/configure-aws-credentials Action in container + # https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.1.0 uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 with: aws-region: ${{ env.AWS_REGION }} diff --git a/acceptance/pipelines/runner-integration-tests.yaml b/acceptance/pipelines/runner-integration-tests.yaml index 8655a10c..e85f2ffa 100644 --- a/acceptance/pipelines/runner-integration-tests.yaml +++ b/acceptance/pipelines/runner-integration-tests.yaml @@ -59,6 +59,7 @@ jobs: setup-ruby-test: runs-on: ["self-hosted", "Linux"] steps: + # https://github.com/ruby/setup-ruby/releases/tag/v1.227.0 - uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f with: ruby-version: 3.0