diff --git a/.github/workflows/basic-ci-amd64.yaml b/.github/workflows/basic-ci-amd64.yaml index 29acac0c31..dc9d9a7d31 100644 --- a/.github/workflows/basic-ci-amd64.yaml +++ b/.github/workflows/basic-ci-amd64.yaml @@ -70,7 +70,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts @@ -113,7 +113,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts @@ -159,13 +159,13 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -213,7 +213,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts @@ -260,7 +260,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts @@ -301,7 +301,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts @@ -350,7 +350,7 @@ jobs: run: bash tests/integration/nerdctl/gha-run.sh install-dependencies - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts @@ -368,7 +368,7 @@ jobs: continue-on-error: true - name: Archive artifacts ${{ matrix.vmm }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: nerdctl-tests-garm-${{ matrix.vmm }} path: /tmp/artifacts @@ -396,13 +396,13 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts diff --git a/.github/workflows/basic-ci-s390x.yaml b/.github/workflows/basic-ci-s390x.yaml index bb45665e0d..5fee77d620 100644 --- a/.github/workflows/basic-ci-s390x.yaml +++ b/.github/workflows/basic-ci-s390x.yaml @@ -70,7 +70,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} path: kata-artifacts @@ -112,7 +112,7 @@ jobs: run: bash tests/stability/gha-run.sh install-dependencies - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} path: kata-artifacts @@ -153,7 +153,7 @@ jobs: run: bash tests/integration/docker/gha-run.sh install-dependencies - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} path: kata-artifacts diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 4c8b4eddd5..18c3228d7c 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -69,7 +69,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -121,7 +121,7 @@ jobs: version: "1.2.0" # for pushing attestations to the registry - - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: registry: ghcr.io @@ -136,7 +136,7 @@ jobs: push-to-registry: true - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -145,7 +145,7 @@ jobs: - name: store-extratarballs-artifact ${{ matrix.asset }} if: ${{ startsWith(matrix.asset, 'kernel-nvidia-gpu') }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-amd64-${{ matrix.asset }}-modules${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}-modules.tar.zst @@ -172,7 +172,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -191,7 +191,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-amd64-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -217,7 +217,7 @@ jobs: KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -237,7 +237,7 @@ jobs: - kernel-nvidia-gpu-modules - pause-image steps: - - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 + - uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # v6.0.0 with: name: kata-artifacts-amd64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -251,7 +251,7 @@ jobs: asset: - agent steps: - - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 + - uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # v6.0.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-amd64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -266,7 +266,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -285,7 +285,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-amd64-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -311,7 +311,7 @@ jobs: MEASURED_ROOTFS: yes - name: store-artifact shim-v2 - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-amd64-shim-v2${{ inputs.tarball-suffix }} path: kata-build/kata-static-shim-v2.tar.zst @@ -338,7 +338,7 @@ jobs: env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-amd64-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -359,7 +359,7 @@ jobs: fi echo "tarball size: ${tarball_size} bytes" - name: store-artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-static.tar.zst @@ -385,7 +385,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -421,7 +421,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-tools-artifacts-amd64-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-tools-build/kata-static-${{ matrix.asset }}.tar.zst @@ -448,7 +448,7 @@ jobs: env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-tools-artifacts-amd64-*${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -469,7 +469,7 @@ jobs: fi echo "tarball size: ${tarball_size} bytes" - name: store-artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-static.tar.zst diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index e1d2de97d5..d463427861 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -58,7 +58,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -109,7 +109,7 @@ jobs: version: "1.2.0" # for pushing attestations to the registry - - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: registry: ghcr.io @@ -124,7 +124,7 @@ jobs: push-to-registry: true - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -133,7 +133,7 @@ jobs: - name: store-extratarballs-artifact ${{ matrix.asset }} if: ${{ startsWith(matrix.asset, 'kernel-nvidia-gpu') }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-arm64-${{ matrix.asset }}-modules${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}-modules.tar.zst @@ -156,7 +156,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -175,7 +175,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-arm64-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -200,7 +200,7 @@ jobs: KBUILD_SIGN_PIN: ${{ contains(matrix.asset, 'nvidia') && secrets.KBUILD_SIGN_PIN || '' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-arm64-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -218,7 +218,7 @@ jobs: - busybox - kernel-nvidia-gpu-modules steps: - - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 + - uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # v6.0.0 with: name: kata-artifacts-arm64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -232,7 +232,7 @@ jobs: asset: - agent steps: - - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 + - uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # v6.0.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-arm64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -247,7 +247,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -266,7 +266,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-arm64-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -290,7 +290,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact shim-v2 - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-arm64-shim-v2${{ inputs.tarball-suffix }} path: kata-build/kata-static-shim-v2.tar.zst @@ -317,7 +317,7 @@ jobs: env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-arm64-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -338,7 +338,7 @@ jobs: fi echo "tarball size: ${tarball_size} bytes" - name: store-artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-static-tarball-arm64${{ inputs.tarball-suffix }} path: kata-static.tar.zst diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index fd0750d717..7fb92b8e68 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -45,7 +45,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -80,7 +80,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -103,7 +103,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -122,7 +122,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-ppc64le-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -146,7 +146,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-ppc64le-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -163,7 +163,7 @@ jobs: asset: - agent steps: - - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 + - uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # v6.0.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-ppc64le-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -178,7 +178,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -197,7 +197,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-ppc64le-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -221,7 +221,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact shim-v2 - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-ppc64le-shim-v2${{ inputs.tarball-suffix }} path: kata-build/kata-static-shim-v2.tar.zst @@ -252,7 +252,7 @@ jobs: env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-ppc64le-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -273,7 +273,7 @@ jobs: fi echo "tarball size: ${tarball_size} bytes" - name: store-artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-static-tarball-ppc64le${{ inputs.tarball-suffix }} path: kata-static.tar.zst diff --git a/.github/workflows/build-kata-static-tarball-riscv64.yaml b/.github/workflows/build-kata-static-tarball-riscv64.yaml index 3b955812f5..bc51dcc50b 100644 --- a/.github/workflows/build-kata-static-tarball-riscv64.yaml +++ b/.github/workflows/build-kata-static-tarball-riscv64.yaml @@ -67,7 +67,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-riscv64-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index 0393dfd31b..0358422108 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -52,7 +52,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -98,7 +98,7 @@ jobs: echo "oci-digest=${oci_image#*@}" >> "$GITHUB_OUTPUT" # for pushing attestations to the registry - - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: registry: ghcr.io @@ -113,7 +113,7 @@ jobs: push-to-registry: true - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -137,7 +137,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -156,7 +156,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -181,7 +181,7 @@ jobs: RELEASE: ${{ inputs.stage == 'release' && 'yes' || 'no' }} - name: store-artifact ${{ matrix.asset }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-s390x-${{ matrix.asset }}${{ inputs.tarball-suffix }} path: kata-build/kata-static-${{ matrix.asset }}.tar.zst @@ -206,7 +206,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -230,7 +230,7 @@ jobs: HKD_PATH: "host-key-document" - name: store-artifact boot-image-se - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-s390x${{ inputs.tarball-suffix }} path: kata-build/kata-static-boot-image-se.tar.zst @@ -249,7 +249,7 @@ jobs: - coco-guest-components - pause-image steps: - - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 + - uses: geekyeggo/delete-artifact@176a747ab7e287e3ff4787bf8a148716375ca118 # v6.0.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-s390x-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -264,7 +264,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -283,7 +283,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -309,7 +309,7 @@ jobs: MEASURED_ROOTFS: no - name: store-artifact shim-v2 - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-artifacts-s390x-shim-v2${{ inputs.tarball-suffix }} path: kata-build/kata-static-shim-v2.tar.zst @@ -340,7 +340,7 @@ jobs: env: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: kata-artifacts-s390x-*${{ inputs.tarball-suffix }} path: kata-artifacts @@ -361,7 +361,7 @@ jobs: fi echo "tarball size: ${tarball_size} bytes" - name: store-artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: kata-static-tarball-s390x${{ inputs.tarball-suffix }} path: kata-static.tar.zst diff --git a/.github/workflows/build-kubectl-image.yaml b/.github/workflows/build-kubectl-image.yaml index fd079d8f8a..ba52e943f3 100644 --- a/.github/workflows/build-kubectl-image.yaml +++ b/.github/workflows/build-kubectl-image.yaml @@ -33,13 +33,13 @@ jobs: persist-credentials: false - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to Quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -63,7 +63,7 @@ jobs: type=sha,prefix= - name: Build and push multi-arch image - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.0.0 with: context: tools/packaging/kubectl/ file: tools/packaging/kubectl/Dockerfile diff --git a/.github/workflows/ci-weekly.yaml b/.github/workflows/ci-weekly.yaml index a5d90303b0..5497950a05 100644 --- a/.github/workflows/ci-weekly.yaml +++ b/.github/workflows/ci-weekly.yaml @@ -86,20 +86,20 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.0.0 with: tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} push: true diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 58b95dbf03..dffb6ff1f7 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -199,20 +199,20 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.0.0 with: tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} push: true diff --git a/.github/workflows/cleanup-resources.yaml b/.github/workflows/cleanup-resources.yaml index 95f47fb5b2..94b8bd89df 100644 --- a/.github/workflows/cleanup-resources.yaml +++ b/.github/workflows/cleanup-resources.yaml @@ -21,7 +21,7 @@ jobs: persist-credentials: false - name: Log into Azure - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index 0fbdd253a6..b11c5c44ec 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -150,7 +150,7 @@ jobs: persist-credentials: false - name: Login to Kata Containers quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/publish-kata-deploy-payload.yaml b/.github/workflows/publish-kata-deploy-payload.yaml index 6c6310a4e2..35ea86131b 100644 --- a/.github/workflows/publish-kata-deploy-payload.yaml +++ b/.github/workflows/publish-kata-deploy-payload.yaml @@ -75,13 +75,13 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tarball for ${{ inputs.arch }} - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-${{ inputs.arch}}${{ inputs.tarball-suffix }} - name: Login to Kata Containers quay.io if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -89,7 +89,7 @@ jobs: - name: Login to Kata Containers ghcr.io if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release-amd64.yaml b/.github/workflows/release-amd64.yaml index 25e2bdfd79..817ac92067 100644 --- a/.github/workflows/release-amd64.yaml +++ b/.github/workflows/release-amd64.yaml @@ -37,14 +37,14 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Kata Containers quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -54,7 +54,7 @@ jobs: with: persist-credentials: false - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64 diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml index e9276ae960..c883187c69 100644 --- a/.github/workflows/release-arm64.yaml +++ b/.github/workflows/release-arm64.yaml @@ -37,14 +37,14 @@ jobs: runs-on: ubuntu-24.04-arm steps: - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Kata Containers quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -54,7 +54,7 @@ jobs: with: persist-credentials: false - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-arm64 diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml index 818c6c6266..3668e6465c 100644 --- a/.github/workflows/release-ppc64le.yaml +++ b/.github/workflows/release-ppc64le.yaml @@ -34,14 +34,14 @@ jobs: runs-on: ubuntu-24.04-ppc64le steps: - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Kata Containers quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -51,7 +51,7 @@ jobs: with: persist-credentials: false - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-ppc64le diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml index ebfafeba59..be9b25cf6d 100644 --- a/.github/workflows/release-s390x.yaml +++ b/.github/workflows/release-s390x.yaml @@ -38,14 +38,14 @@ jobs: runs-on: ubuntu-24.04-s390x steps: - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Kata Containers quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -55,7 +55,7 @@ jobs: with: persist-credentials: false - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-s390x diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 880651e59e..cb36340317 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -92,14 +92,14 @@ jobs: persist-credentials: false - name: Login to Kata Containers ghcr.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Kata Containers quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: quay.io username: ${{ vars.QUAY_DEPLOYER_USERNAME }} @@ -134,7 +134,7 @@ jobs: echo "KATA_STATIC_TARBALL=${tarball}" >> "$GITHUB_ENV" - name: Download amd64 artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64 @@ -146,7 +146,7 @@ jobs: ARCHITECTURE: amd64 - name: Download arm64 artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-arm64 @@ -158,7 +158,7 @@ jobs: ARCHITECTURE: arm64 - name: Download s390x artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-s390x @@ -170,7 +170,7 @@ jobs: ARCHITECTURE: s390x - name: Download ppc64le artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-ppc64le @@ -187,7 +187,7 @@ jobs: echo "KATA_TOOLS_STATIC_TARBALL=${tarball}" >> "$GITHUB_ENV" - name: Download amd64 tools artifacts - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64 diff --git a/.github/workflows/run-cri-containerd-tests.yaml b/.github/workflows/run-cri-containerd-tests.yaml index 635540e2c2..b525af413e 100644 --- a/.github/workflows/run-cri-containerd-tests.yaml +++ b/.github/workflows/run-cri-containerd-tests.yaml @@ -79,7 +79,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball for ${{ inputs.arch }} - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-${{ inputs.arch }}${{ inputs.tarball-suffix }} path: kata-artifacts diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index 561c8aec9e..aec251c83b 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -86,7 +86,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -95,19 +95,19 @@ jobs: run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-tools-artifacts - name: Download Azure CLI - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 with: version: 'latest' - name: Log into the Azure account - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 15 max_attempts: 20 @@ -119,7 +119,7 @@ jobs: run: bash tests/integration/kubernetes/gha-run.sh install-bats - name: Install `kubectl` - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 with: version: 'latest' @@ -140,7 +140,7 @@ jobs: - name: Refresh OIDC token in case access token expired if: always() - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} diff --git a/.github/workflows/run-k8s-tests-on-arm64.yaml b/.github/workflows/run-k8s-tests-on-arm64.yaml index 1a4c81ecc5..926cb5d837 100644 --- a/.github/workflows/run-k8s-tests-on-arm64.yaml +++ b/.github/workflows/run-k8s-tests-on-arm64.yaml @@ -79,7 +79,7 @@ jobs: continue-on-error: true - name: Archive artifacts ${{ matrix.vmm }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: k8s-tests-${{ matrix.vmm }}-${{ matrix.k8s }}-${{ inputs.tag }} path: /tmp/artifacts diff --git a/.github/workflows/run-k8s-tests-on-free-runner.yaml b/.github/workflows/run-k8s-tests-on-free-runner.yaml index 23b738b7b6..ccf9ff8b48 100644 --- a/.github/workflows/run-k8s-tests-on-free-runner.yaml +++ b/.github/workflows/run-k8s-tests-on-free-runner.yaml @@ -76,7 +76,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts diff --git a/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml b/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml index 5a6da266b4..87a61dc64f 100644 --- a/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml +++ b/.github/workflows/run-k8s-tests-on-nvidia-gpu.yaml @@ -66,7 +66,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -115,7 +115,7 @@ jobs: continue-on-error: true - name: Archive artifacts ${{ matrix.environment.vmm }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: k8s-tests-${{ matrix.environment.vmm }}-kubeadm-${{ inputs.tag }} path: /tmp/artifacts diff --git a/.github/workflows/run-kata-coco-stability-tests.yaml b/.github/workflows/run-kata-coco-stability-tests.yaml index 8753c2c6bb..0412785770 100644 --- a/.github/workflows/run-kata-coco-stability-tests.yaml +++ b/.github/workflows/run-kata-coco-stability-tests.yaml @@ -87,7 +87,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -96,14 +96,14 @@ jobs: run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-tools-artifacts - name: Log into the Azure account - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 15 max_attempts: 20 @@ -115,7 +115,7 @@ jobs: run: bash tests/integration/kubernetes/gha-run.sh install-bats - name: Install `kubectl` - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 with: version: 'latest' @@ -148,7 +148,7 @@ jobs: - name: Refresh OIDC token in case access token expired if: always() - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml index 393e4f613d..342710999b 100644 --- a/.github/workflows/run-kata-coco-tests.yaml +++ b/.github/workflows/run-kata-coco-tests.yaml @@ -90,7 +90,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -188,7 +188,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -311,7 +311,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts @@ -427,7 +427,7 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: get-kata-tools-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-tools-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-tools-artifacts diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml index f19e65e180..f8efa3a6f6 100644 --- a/.github/workflows/run-kata-deploy-tests-on-aks.yaml +++ b/.github/workflows/run-kata-deploy-tests-on-aks.yaml @@ -75,14 +75,14 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Log into the Azure account - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 15 max_attempts: 20 @@ -94,7 +94,7 @@ jobs: run: bash tests/functional/kata-deploy/gha-run.sh install-bats - name: Install `kubectl` - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0 with: version: 'latest' @@ -110,7 +110,7 @@ jobs: - name: Refresh OIDC token in case access token expired if: always() - uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0 + uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0 with: client-id: ${{ secrets.AZ_APPID }} tenant-id: ${{ secrets.AZ_TENANT_ID }} diff --git a/.github/workflows/run-kata-monitor-tests.yaml b/.github/workflows/run-kata-monitor-tests.yaml index 6d0a91788c..d601aed310 100644 --- a/.github/workflows/run-kata-monitor-tests.yaml +++ b/.github/workflows/run-kata-monitor-tests.yaml @@ -58,7 +58,7 @@ jobs: GH_TOKEN: ${{ github.token }} - name: get-kata-tarball - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: kata-static-tarball-amd64${{ inputs.tarball-suffix }} path: kata-artifacts diff --git a/.github/workflows/run-metrics.yaml b/.github/workflows/run-metrics.yaml index 76725119f5..651d92692a 100644 --- a/.github/workflows/run-metrics.yaml +++ b/.github/workflows/run-metrics.yaml @@ -115,7 +115,7 @@ jobs: run: bash tests/metrics/gha-run.sh make-tarball-results - name: archive metrics results ${{ matrix.vmm }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: metrics-artifacts-${{ matrix.vmm }} path: results-${{ matrix.vmm }}.tar.gz