diff --git a/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in b/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in index e48d1f6c8..b12569f4a 100644 --- a/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in +++ b/.github/cargo-deny-composite-action/cargo-deny-skeleton.yaml.in @@ -21,7 +21,7 @@ runs: override: true - name: Cache - uses: Swatinem/rust-cache@v2 + uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3 # v2.7.7 - name: Install Cargo deny shell: bash diff --git a/.github/workflows/PR-wip-checks.yaml b/.github/workflows/PR-wip-checks.yaml index 7616b978c..7a5f5769f 100644 --- a/.github/workflows/PR-wip-checks.yaml +++ b/.github/workflows/PR-wip-checks.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: WIP Check if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: tim-actions/wip-check@1c2a1ca6c110026b3e2297bb2ef39e1747b5a755 + uses: tim-actions/wip-check@1c2a1ca6c110026b3e2297bb2ef39e1747b5a755 # master (2021-06-10) with: labels: '["do-not-merge", "wip", "rfc"]' keywords: '["WIP", "wip", "RFC", "rfc", "dnm", "DNM", "do-not-merge"]' diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index a6093f384..790baa7ba 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -68,7 +68,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -110,13 +110,13 @@ jobs: echo "oci-name=${oci_image%@*}" >> "$GITHUB_OUTPUT" echo "oci-digest=${oci_image#*@}" >> "$GITHUB_OUTPUT" - - uses: oras-project/setup-oras@v1 + - uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d # v1.2.2 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: version: "1.2.0" # for pushing attestations to the registry - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: registry: ghcr.io @@ -163,7 +163,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -226,7 +226,7 @@ jobs: - kernel-nvidia-gpu-confidential-headers - pause-image steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 with: name: kata-artifacts-amd64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -239,7 +239,7 @@ jobs: asset: - agent steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-amd64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -250,7 +250,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index 2c5fda1d5..40431e398 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -48,7 +48,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -89,13 +89,13 @@ jobs: echo "oci-name=${oci_image%@*}" >> "$GITHUB_OUTPUT" echo "oci-digest=${oci_image#*@}" >> "$GITHUB_OUTPUT" - - uses: oras-project/setup-oras@v1 + - uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d # v1.2.2 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: version: "1.2.0" # for pushing attestations to the registry - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: registry: ghcr.io @@ -138,7 +138,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -197,7 +197,7 @@ jobs: - busybox - kernel-nvidia-gpu-headers steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 with: name: kata-artifacts-arm64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -210,7 +210,7 @@ jobs: asset: - agent steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-arm64-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -221,7 +221,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/build-kata-static-tarball-ppc64le.yaml b/.github/workflows/build-kata-static-tarball-ppc64le.yaml index e1ddd9d88..a457b3f74 100644 --- a/.github/workflows/build-kata-static-tarball-ppc64le.yaml +++ b/.github/workflows/build-kata-static-tarball-ppc64le.yaml @@ -36,7 +36,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -89,7 +89,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -147,7 +147,7 @@ jobs: asset: - agent steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-ppc64le-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -158,7 +158,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/build-kata-static-tarball-riscv64.yaml b/.github/workflows/build-kata-static-tarball-riscv64.yaml index 4cc5ca069..e09b247b6 100644 --- a/.github/workflows/build-kata-static-tarball-riscv64.yaml +++ b/.github/workflows/build-kata-static-tarball-riscv64.yaml @@ -37,7 +37,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index f1bbb06ba..5c851a176 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -44,7 +44,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -87,7 +87,7 @@ jobs: echo "oci-digest=${oci_image#*@}" >> "$GITHUB_OUTPUT" # for pushing attestations to the registry - - uses: docker/login-action@v3 + - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 if: ${{ env.PERFORM_ATTESTATION == 'yes' }} with: registry: ghcr.io @@ -122,7 +122,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -227,7 +227,7 @@ jobs: - coco-guest-components - pause-image steps: - - uses: geekyeggo/delete-artifact@v5 + - uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0 if: ${{ inputs.stage == 'release' }} with: name: kata-artifacts-s390x-${{ matrix.asset}}${{ inputs.tarball-suffix }} @@ -238,7 +238,7 @@ jobs: steps: - name: Login to Kata Containers quay.io if: ${{ inputs.push-to-registry == 'yes' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/ci-weekly.yaml b/.github/workflows/ci-weekly.yaml index 38c91caaf..ba7615318 100644 --- a/.github/workflows/ci-weekly.yaml +++ b/.github/workflows/ci-weekly.yaml @@ -54,20 +54,20 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Kata Containers ghcr.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} push: true diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b78f34295..c0e80ad57 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -122,20 +122,20 @@ jobs: TARGET_BRANCH: ${{ inputs.target-branch }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Kata Containers ghcr.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: tags: ghcr.io/kata-containers/test-images:unencrypted-${{ inputs.pr-number }} push: true @@ -175,17 +175,17 @@ jobs: cp /opt/kata/bin/csi-kata-directvolume src/tools/csi-kata-directvolume/bin/directvolplugin - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Login to Kata Containers ghcr.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker build and push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: tags: ghcr.io/kata-containers/csi-kata-directvolume:${{ inputs.pr-number }} push: true diff --git a/.github/workflows/commit-message-check.yaml b/.github/workflows/commit-message-check.yaml index bb697cbf8..347434d99 100644 --- a/.github/workflows/commit-message-check.yaml +++ b/.github/workflows/commit-message-check.yaml @@ -26,7 +26,7 @@ jobs: - name: Get PR Commits if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@v1.2.0 + uses: tim-actions/get-pr-commits@c64db31d359214d244884dd68f971a110b29ab83 # v1.2.0 with: token: ${{ secrets.GITHUB_TOKEN }} # Filter out revert commits @@ -41,19 +41,19 @@ jobs: - name: DCO Check if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') }} - uses: tim-actions/dco@2fd0504dc0d27b33f542867c300c60840c6dcb20 + uses: tim-actions/dco@2fd0504dc0d27b33f542867c300c60840c6dcb20 # master (2020-04-28) with: commits: ${{ steps.get-pr-commits.outputs.commits }} - name: Commit Body Missing Check if: ${{ !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-body-check@v1.0.2 + uses: tim-actions/commit-body-check@d2e0e8e1f0332b3281c98867c42a2fbe25ad3f15 # v1.0.2 with: commits: ${{ steps.get-pr-commits.outputs.commits }} - name: Check Subject Line Length if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 + uses: tim-actions/commit-message-checker-with-regex@d6d9770051dd6460679d1cab1dcaa8cffc5c2bbd # v0.3.1 with: commits: ${{ steps.get-pr-commits.outputs.commits }} pattern: '^.{0,75}(\n.*)*$' @@ -62,7 +62,7 @@ jobs: - name: Check Body Line Length if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 + uses: tim-actions/commit-message-checker-with-regex@d6d9770051dd6460679d1cab1dcaa8cffc5c2bbd # v0.3.1 with: commits: ${{ steps.get-pr-commits.outputs.commits }} # Notes: @@ -93,7 +93,7 @@ jobs: - name: Check Subsystem if: ${{ (env.PR_AUTHOR != 'dependabot[bot]') && !contains(github.event.pull_request.labels.*.name, 'force-skip-ci') && ( success() || failure() ) }} - uses: tim-actions/commit-message-checker-with-regex@v0.3.1 + uses: tim-actions/commit-message-checker-with-regex@d6d9770051dd6460679d1cab1dcaa8cffc5c2bbd # v0.3.1 with: commits: ${{ steps.get-pr-commits.outputs.commits }} pattern: '^[\s\t]*[^:\s\t]+[\s\t]*:' diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index 131a8a162..dbbea5bac 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -101,7 +101,7 @@ jobs: uses: actions/checkout@v4 - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/publish-kata-deploy-payload.yaml b/.github/workflows/publish-kata-deploy-payload.yaml index b49db0186..133bab2d5 100644 --- a/.github/workflows/publish-kata-deploy-payload.yaml +++ b/.github/workflows/publish-kata-deploy-payload.yaml @@ -53,7 +53,7 @@ jobs: - name: Login to Kata Containers quay.io if: ${{ inputs.registry == 'quay.io' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -61,7 +61,7 @@ jobs: - name: Login to Kata Containers ghcr.io if: ${{ inputs.registry == 'ghcr.io' }} - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release-amd64.yaml b/.github/workflows/release-amd64.yaml index 5e519b0ae..2c8c74176 100644 --- a/.github/workflows/release-amd64.yaml +++ b/.github/workflows/release-amd64.yaml @@ -19,13 +19,13 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/release-arm64.yaml b/.github/workflows/release-arm64.yaml index 65474e38c..40e623ffb 100644 --- a/.github/workflows/release-arm64.yaml +++ b/.github/workflows/release-arm64.yaml @@ -19,13 +19,13 @@ jobs: runs-on: ubuntu-22.04-arm steps: - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/release-ppc64le.yaml b/.github/workflows/release-ppc64le.yaml index 0be2dc886..178957556 100644 --- a/.github/workflows/release-ppc64le.yaml +++ b/.github/workflows/release-ppc64le.yaml @@ -19,13 +19,13 @@ jobs: runs-on: ppc64le steps: - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/release-s390x.yaml b/.github/workflows/release-s390x.yaml index 1909b3f5e..c6902da1a 100644 --- a/.github/workflows/release-s390x.yaml +++ b/.github/workflows/release-s390x.yaml @@ -19,13 +19,13 @@ jobs: runs-on: s390x steps: - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 86bfc3ede..e6af86867 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -53,13 +53,13 @@ jobs: uses: actions/checkout@v4 - name: Login to Kata Containers docker.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Kata Containers quay.io - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: quay.io username: ${{ secrets.QUAY_DEPLOYER_USERNAME }} @@ -183,7 +183,7 @@ jobs: uses: actions/checkout@v4 - name: Install helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 id: install - name: Generate and upload helm chart tarball diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index b49b783dd..9b6a0cb5f 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -103,7 +103,7 @@ jobs: AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@v3 + uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: timeout_minutes: 15 max_attempts: 20 diff --git a/.github/workflows/run-kata-coco-stability-tests.yaml b/.github/workflows/run-kata-coco-stability-tests.yaml index eb8b2bcb8..142681878 100644 --- a/.github/workflows/run-kata-coco-stability-tests.yaml +++ b/.github/workflows/run-kata-coco-stability-tests.yaml @@ -87,7 +87,7 @@ jobs: AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@v3 + uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: timeout_minutes: 15 max_attempts: 20 diff --git a/.github/workflows/run-kata-coco-tests.yaml b/.github/workflows/run-kata-coco-tests.yaml index a64baeb8c..70eb05030 100644 --- a/.github/workflows/run-kata-coco-tests.yaml +++ b/.github/workflows/run-kata-coco-tests.yaml @@ -257,7 +257,7 @@ jobs: AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@v3 + uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: timeout_minutes: 15 max_attempts: 20 diff --git a/.github/workflows/run-kata-deploy-tests-on-aks.yaml b/.github/workflows/run-kata-deploy-tests-on-aks.yaml index 718330994..9a665f02d 100644 --- a/.github/workflows/run-kata-deploy-tests-on-aks.yaml +++ b/.github/workflows/run-kata-deploy-tests-on-aks.yaml @@ -71,7 +71,7 @@ jobs: AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }} - name: Create AKS cluster - uses: nick-fields/retry@v3 + uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 with: timeout_minutes: 15 max_attempts: 20 diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml index f057ca9c8..ea2b350c4 100644 --- a/.github/workflows/shellcheck.yaml +++ b/.github/workflows/shellcheck.yaml @@ -25,6 +25,6 @@ jobs: - uses: actions/checkout@v4 - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20) with: ignore_paths: "**/vendor/**" diff --git a/.github/workflows/shellcheck_required.yaml b/.github/workflows/shellcheck_required.yaml index 07058e724..ac0768f84 100644 --- a/.github/workflows/shellcheck_required.yaml +++ b/.github/workflows/shellcheck_required.yaml @@ -26,7 +26,7 @@ jobs: - uses: actions/checkout@v4 - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master (2024-06-20) with: severity: error ignore_paths: "**/vendor/**" diff --git a/src/runtime/pkg/govmm/.github/workflows/main.yml b/src/runtime/pkg/govmm/.github/workflows/main.yml index 6c6841ca1..a259204b5 100644 --- a/src/runtime/pkg/govmm/.github/workflows/main.yml +++ b/src/runtime/pkg/govmm/.github/workflows/main.yml @@ -15,7 +15,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@4696ba8babb6127d732c3c6dde519db15edab9ea # v6.5.1 with: version: latest args: -c .golangci.yml -v