diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 82a2f1dd..3628b83d 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -34,12 +34,12 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden Runner" - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/api-server.yml b/.github/workflows/api-server.yml index 1496be50..d6581f95 100644 --- a/.github/workflows/api-server.yml +++ b/.github/workflows/api-server.yml @@ -30,10 +30,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -65,9 +65,9 @@ jobs: run: working-directory: api-server steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -95,7 +95,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - name: download tar.gz binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: apiserver-darwin-packages-tar path: ./dist/packages @@ -105,7 +105,7 @@ jobs: working-directory: ./dist/packages - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.AWS_ROLE }} role-session-name: apiserver-ci-deploy @@ -121,9 +121,9 @@ jobs: run: working-directory: api-server steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -151,7 +151,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - name: download tar.gz binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: apiserver-linux-packages-tar path: ./dist/packages @@ -161,7 +161,7 @@ jobs: working-directory: ./dist/packages - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.AWS_ROLE }} role-session-name: apiserver-ci-deploy diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 50eb4484..49b0ab62 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/devcontainer-image.yml b/.github/workflows/devcontainer-image.yml index 4dfaeca3..79524efc 100644 --- a/.github/workflows/devcontainer-image.yml +++ b/.github/workflows/devcontainer-image.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -59,7 +59,7 @@ jobs: - name: Get Pull Request Number from Commit id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -115,7 +115,7 @@ jobs: file: src/Containerfile - name: Generate devcontainer GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_DEV_IMAGE_NAME}} subject-digest: ${{ steps.push-dev-ghcr.outputs.digest }} @@ -137,7 +137,7 @@ jobs: file: src/Containerfile - name: Generate devcontainer Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_DEV_IMAGE_NAME}} subject-digest: ${{ steps.push-dev-quay.outputs.digest }} diff --git a/.github/workflows/lint-jobs.yml b/.github/workflows/lint-jobs.yml index d3cbd11c..f0e90297 100644 --- a/.github/workflows/lint-jobs.yml +++ b/.github/workflows/lint-jobs.yml @@ -19,7 +19,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: @@ -28,8 +28,8 @@ jobs: markdown-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: markdownlint-cli2-action - uses: DavidAnson/markdownlint-cli2-action@v19 + uses: DavidAnson/markdownlint-cli2-action@v20 with: globs: "**/*.md" diff --git a/.github/workflows/lint-ui.yml b/.github/workflows/lint-ui.yml index b837ab48..eee0345c 100644 --- a/.github/workflows/lint-ui.yml +++ b/.github/workflows/lint-ui.yml @@ -27,9 +27,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: '22' - name: Install dependencies diff --git a/.github/workflows/pr-healthcheck-sidecar-image.yml b/.github/workflows/pr-healthcheck-sidecar-image.yml index fa8414e5..db2b2511 100644 --- a/.github/workflows/pr-healthcheck-sidecar-image.yml +++ b/.github/workflows/pr-healthcheck-sidecar-image.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -59,7 +59,7 @@ jobs: - name: Get Pull Request Number from Commit id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -114,7 +114,7 @@ jobs: file: healthcheck-sidecar/Containerfile - name: Generate GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME}} subject-digest: ${{ steps.push-hs-ghcr.outputs.digest }} @@ -136,7 +136,7 @@ jobs: file: healthcheck-sidecar/Containerfile - name: Generate QA HS Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME}} subject-digest: ${{ steps.push-hs-quay.outputs.digest }} diff --git a/.github/workflows/pr-images.yml b/.github/workflows/pr-images.yml index 5760d8b9..1284db58 100644 --- a/.github/workflows/pr-images.yml +++ b/.github/workflows/pr-images.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -71,7 +71,7 @@ jobs: - name: Get Pull Request Number from Commit if: env.SKIP_WORKFLOW == 'false' id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -130,7 +130,7 @@ jobs: - name: Generate GHCR artifact attestation if: env.SKIP_WORKFLOW == 'false' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} @@ -154,7 +154,7 @@ jobs: - name: Generate QA UI Quay artifact attestation if: env.SKIP_WORKFLOW == 'false' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-quay.outputs.digest }} diff --git a/.github/workflows/release-images.yml b/.github/workflows/release-images.yml index 37d61149..2662b664 100644 --- a/.github/workflows/release-images.yml +++ b/.github/workflows/release-images.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Log in to the GHCR container image registry uses: docker/login-action@v3 @@ -75,7 +75,7 @@ jobs: file: src/Containerfile - name: Generate Prod UI GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} @@ -95,14 +95,14 @@ jobs: file: src/Containerfile - name: Generate PROD UI Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-quay.outputs.digest }} push-to-registry: true - name: Re-Checkout main on the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: main