diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index f101831cab..76374c6ec7 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -71,7 +71,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -137,7 +137,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -212,7 +212,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index 7c6c97dc96..75b3cb27e7 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -66,14 +66,14 @@ jobs: uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: DockerHub Login - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} if: ${{ inputs.publish-image }} - name: Login to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -88,13 +88,13 @@ jobs: if: ${{ inputs.publish-image }} - name: Login to Public ECR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: public.ecr.aws if: ${{ inputs.publish-image }} - name: Login to Quay.io - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -111,7 +111,7 @@ jobs: if: ${{ ! inputs.forked-workflow }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -233,7 +233,7 @@ jobs: ignore-unfixed: "true" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index f39112b3e2..898ece737d 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -82,7 +82,7 @@ jobs: if: ${{ inputs.publish-image || ! inputs.forked-workflow }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -96,7 +96,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }} if: ${{ inputs.publish-aws-market-place }} - name: Login to ECR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com if: ${{ inputs.publish-aws-market-place }} @@ -111,7 +111,7 @@ jobs: if: ${{ inputs.publish-nginx-reqistry }} - name: Login to NGINX Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: docker-mgmt.nginx.com username: ${{ steps.idtoken.outputs.id_token }} @@ -264,7 +264,7 @@ jobs: if: ${{ inputs.publish-image }} - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 continue-on-error: true with: sarif_file: "trivy-results-${{ inputs.image }}.sarif" diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index 84b49c100c..31150fe40d 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -42,7 +42,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml index a9607484cb..c3a6c4f201 100644 --- a/.github/workflows/cache-update.yml +++ b/.github/workflows/cache-update.yml @@ -50,7 +50,7 @@ jobs: fetch-depth: 0 - name: Create/Update Draft - uses: lucacome/draft-release@e076259ceb036bc5f2c2a76559784c12cf8d2e74 # v1.0.4 + uses: lucacome/draft-release@8a63d32c79a171ae6048e614a8988f0ac3ed56d4 # v1.1.0 id: release-notes with: minor-label: "enhancement" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 207e55cffe..17917c5c1b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -176,7 +176,7 @@ jobs: fetch-depth: 0 - name: Create/Update Draft - uses: lucacome/draft-release@e076259ceb036bc5f2c2a76559784c12cf8d2e74 # v1.0.4 + uses: lucacome/draft-release@8a63d32c79a171ae6048e614a8988f0ac3ed56d4 # v1.1.0 id: release-notes with: minor-label: "enhancement" @@ -306,7 +306,7 @@ jobs: if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -441,7 +441,7 @@ jobs: if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -509,7 +509,7 @@ jobs: if: ${{ needs.checks.outputs.forked_workflow == 'false' }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -773,14 +773,14 @@ jobs: path: kic - name: Login to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: DockerHub Login - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4fe35c3405..e852148a74 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -70,7 +70,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index c93d63a01a..4cfe9d9802 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -63,7 +63,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: reviewdog/action-actionlint@89a03f6ba8c0a9fd238e82c075ffb34b86e40291 # v1.46.0 + - uses: reviewdog/action-actionlint@4797143fa54b2306fe78646b48cfa10395506635 # v1.47.0 with: actionlint_flags: -shellcheck "" diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index 97bca6b2a5..2c18d818fc 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -88,7 +88,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -130,7 +130,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -143,7 +143,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }} - name: Login to Public ECR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: public.ecr.aws @@ -183,14 +183,14 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - name: DockerHub Login - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} @@ -231,14 +231,14 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - name: Login to Quay.io - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} @@ -281,14 +281,14 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - name: Login to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index 00f5bc410e..2131dc3137 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -63,7 +63,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index 41681fa915..7a4f14c527 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -88,7 +88,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -130,7 +130,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -145,7 +145,7 @@ jobs: core.setOutput('id_token', id_token) - name: Login to NGINX Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: docker-mgmt.nginx.com username: ${{ steps.idtoken.outputs.id_token }} @@ -232,7 +232,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken @@ -245,7 +245,7 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_MARKETPLACE }} - name: Login to ECR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com @@ -282,14 +282,14 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken password: ${{ steps.gcr-auth.outputs.access_token }} - name: Login to ACR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: nginxmktpl.azurecr.io username: ${{ secrets.AZ_MKTPL_ID }} diff --git a/.github/workflows/publish-helm.yml b/.github/workflows/publish-helm.yml index 413c5b9082..5d3c08904e 100644 --- a/.github/workflows/publish-helm.yml +++ b/.github/workflows/publish-helm.yml @@ -54,14 +54,14 @@ jobs: path: kic - name: Login to GitHub Container Registry - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: DockerHub Login - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index ea39bd1c0d..0d90e2045e 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -51,7 +51,7 @@ jobs: service_account: ${{ secrets.GCR_SERVICE_ACCOUNT }} - name: Login to GCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: gcr.io username: oauth2accesstoken diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 0e36c0ff0c..9e75ed6b09 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif