diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75e9ca9..dc24822 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,6 +26,6 @@ jobs: - platform: linux/arm64 steps: - name : Checkout repository - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses : actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 - name : CI run : CI=true make ci diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 32dcc50..0bbab73 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -15,7 +15,7 @@ jobs: timeout-minutes: 30 steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # The FOSSA token is shared between all repos in Rancher's GH org. It can be # used directly and there is no need to request specific access to EIO. diff --git a/.github/workflows/head-builds.yml b/.github/workflows/head-builds.yml index 65d7cc4..9b555bd 100644 --- a/.github/workflows/head-builds.yml +++ b/.github/workflows/head-builds.yml @@ -29,16 +29,16 @@ jobs: image: ghcr.io/rancher/ci-image/go1.25 steps: - name : Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set Branch Tag and Other Variables id: set-vars run: bash ./.github/scripts/branch-tags.sh >> $GITHUB_OUTPUT - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 - name: Login to GitHub Container Registry - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -52,13 +52,13 @@ jobs: secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD - name: Login to Docker Hub - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ env.DOCKER_USERNAME || vars.DOCKER_USERNAME || github.repository_owner }} password: ${{ env.DOCKER_PASSWORD || secrets.DOCKER_PASSWORD }} - name: Build and push SCC-operator (branch head) image - uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 with: context: . file: ./package/Dockerfile diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 01f9743..078d66e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -20,7 +20,7 @@ jobs: container: image: ghcr.io/rancher/ci-image/go1.25 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: golangci-lint run: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a18361a..8cbb2e9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: container: image: ghcr.io/rancher/ci-image/go1.25 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 - run: git fetch --force --tags @@ -52,7 +52,7 @@ jobs: echo "artifacts=$(tr -d '\n\r' < dist/artifacts.json)" >> "${GITHUB_OUTPUT}" - name: Attest build provenance - uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0 + uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1 with: subject-path: dist/scc-operator_* @@ -67,7 +67,7 @@ jobs: image: ghcr.io/rancher/ci-image/go1.25 steps: - name : Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: "Read Secrets" if: github.repository == 'rancher/scc-operator' @@ -82,7 +82,7 @@ jobs: # This encapsulates: login, qemu, build/push - name: Build and push scc-operator image (dockerhub and prime stg) - uses: rancher/ecm-distro-tools/actions/publish-image@da9f5b6e258c327660eeab3db97952b612f1cf9f # v0.69.3 + uses: rancher/ecm-distro-tools/actions/publish-image@016551c414f82e64af8c4c18315ea3093d10be7c # v0.74.3 with: image: 'scc-operator' tag: ${{ github.ref_name }} @@ -114,7 +114,7 @@ jobs: - name: Build and push scc-operator image (prod) if: ${{github.repository == 'rancher/scc-operator' && steps.semver_check.outputs.HAS_PRERELEASE == 'false'}} - uses: rancher/ecm-distro-tools/actions/publish-image@da9f5b6e258c327660eeab3db97952b612f1cf9f # v0.69.3 + uses: rancher/ecm-distro-tools/actions/publish-image@016551c414f82e64af8c4c18315ea3093d10be7c # v0.74.3 with: image: 'scc-operator' tag: ${{ github.ref_name }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 89a7017..6cffc9c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -11,7 +11,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 + - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0 with: stale-issue-message: 'This repository uses an automated workflow to automatically label issues which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community issues better. If the issue is still relevant, please add a comment to the issue so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the issue in 14 days. Thank you for your contributions.' stale-pr-message: 'This repository uses an automated workflow to automatically label pull requests which have not had any activity (commit/comment/label) for 60 days. This helps us manage the community pull requests better. If the pull request is still relevant, please add a comment to the pull request so the workflow can remove the label and we know it is still valid. If it is no longer relevant (or possibly fixed in the latest release), the workflow will automatically close the pull request in 14 days. Thank you for your contributions.'