diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml index 765f5a5f..8b8edab2 100644 --- a/.github/workflows/build-docs.yaml +++ b/.github/workflows/build-docs.yaml @@ -17,8 +17,8 @@ jobs: contents: write pages: write steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 - - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b # v4.6.0 with: python-version: 3.x - run: pip install mkdocs-material==9.* diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ed942442..1f28e732 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -33,7 +33,7 @@ jobs: digest: ${{ steps.build.outputs.digest }} tag: ${{ steps.container_meta.outputs.version }} steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Login to GitHub Container Registry uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 @@ -48,7 +48,7 @@ jobs: - name: Container meta id: container_meta - uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4 + uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4 with: images: | ${{ env.IMAGE_NAME }} @@ -81,7 +81,7 @@ jobs: MODULE_NAME=${{ inputs.module-name }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # 0.9.2 + uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # 0.10.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} severity: "CRITICAL,HIGH" @@ -90,7 +90,7 @@ jobs: timeout: 15m - name: Save Trivy vulnerability attestation - uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # 0.9.2 + uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # 0.10.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} exit-code: "0" @@ -166,7 +166,7 @@ jobs: path: /tmp - name: Install Cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 + uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 # v3.0.3 - name: Sign image run: | diff --git a/.github/workflows/chaos-test.yaml b/.github/workflows/chaos-test.yaml index 65085a6e..87447052 100644 --- a/.github/workflows/chaos-test.yaml +++ b/.github/workflows/chaos-test.yaml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index 00aca39e..0062c090 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -14,11 +14,11 @@ jobs: permissions: issues: write steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@9ace499fe66cee282a29eaa628fdac2c72fa087f # tag=v1.6.1 + uses: lycheeverse/lychee-action@97189f2c0a3c8b0cb0e704fd4e878af6e5e2b2c5 # v1.7.0 with: args: "--config=.lychee.toml ." env: @@ -26,7 +26,7 @@ jobs: - name: Look for an existing issue id: last-issue - uses: micalevisk/last-issue-action@044e1cb7e9a4dde20e22969cb67818bfca0797be # v2.0.0 + uses: micalevisk/last-issue-action@305829d9728f47beb0029417167a0af890edfd6e # v2.1.0 with: state: open labels: link-check diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b39f5d85..df5fbbfd 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: env: IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ matrix.module }} steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: ./.github/actions/test-image with: diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 597559eb..47721610 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 - name: Set up Java uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3 @@ -53,7 +53,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2 + uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -66,7 +66,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2 + uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -79,6 +79,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2 + uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index 9ef7bce5..ce4402a0 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -13,14 +13,14 @@ permissions: read-all jobs: lint: runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v1.22.17@sha256:fd0257d7fe744371dcbede5372d21ebd9da94021da2dace179203c10049d0a13 + container: ghcr.io/chgl/kube-powertools:v1.22.21@sha256:3e45248e0a88a26978341c7dc2b495020ad0cd75988ce19591f5d6f6d47685ac steps: - name: Add workspace as safe directory run: | git config --global --add safe.directory /__w/recruit/recruit - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: fetch-depth: 0 diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 30742442..6bb233d4 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -29,7 +29,7 @@ jobs: steps: # Git Checkout - name: Checkout Code - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 with: token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 6226cbef..1d2c526a 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -14,7 +14,7 @@ jobs: contents: write pull-requests: write steps: - - uses: google-github-actions/release-please-action@ee9822ec2c397e8a364d634464339ac43a06e042 # v3.7.6 + - uses: google-github-actions/release-please-action@c078ea33917ab8cfa5300e48f4b7e6b16606aede # v3.7.8 with: token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} release-type: simple diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ff14fe9f..27de5419 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Login to GitHub Container Registry uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 @@ -35,7 +35,7 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1 + uses: sigstore/cosign-installer@204a51a57a74d190b284a0ce69b44bc37201f343 # v3.0.3 - name: Add helm repos and update deps run: | @@ -66,11 +66,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: path: recruit - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: token: ${{ secrets.GITHUB_TOKEN }} repository: miracum/charts @@ -108,7 +108,7 @@ jobs: contents: write # to upload artifacts to the release steps: - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Download Helm chart uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 diff --git a/.github/workflows/reset-chart-changelog-annotations.yaml b/.github/workflows/reset-chart-changelog-annotations.yaml index 5cc80bb4..04cae564 100644 --- a/.github/workflows/reset-chart-changelog-annotations.yaml +++ b/.github/workflows/reset-chart-changelog-annotations.yaml @@ -13,12 +13,12 @@ jobs: reset-commit-and-push: name: reset changelog annotations, commit, and push runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v1.22.17@sha256:fd0257d7fe744371dcbede5372d21ebd9da94021da2dace179203c10049d0a13 + container: ghcr.io/chgl/kube-powertools:v1.22.21@sha256:3e45248e0a88a26978341c7dc2b495020ad0cd75988ce19591f5d6f6d47685ac permissions: contents: write steps: - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 # currently defaults to just the one chart, "recruit", needs to be updated if # more charts are added in the future. See @@ -36,7 +36,7 @@ jobs: # use it to replace the entire changelog annotation with a single entry. yq -i '.annotations["artifacthub.io/changes"] |= strenv(FIRST_CHANGELOG_ENTRY)' charts/recruit/Chart.yaml - - uses: EndBug/add-and-commit@61a88be553afe4206585b31aa72387c64295d08b # tag=v9.1.1 + - uses: EndBug/add-and-commit@b97a9fe893e2984b63d00feaee5922e16ab1cc1e # v9.1.2 with: add: "charts/" message: "chore(helm): reset Chart.yaml changelog annotations" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 2efc1318..cd29ca90 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: persist-credentials: false @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11 + uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2 with: sarif_file: results.sarif diff --git a/.github/workflows/test-compose-installation.yaml b/.github/workflows/test-compose-installation.yaml index 4c8c9952..3da73b62 100644 --- a/.github/workflows/test-compose-installation.yaml +++ b/.github/workflows/test-compose-installation.yaml @@ -16,7 +16,7 @@ jobs: RECRUIT_IMAGE_BASE_NAME: ghcr.io/${{ github.repository }} RECRUIT_IMAGE_TAG: ${{ inputs.image-tag }} steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Download all artifacts if: ${{ github.event_name == 'pull_request' }} diff --git a/.github/workflows/test-k8s-installation.yaml b/.github/workflows/test-k8s-installation.yaml index ebe507d6..3d7ef0ac 100644 --- a/.github/workflows/test-k8s-installation.yaml +++ b/.github/workflows/test-k8s-installation.yaml @@ -14,7 +14,7 @@ jobs: test: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 diff --git a/.github/workflows/validate-gradle-wrapper.yaml b/.github/workflows/validate-gradle-wrapper.yaml index eb53a8e4..a02b48e5 100644 --- a/.github/workflows/validate-gradle-wrapper.yaml +++ b/.github/workflows/validate-gradle-wrapper.yaml @@ -14,5 +14,5 @@ jobs: name: "Validation" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6 diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml index 32b5bb28..bd95b587 100644 --- a/.github/workflows/yamllint.yaml +++ b/.github/workflows/yamllint.yaml @@ -18,10 +18,10 @@ jobs: yamllint: runs-on: ubuntu-22.04 # contains yamllint - container: ghcr.io/chgl/kube-powertools:v1.22.17@sha256:fd0257d7fe744371dcbede5372d21ebd9da94021da2dace179203c10049d0a13 + container: ghcr.io/chgl/kube-powertools:v1.22.21@sha256:3e45248e0a88a26978341c7dc2b495020ad0cd75988ce19591f5d6f6d47685ac steps: - name: Checkout - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Run yamllint run: yamllint -c .yamllint.yaml .