Skip to content

Commit

Permalink
Pin GitHub actions dependencies
Browse files Browse the repository at this point in the history
Signed-off-by: Sascha Grunert <[email protected]>
  • Loading branch information
saschagrunert committed Sep 3, 2024
1 parent d398af3 commit 924db23
Show file tree
Hide file tree
Showing 5 changed files with 69 additions and 69 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/cargo-upgrade.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: cargo-upgrade-${{ hashFiles('**/Cargo.lock') }}
- name: Select latest toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: stable
default: true
Expand All @@ -50,7 +50,7 @@ jobs:
echo "create_pr=true" >> "$GITHUB_OUTPUT"
fi
- name: Create PR if required
uses: peter-evans/create-pull-request@v6
uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
if: ${{ steps.create_pr.outputs.create_pr == 'true' }}
with:
commit-message: Update cargo dependencies
Expand Down
108 changes: 54 additions & 54 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand All @@ -29,7 +29,7 @@ jobs:
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
default: true
Expand All @@ -40,26 +40,26 @@ jobs:
dependencies:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: make verify-dependencies

go-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v5
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/checkout@v4
- uses: golangci/golangci-lint-action@v6
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
with:
version: v1.60.3
only-new-issues: true

get-script:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: sigstore/cosign-installer@v3
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- run: scripts/get

release-static:
Expand All @@ -70,9 +70,9 @@ jobs:
COSIGN_EXPERIMENTAL: 1
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand All @@ -81,7 +81,7 @@ jobs:
key: ${{ runner.os }}-cargo-release-static-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
# Ubuntu 22.04 glibc static is not compatible with rustc 1.58.1 (see
# ACTION_MSRV_TOOLCHAIN). Means we now just use the latest one, since
Expand All @@ -95,7 +95,7 @@ jobs:
mkdir ${{ github.sha }}
mv target/x86_64-unknown-linux-gnu/release/conmonrs ${{ github.sha }}
- run: ./${{ github.sha }}/conmonrs -v
- uses: sigstore/cosign-installer@v3
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
- name: Sign binary
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
Expand All @@ -104,15 +104,15 @@ jobs:
cosign sign-blob -y conmonrs \
--output-signature conmonrs.sig \
--output-certificate conmonrs.cert
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: conmonrs
path: ${{ github.sha }}/*
- uses: google-github-actions/auth@v2
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@v2
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
path: ${{ github.sha }}
Expand All @@ -126,12 +126,12 @@ jobs:
- build-static
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: .github/create-marker
- uses: google-github-actions/auth@v2
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@v2
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
with:
path: .
glob: latest-*.txt
Expand All @@ -149,26 +149,26 @@ jobs:
arch: [amd64, arm64, ppc64le, s390x]
name: build-static-${{ matrix.arch }}
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@V27
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- uses: cachix/cachix-action@v15
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: conmon-rs
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
pushFilter: "(conmon-rs|cargo-vendor)"
- run: nix-build nix/default-${{ matrix.arch }}.nix
- run: file result/bin/conmonrs | grep static | grep stripped
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: build-static-${{ matrix.arch }}
path: |
result/bin/conmonrs
- run: |
mkdir ${{ github.sha }}
cp result/bin/conmonrs ${{ github.sha }}/conmonrs.${{ matrix.arch }}
- uses: sigstore/cosign-installer@v3
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
- name: Sign binary
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
Expand All @@ -177,15 +177,15 @@ jobs:
cosign sign-blob -y conmonrs.${{ matrix.arch }} \
--output-signature conmonrs.${{ matrix.arch }}.sig \
--output-certificate conmonrs.${{ matrix.arch }}.cert
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: conmonrs-${{ matrix.arch }}
path: ${{ github.sha }}/*
- uses: google-github-actions/auth@v2
- uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d # v2.1.5
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
credentials_json: ${{ secrets.GCS_CRIO_SA }}
- uses: google-github-actions/upload-cloud-storage@v2
- uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0
if: github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags')
with:
path: ${{ github.sha }}
Expand All @@ -195,9 +195,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand All @@ -206,7 +206,7 @@ jobs:
key: ${{ runner.os }}-cargo-doc-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
default: true
Expand All @@ -219,9 +219,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand All @@ -230,7 +230,7 @@ jobs:
key: ${{ runner.os }}-cargo-clippy-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: ${{ env['ACTION_MSRV_NIGHTLY_TOOLCHAIN'] }}
default: true
Expand All @@ -245,9 +245,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand All @@ -256,7 +256,7 @@ jobs:
key: ${{ runner.os }}-cargo-vendor-${{ hashFiles('**/Cargo.lock') }}
- run: .github/install-deps
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: stable
default: true
Expand All @@ -268,9 +268,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: ${{ env['ACTION_MSRV_TOOLCHAIN'] }}
default: true
Expand All @@ -283,18 +283,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- run: .github/install-deps
- name: Select Toolchain
uses: actions-rs/toolchain@v1
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: ${{ env['ACTION_MSRV_NIGHTLY_TOOLCHAIN'] }}
override: true
- name: Install rustfmt
shell: bash
run: rustup component add rustfmt
- name: Unit tests
uses: actions-rs/cargo@v1
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: test
args: --no-fail-fast
Expand All @@ -303,24 +303,24 @@ jobs:
RUSTFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests'
RUSTDOCFLAGS: '-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests'
- name: Coverage
uses: actions-rs/[email protected]
uses: actions-rs/grcov@770fa904bcbfc50da498080d1511da7388e6ddc6 # v0.1.6
with:
config: .github/grcov.yml
- name: Upload Results
uses: codecov/codecov-action@v4
uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0

test-integration:
needs: release-static
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/setup-go@v5
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Rust and Golang Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand All @@ -330,13 +330,13 @@ jobs:
~/.cache/go-build
key: ${{ runner.os }}-cargo-test-integration-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/go.sum') }}
- name: Setup Testfiles Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
/tmp/conmon-test-images
key: ${{ runner.os }}-cargo-test-files-${{ hashFiles('pkg/client/files_test.go') }}
- run: rm -rf target/x86_64-unknown-linux-gnu/release/conmonrs
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: conmonrs
path: target/x86_64-unknown-linux-gnu/release
Expand All @@ -357,11 +357,11 @@ jobs:
timeout-minutes: 10
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v5
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version: ${{ env.GO_VERSION }}
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: conmonrs
path: target/x86_64-unknown-linux-musl/release
Expand Down Expand Up @@ -397,15 +397,15 @@ jobs:
test $TEST_RC -ne 0 && cat journal.log
exit $TEST_RC
- name: Upload logs
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: journal.log
path: journal.log

typos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: crate-ci/[email protected]
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: crate-ci/typos@9ad6f5c0549e0eb32bd70e26d5083421d639f278 # v1.24.3
with:
config: .github/typos.toml
4 changes: 2 additions & 2 deletions .github/workflows/cross.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Cache
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
~/.cargo/registry
Expand Down
Loading

0 comments on commit 924db23

Please sign in to comment.