diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 120f6e63bd..99fa60b6b2 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -29,7 +29,7 @@ jobs: image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Output Variables id: vars @@ -55,7 +55,7 @@ jobs: matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_oss ) }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 @@ -120,7 +120,7 @@ jobs: matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_plus ) }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 @@ -188,7 +188,7 @@ jobs: matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_nap ) }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml index af4ec5a93a..6b4d5f08c9 100644 --- a/.github/workflows/build-oss.yml +++ b/.github/workflows/build-oss.yml @@ -52,7 +52,7 @@ jobs: image_digest: ${{ steps.build-push.outputs.digest }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} fetch-depth: 0 @@ -147,7 +147,7 @@ jobs: echo "full-build: ${{ inputs.full-build }}" - name: Fetch Cached Artifacts - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/build-ot-dependency.yml b/.github/workflows/build-ot-dependency.yml index a7f09ec01f..07368ea80c 100644 --- a/.github/workflows/build-ot-dependency.yml +++ b/.github/workflows/build-ot-dependency.yml @@ -33,7 +33,7 @@ jobs: os: [debian, alpine] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: opentracing-contrib/nginx-opentracing ref: master diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml index fae88ca764..67933dbdc3 100644 --- a/.github/workflows/build-plus.yml +++ b/.github/workflows/build-plus.yml @@ -54,7 +54,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} fetch-depth: 0 @@ -160,7 +160,7 @@ jobs: echo "full-build: ${{ inputs.full-build }}" - name: Fetch Cached Artifacts - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/build-single-image.yml b/.github/workflows/build-single-image.yml index f703346746..fb21d9c2bc 100644 --- a/.github/workflows/build-single-image.yml +++ b/.github/workflows/build-single-image.yml @@ -45,7 +45,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} fetch-depth: 0 @@ -91,7 +91,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} diff --git a/.github/workflows/build-test-image.yml b/.github/workflows/build-test-image.yml index f001f46797..192b165898 100644 --- a/.github/workflows/build-test-image.yml +++ b/.github/workflows/build-test-image.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 diff --git a/.github/workflows/build-ubi-dependency.yml b/.github/workflows/build-ubi-dependency.yml index a62b65a93b..53106a7af9 100644 --- a/.github/workflows/build-ubi-dependency.yml +++ b/.github/workflows/build-ubi-dependency.yml @@ -43,7 +43,7 @@ jobs: target_exists: ${{ steps.var.outputs.target_image_exists }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -89,7 +89,7 @@ jobs: fail-fast: false steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 diff --git a/.github/workflows/cache-update.yml b/.github/workflows/cache-update.yml index d00c713311..9b93935a92 100644 --- a/.github/workflows/cache-update.yml +++ b/.github/workflows/cache-update.yml @@ -26,7 +26,7 @@ jobs: image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Output Variables id: vars diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 7dee6c3b0a..de97cb6041 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -18,7 +18,7 @@ jobs: if: ${{ (contains(github.event.pull_request.labels.*.name, 'dependencies') || contains(github.event.pull_request.labels.*.name, 'needs cherry pick')) && github.event.pull_request.merged == true }} steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 token: ${{ secrets.NGINX_PAT }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e2fca78d1..5230f240e1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,7 +53,7 @@ jobs: image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -119,7 +119,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} @@ -177,7 +177,7 @@ jobs: needs: checks steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -214,7 +214,7 @@ jobs: needs: checks steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -250,7 +250,7 @@ jobs: issues: write # for goreleaser/goreleaser-action to close milestone steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -280,7 +280,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Store Artifacts in Cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} @@ -399,7 +399,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Authenticate to Google Cloud id: auth @@ -432,7 +432,7 @@ jobs: if: ${{ ( needs.checks.outputs.forked_workflow == 'false' || needs.checks.outputs.docs_only == 'false' ) && steps.stable_exists.outputs.exists != 'true' }} - name: Fetch Cached Artifacts - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} @@ -524,7 +524,7 @@ jobs: matrix_nap: ${{ steps.set-matrix.outputs.matrix_nap }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: set-matrix run: | diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 00f25f15fc..4d749f55e9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,7 +28,7 @@ jobs: docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -66,11 +66,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -89,7 +89,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -102,6 +102,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml index 46ef1e78b4..aa46d82644 100644 --- a/.github/workflows/create-release-branch.yml +++ b/.github/workflows/create-release-branch.yml @@ -38,7 +38,7 @@ jobs: contents: write steps: - name: Checkout NIC repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.source_branch }} diff --git a/.github/workflows/dependabot-hugo.yml b/.github/workflows/dependabot-hugo.yml index 9bf1840877..834cfffc2a 100644 --- a/.github/workflows/dependabot-hugo.yml +++ b/.github/workflows/dependabot-hugo.yml @@ -26,7 +26,7 @@ jobs: uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0 - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 if: ${{ steps.dependabot-metadata.outputs.package-ecosystem == 'go_modules' && contains(steps.dependabot-metadata.outputs.dependency-names, 'hugo') }} with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 822ba90d97..fe6454b39a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,10 +21,10 @@ jobs: pull-requests: write # for actions/dependency-review-action to post comments steps: - name: "Checkout Repository" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Dependency Review" - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 with: config-file: "nginxinc/k8s-common/dependency-review-config.yml@main" base-ref: ${{ github.event.pull_request.base.sha || github.event.repository.default_branch }} diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml index 2d8693b976..6522cdaac9 100644 --- a/.github/workflows/dockerhub-description.yml +++ b/.github/workflows/dockerhub-description.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-24.04 if: ${{ github.event.repository.fork == false }} steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Modify readme for DockerHub run: | diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index 8d431f9403..dfaf08e4d0 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -23,7 +23,7 @@ jobs: if: ${{ github.event.repository.fork == false }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Scan uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0 diff --git a/.github/workflows/image-promotion.yml b/.github/workflows/image-promotion.yml index ff98d94784..f792d3bf64 100644 --- a/.github/workflows/image-promotion.yml +++ b/.github/workflows/image-promotion.yml @@ -48,7 +48,7 @@ jobs: image_matrix_nap: ${{ steps.vars.outputs.image_matrix_nap }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -72,7 +72,7 @@ jobs: - name: Fetch Cached Binary Artifacts id: binary-cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ steps.vars.outputs.go_code_md5 }} @@ -120,7 +120,7 @@ jobs: security-events: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -143,7 +143,7 @@ jobs: fi - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 if: steps.check-sarif.outputs.sarif_has_results == 'true' with: sarif_file: govulncheck.sarif @@ -156,7 +156,7 @@ jobs: contents: read steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -184,7 +184,7 @@ jobs: if: ${{ needs.checks.outputs.binary_cache_hit != 'true' }} - name: Store Artifacts in Cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.checks.outputs.go_code_md5 }} @@ -372,7 +372,7 @@ jobs: needs: [release-oss] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Certify UBI OSS images in quay uses: ./.github/actions/certify-openshift-image @@ -396,7 +396,7 @@ jobs: matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_oss ) }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Make directory for security scan results id: directory @@ -468,7 +468,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -486,7 +486,7 @@ jobs: matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_plus ) }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Make directory for security scan results id: directory @@ -558,7 +558,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -576,7 +576,7 @@ jobs: matrix: ${{ fromJSON( needs.checks.outputs.image_matrix_nap ) }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: NAP modules id: nap_modules @@ -655,7 +655,7 @@ jobs: overwrite: true - name: Upload Scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: "${{ steps.directory.outputs.directory }}/" @@ -667,7 +667,7 @@ jobs: contents: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create/Update Draft uses: lucacome/draft-release@5d29432a46bff6c122cd4b07a1fb94e1bb158d34 # v1.1.1 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index d1b6f1a389..df4b9be6e7 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: diff --git a/.github/workflows/lint-format.yml b/.github/workflows/lint-format.yml index bf54f1d78b..435105323d 100644 --- a/.github/workflows/lint-format.yml +++ b/.github/workflows/lint-format.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -44,7 +44,7 @@ jobs: pull-requests: read # for golangci-lint-action steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -61,7 +61,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: reviewdog/action-actionlint@7eeec1dd160c2301eb28e1568721837d084558ad # v1.57.0 with: @@ -72,7 +72,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Lint chart run: helm lint charts/nginx-ingress @@ -82,7 +82,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: DavidAnson/markdownlint-cli2-action@db43aef879112c3119a410d69f66701e0d530809 # v17.0.0 with: diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index 50fa9eb51d..fce35daef3 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch && inputs.branch || github.ref }} diff --git a/.github/workflows/oss-release.yml b/.github/workflows/oss-release.yml index cce2bfa8be..c9d5641380 100644 --- a/.github/workflows/oss-release.yml +++ b/.github/workflows/oss-release.yml @@ -79,7 +79,7 @@ jobs: if: ${{ inputs.gcr_release_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -117,7 +117,7 @@ jobs: if: ${{ inputs.ecr_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -166,7 +166,7 @@ jobs: if: ${{ inputs.dockerhub_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -210,7 +210,7 @@ jobs: if: ${{ inputs.quay_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -256,7 +256,7 @@ jobs: if: ${{ inputs.github_public_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} diff --git a/.github/workflows/patch-image.yml b/.github/workflows/patch-image.yml index a8c23e5614..e38d543ec7 100644 --- a/.github/workflows/patch-image.yml +++ b/.github/workflows/patch-image.yml @@ -44,7 +44,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 diff --git a/.github/workflows/plus-release.yml b/.github/workflows/plus-release.yml index dcd4514471..fe4b993111 100644 --- a/.github/workflows/plus-release.yml +++ b/.github/workflows/plus-release.yml @@ -79,7 +79,7 @@ jobs: if: ${{ inputs.gcr_release_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -117,7 +117,7 @@ jobs: if: ${{ inputs.nginx_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -170,7 +170,7 @@ jobs: if: ${{ inputs.gcr_mktpl_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -211,7 +211,7 @@ jobs: if: ${{ inputs.ecr_mktpl_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -260,7 +260,7 @@ jobs: if: ${{ inputs.az_mktpl_registry }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} diff --git a/.github/workflows/publish-helm.yml b/.github/workflows/publish-helm.yml index a9abefc44a..be31ee00a9 100644 --- a/.github/workflows/publish-helm.yml +++ b/.github/workflows/publish-helm.yml @@ -58,7 +58,7 @@ jobs: packages: write # for helm to push to GHCR steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: refs/heads/${{ inputs.branch }} path: kic @@ -89,7 +89,7 @@ jobs: helm push ${{ steps.package.outputs.path }} oci://registry-1.docker.io/nginxcharts - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: nginxinc/helm-charts fetch-depth: 1 diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml index 857a7c6f45..6a5717aa4b 100644 --- a/.github/workflows/regression.yml +++ b/.github/workflows/regression.yml @@ -36,7 +36,7 @@ jobs: branch: ${{ steps.vars.outputs.branch }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch && inputs.branch || github.event.repository.default_branch }} @@ -86,7 +86,7 @@ jobs: needs: [checks] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.checks.outputs.branch }} @@ -125,7 +125,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.checks.outputs.branch }} @@ -204,7 +204,7 @@ jobs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.checks.outputs.branch }} @@ -224,7 +224,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.checks.outputs.branch }} diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 542bc960cc..4a3e91aa4f 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -57,7 +57,7 @@ jobs: echo "branch=release-$version" >> $GITHUB_OUTPUT - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ steps.branch.outputs.branch }} token: ${{ secrets.NGINX_PAT }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 51692bc48b..d6e17ed3ca 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -60,7 +60,7 @@ jobs: k8s_version: ${{ steps.vars.outputs.k8s_version }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ inputs.release_branch }} @@ -84,7 +84,7 @@ jobs: - name: Fetch Cached Signed Binary Artifacts id: binary-cache-sign - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/tarballs key: nginx-ingress-release-${{ steps.vars.outputs.go_code_md5 }} @@ -97,7 +97,7 @@ jobs: contents: write steps: - name: Checkout NIC repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} fetch-depth: 0 @@ -290,7 +290,7 @@ jobs: needs: [release-oss] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} @@ -392,7 +392,7 @@ jobs: product_id: AWS_NAP_WAF_DOS_PRODUCT_ID steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} @@ -427,12 +427,12 @@ jobs: id-token: write # for cosign to sign artifacts steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} - name: Fetch Binary Artifacts from Cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ needs.variables.outputs.go_code_md5 }} @@ -440,7 +440,7 @@ jobs: - name: Download Syft id: syft - uses: anchore/sbom-action/download-syft@8d0a6505bf28ced3e85154d13dc6af83299e13f1 # v0.17.4 + uses: anchore/sbom-action/download-syft@1ca97d9028b51809cf6d3c934c3e160716e1b605 # v0.17.5 if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }} - name: Install Cosign @@ -455,7 +455,7 @@ jobs: if: ${{ needs.variables.outputs.binary_cache_sign_hit != 'true' }} - name: Store Tarball Artifacts in Cache - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/tarballs key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} @@ -471,12 +471,12 @@ jobs: contents: read steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} - name: Fetch Cached Tarball Artifacts - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} path: ${{ github.workspace }}/tarballs @@ -515,12 +515,12 @@ jobs: actions: read # for slack notification steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} - name: Fetch Cached Tarball Artifacts - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: key: nginx-ingress-release-${{ needs.variables.outputs.go_code_md5 }} path: ${{ github.workspace }}/tarballs @@ -623,7 +623,7 @@ jobs: image: ["nginx/nginx-ingress:${{ inputs.nic_version }}", "nginx/nginx-ingress:${{ inputs.nic_version }}-ubi", "nginx/nginx-ingress:${{ inputs.nic_version }}-alpine"] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.release_branch }} diff --git a/.github/workflows/retag-images.yml b/.github/workflows/retag-images.yml index c7fac8000a..cc0349201e 100644 --- a/.github/workflows/retag-images.yml +++ b/.github/workflows/retag-images.yml @@ -40,7 +40,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Authenticate to Google Cloud id: gcr-auth diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d0be06a081..ef62c719b0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/setup-smoke.yml b/.github/workflows/setup-smoke.yml index 5b42d5b257..5cf1d38696 100644 --- a/.github/workflows/setup-smoke.yml +++ b/.github/workflows/setup-smoke.yml @@ -49,7 +49,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set image variables id: image_details @@ -98,7 +98,7 @@ jobs: if: ${{ inputs.authenticated && steps.stable_exists.outputs.exists != 'true' }} - name: Fetch Cached Artifacts - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ${{ github.workspace }}/dist key: nginx-ingress-${{ inputs.go-md5 }} diff --git a/.github/workflows/single-image-regression.yml b/.github/workflows/single-image-regression.yml index e9b7a158ce..fea635106f 100644 --- a/.github/workflows/single-image-regression.yml +++ b/.github/workflows/single-image-regression.yml @@ -76,7 +76,7 @@ jobs: id-token: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Authenticate to Google Cloud id: auth diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 277e28b989..6296a107e9 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -34,7 +34,7 @@ jobs: matrix: ${{ steps.kic.outputs.matrix }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -175,7 +175,7 @@ jobs: needs: [variables, release-oss-public] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Certify UBI OSS images in quay uses: ./.github/actions/certify-openshift-image diff --git a/.github/workflows/update-docker-sha.yml b/.github/workflows/update-docker-sha.yml index 0ae66c357c..3604a9799a 100644 --- a/.github/workflows/update-docker-sha.yml +++ b/.github/workflows/update-docker-sha.yml @@ -50,7 +50,7 @@ jobs: needs: [vars] steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.vars.outputs.source_branch }} diff --git a/.github/workflows/update-kubernetes-version.yml b/.github/workflows/update-kubernetes-version.yml index e0f193c670..9c79f73ca7 100644 --- a/.github/workflows/update-kubernetes-version.yml +++ b/.github/workflows/update-kubernetes-version.yml @@ -18,7 +18,7 @@ jobs: update-k8s-version: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Get current k8s version from Kind image id: k8s-version diff --git a/.github/workflows/update-release-draft.yml b/.github/workflows/update-release-draft.yml index c3fd4c9d7b..8285e942df 100644 --- a/.github/workflows/update-release-draft.yml +++ b/.github/workflows/update-release-draft.yml @@ -29,7 +29,7 @@ jobs: chart_version: ${{ steps.vars.outputs.chart_version }} steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} @@ -56,7 +56,7 @@ jobs: contents: write steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.branch }} diff --git a/.github/workflows/updates-notification.yml b/.github/workflows/updates-notification.yml index d429e40670..0a757a47fb 100644 --- a/.github/workflows/updates-notification.yml +++ b/.github/workflows/updates-notification.yml @@ -32,7 +32,7 @@ jobs: actions: read # for 8398a7/action-slack steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: refs/tags/v${{ inputs.tag }} diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 77b82316b3..25b66fe06b 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.source_branch }}