From f462c26ddb35831bb82663755c51d620381d4929 Mon Sep 17 00:00:00 2001 From: "renovate-rancher[bot]" <119870437+renovate-rancher[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 04:40:29 +0000 Subject: [PATCH] Update GitHub Actions --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/release-charts.yaml | 6 +++--- .github/workflows/release-rancher.yaml | 8 +++---- .github/workflows/release.yaml | 30 +++++++++++++------------- .github/workflows/sync-deps.yaml | 6 +++--- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0e8b5071a..a25900312 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,11 +33,11 @@ jobs: steps: - name : Checkout repository # https://github.com/actions/checkout/releases/tag/v4.1.1 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Setup Go # https://github.com/actions/setup-go/releases/tag/v5.0.0 - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: 'go.mod' diff --git a/.github/workflows/release-charts.yaml b/.github/workflows/release-charts.yaml index 5df51a77f..19b8a9d64 100644 --- a/.github/workflows/release-charts.yaml +++ b/.github/workflows/release-charts.yaml @@ -29,7 +29,7 @@ jobs: # Required for vault id-token: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: ref: "${{ env.WEBHOOK_REF }}" path: webhook @@ -41,7 +41,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY # Fetch github token just for the charts repository - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: app-token with: app-id: ${{ env.APP_ID }} @@ -50,7 +50,7 @@ jobs: charts - name: Checkout charts repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: repository: ${{ github.repository_owner }}/charts ref: "${{ env.CHARTS_REF }}" diff --git a/.github/workflows/release-rancher.yaml b/.github/workflows/release-rancher.yaml index d4b01d91e..189fc3375 100644 --- a/.github/workflows/release-rancher.yaml +++ b/.github/workflows/release-rancher.yaml @@ -32,7 +32,7 @@ jobs: - name: Install dependencies run: sudo snap install yq --channel=v4/stable - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: ref: "${{ env.WEBHOOK_REF }}" path: webhook @@ -44,7 +44,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY # Fetch github token just for the rancher repository - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: app-token with: app-id: ${{ env.APP_ID }} @@ -53,7 +53,7 @@ jobs: rancher - name: Checkout rancher repository - uses: actions/checkout@v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: repository: ${{ github.repository_owner }}/rancher ref: "${{ env.RANCHER_REF }}" @@ -71,7 +71,7 @@ jobs: charts_branch=$(grep '"chart-default-branch"' pkg/settings/setting.go | cut -d'"' -f4) echo "charts_branch=$charts_branch" >> $GITHUB_OUTPUT - - uses: actions/checkout@v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: repository: ${{ github.repository_owner }}/charts ref: "${{ steps.find_charts_branch.outputs.charts_branch }}" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7b51623c2..1a9dceb2b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,11 +25,11 @@ jobs: steps: - name : Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # https://github.com/actions/checkout/releases/tag/v4.1.1 - name: Setup Go - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 # https://github.com/actions/setup-go/releases/tag/v5.0.0 with: go-version-file: 'go.mod' @@ -51,7 +51,7 @@ jobs: - name: Upload artifacts # https://github.com/actions/upload-artifact/commit/65462800fd760344b1a7b4382951275a0abb4808 - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 with: name: webhook-artifacts-${{ matrix.arch }} path: | @@ -66,20 +66,20 @@ jobs: - name : Checkout repository # https://github.com/actions/checkout/releases/tag/v4.1.1 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: package-helm run: ./scripts/package-helm - name: Download the amd64 artifacts - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 # https://github.com/actions/download-artifact/releases/tag/v4.1.7 with: name: webhook-artifacts-amd64 path: dist/artifacts - name: Download the arm64 artifacts - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 # https://github.com/actions/download-artifact/releases/tag/v4.1.7 with: name: webhook-artifacts-arm64 @@ -113,10 +113,10 @@ jobs: steps: - name : Checkout repository # https://github.com/actions/checkout/releases/tag/v4.1.1 - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Download the artifacts - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 # https://github.com/actions/download-artifact/releases/tag/v4.1.7 with: name: webhook-artifacts-${{ matrix.arch }} @@ -140,12 +140,12 @@ jobs: uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 # https://github.com/docker/setup-buildx-action/releases/tag/v3.4.0 - name: Log in to the Container registry # https://github.com/docker/login-action/releases/tag/v3.2.0 - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ${{ env.REGISTRY }} username: ${{ env.DOCKER_USERNAME }} @@ -154,7 +154,7 @@ jobs: - name: Build and push the webhook image id: build # https://github.com/docker/build-push-action/releases/tag/v6.3.0 - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . file: ./package/Dockerfile @@ -168,7 +168,7 @@ jobs: touch "/tmp/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 # https://github.com/actions/upload-artifact/releases/tag/v4.3.3 with: name: digests-${{ matrix.arch }} @@ -183,7 +183,7 @@ jobs: needs: image steps: - name: Download digests - uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 # https://github.com/actions/download-artifact/releases/tag/v4.1.7 with: path: /tmp/digests @@ -191,7 +191,7 @@ jobs: merge-multiple: true - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 # https://github.com/docker/setup-buildx-action/releases/tag/v3.4.0 - name: "Read vault secrets" @@ -202,7 +202,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD - name: Log in to the Container registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 # https://github.com/docker/login-action/releases/tag/v3.2.0 with: registry: ${{ env.REGISTRY }} diff --git a/.github/workflows/sync-deps.yaml b/.github/workflows/sync-deps.yaml index cbb0cb6d3..cf455405c 100644 --- a/.github/workflows/sync-deps.yaml +++ b/.github/workflows/sync-deps.yaml @@ -33,7 +33,7 @@ jobs: secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY # Fetch github token just for the webhook repository - - uses: actions/create-github-app-token@v1 + - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: app-token with: app-id: ${{ env.APP_ID }} @@ -42,7 +42,7 @@ jobs: webhook - name : Checkout webhook repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: "${{ env.WEBHOOK_REF }}" path: webhook @@ -51,7 +51,7 @@ jobs: persist-credentials: true - name : Checkout rancher repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: repository: "${{ github.event.inputs.rancher_repository }}" ref: "${{ env.RANCHER_REF }}"