Skip to content

Commit 2001feb

Browse files
oliverbaehleroliverbaehler
committed
Merge branch 'main' of github.com:projectcapsule/capsule
2 parents a2602eb + 6120885 commit 2001feb

18 files changed

Lines changed: 46 additions & 72 deletions

.github/workflows/check-actions.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
runs-on: ubuntu-latest
1616
steps:
1717
- name: Checkout
18-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
18+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
1919
- name: Ensure SHA pinned actions
2020
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236c6ce584ae24bc6283ba8dcf4b3ec8a066 # v5.0.4
2121
with:

.github/workflows/check-commit.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
commit_lint:
1717
runs-on: ubuntu-24.04
1818
steps:
19-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
19+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2020
with:
2121
fetch-depth: 0
2222
- uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1

.github/workflows/check-pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ jobs:
1515
name: Validate PR title
1616
runs-on: ubuntu-latest
1717
steps:
18-
- uses: amannn/action-semantic-pull-request@ac7e3fc035c47465748bbcb1a822c1583cf79bbc
18+
- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
1919
env:
2020
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2121
with:

.github/workflows/coverage.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
runs-on: ubuntu-24.04
2020
steps:
2121
- name: "Checkout Code"
22-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
22+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2323
- name: Check secret
2424
id: checksecret
2525
uses: ./.github/actions/exists
@@ -47,24 +47,24 @@ jobs:
4747
contents: read
4848
steps:
4949
- name: Checkout Source
50-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
50+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
5151
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
5252
with:
5353
go-version-file: 'go.mod'
5454
- name: Run Gosec Security Scanner
55-
uses: securego/gosec@4a3bd8af174872c778439083ded7adbf3747e770 # v2.26.1
55+
uses: securego/gosec@9e6a9843d7a4a6e3e9a8539b02612c8a4aa3f889 # v2.27.1
5656
with:
5757
args: '-no-fail -fmt sarif -out gosec.sarif ./...'
5858
- name: Upload SARIF file
59-
uses: github/codeql-action/upload-sarif@0ec47d036c68ae0cf94c629009b1029407111281
59+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
6060
with:
6161
sarif_file: gosec.sarif
6262
unit_tests:
6363
name: "Unit tests"
6464
runs-on: ubuntu-24.04
6565
steps:
6666
- name: Checkout
67-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
67+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
6868
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
6969
with:
7070
go-version-file: 'go.mod'

.github/workflows/docker-build.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ jobs:
2424
contents: read
2525
steps:
2626
- name: Checkout
27-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
27+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2828
- name: ko build
2929
run: VERSION=${{ github.sha }} make ko-build-all
3030
- name: Trivy Scan Image
@@ -40,6 +40,6 @@ jobs:
4040
# See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
4141
TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
4242
- name: Upload Trivy scan results to GitHub Security tab
43-
uses: github/codeql-action/upload-sarif@0ec47d036c68ae0cf94c629009b1029407111281
43+
uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
4444
with:
4545
sarif_file: 'trivy-results.sarif'

.github/workflows/docker-publish.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
capsule-digest: ${{ steps.publish-capsule.outputs.digest }}
2121
steps:
2222
- name: Checkout
23-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
23+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2424
- name: Setup caches
2525
uses: ./.github/actions/setup-caches
2626
timeout-minutes: 5
@@ -36,7 +36,7 @@ jobs:
3636
output: 'trivy-results.sarif'
3737
severity: 'CRITICAL,HIGH'
3838
- name: Install Cosign
39-
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
39+
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
4040
- name: Publish Capsule
4141
id: publish-capsule
4242
uses: peak-scale/github-actions/make-ko-publish@a441cca016861c546ab7e065277e40ce41a3eb84 # v0.2.0
@@ -61,7 +61,7 @@ jobs:
6161
packages: write # To upload assets to release.
6262
actions: read # To read the workflow path.
6363
# NOTE: The container generator workflow is not officially released as GA.
64-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
64+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a # v2.1.0
6565
with:
6666
image: ghcr.io/${{ github.repository_owner }}/capsule
6767
digest: "${{ needs.publish-images.outputs.capsule-digest }}"

.github/workflows/docs-lint.yml

Lines changed: 0 additions & 33 deletions
This file was deleted.

.github/workflows/e2e.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
runs-on:
2828
labels: ubuntu-latest-8-cores
2929
steps:
30-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
30+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
3131
with:
3232
fetch-depth: 0
3333

@@ -45,7 +45,7 @@ jobs:
4545
runs-on:
4646
labels: ubuntu-latest-8-cores
4747
steps:
48-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
48+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
4949
with:
5050
fetch-depth: 0
5151

@@ -70,7 +70,7 @@ jobs:
7070
runs-on:
7171
labels: ubuntu-latest-8-cores
7272
steps:
73-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
73+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
7474
with:
7575
repository: ${{ github.event.client_payload.repo }}
7676
ref: ${{ github.event.client_payload.sha }}
@@ -95,7 +95,7 @@ jobs:
9595
runs-on: ubuntu-latest-8-cores
9696
steps:
9797

98-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
98+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
9999
with:
100100
fetch-depth: 0
101101

.github/workflows/helm-publish.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ jobs:
1616
if: github.repository_owner == 'projectcapsule'
1717
runs-on: ubuntu-24.04
1818
steps:
19-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
19+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2020
- name: "Extract Version"
2121
id: extract_version
2222
run: |
@@ -45,8 +45,8 @@ jobs:
4545
outputs:
4646
chart-digest: ${{ steps.helm_publish.outputs.digest }}
4747
steps:
48-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
49-
- uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
48+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
49+
- uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
5050
- name: "Extract Version"
5151
id: extract_version
5252
run: |
@@ -74,7 +74,7 @@ jobs:
7474
packages: write # To upload assets to release.
7575
actions: read # To read the workflow path.
7676
# NOTE: The container generator workflow is not officially released as GA.
77-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0
77+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@f7dd8c54c2067bafc12ca7a55595d5ee9b75204a # v2.1.0
7878
with:
7979
image: ghcr.io/${{ github.repository_owner }}/charts/capsule
8080
digest: "${{ needs.publish-helm-oci.outputs.chart-digest }}"

.github/workflows/helm-test.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,14 +23,14 @@ jobs:
2323
options: --user root
2424
steps:
2525
- name: Checkout
26-
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
26+
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
2727
- name: Run ah lint
2828
working-directory: ./charts/
2929
run: ah lint
3030
lint:
3131
runs-on: ubuntu-24.04
3232
steps:
33-
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
33+
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
3434
with:
3535
fetch-depth: 0
3636
- uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5

0 commit comments

Comments
 (0)