diff --git a/.github/workflows/assertion.yml b/.github/workflows/assertion.yml index 227e1ad4e..df6edde04 100644 --- a/.github/workflows/assertion.yml +++ b/.github/workflows/assertion.yml @@ -33,7 +33,7 @@ jobs: osarch: [amd64, arm64] steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Download nginx-agent binary artifacts if: ${{ inputs.runId != '' }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 664302a87..09ff0eeee 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,7 +30,7 @@ jobs: id-token: write # for OIDC authentication if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-tags: 'true' @@ -44,7 +44,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -69,7 +69,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -80,7 +80,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -111,7 +111,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -122,7 +122,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -146,7 +146,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -157,7 +157,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -176,7 +176,7 @@ jobs: permissions: id-token: write # for OIDC authentication steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-tags: 'true' - name: Get Secrets from Azure Key Vault @@ -189,7 +189,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -231,7 +231,7 @@ jobs: - image: "alpine" version: "3.23" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -242,7 +242,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -293,7 +293,7 @@ jobs: - image: "alpine" version: "3.22" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -304,7 +304,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -362,7 +362,7 @@ jobs: version: "mainline" release: "alpine" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -373,7 +373,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -441,7 +441,7 @@ jobs: release: "debian" path: "/nginx-plus/agent" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -453,7 +453,7 @@ jobs: - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -531,7 +531,7 @@ jobs: version: "mainline" release: "alpine" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -542,7 +542,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -610,7 +610,7 @@ jobs: release: "debian" path: "/nginx-plus/agent" steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -621,7 +621,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -682,7 +682,7 @@ jobs: id-token: write # for OIDC authentication contents: write # Needed for pushing benchmark results to github branch steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Get Secrets from Azure Key Vault uses: ./.github/actions/az-sync with: @@ -693,7 +693,7 @@ jobs: secrets-filter: 'artifactory' - name: Configure Go Proxy uses: ./.github/actions/configure-goproxy - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -731,8 +731,8 @@ jobs: runs-on: ubuntu-22.04 needs: build-unsigned-snapshot steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index abcb812b8..5da6e3f16 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }} steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ecf226d7e..253c3ede8 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -22,7 +22,7 @@ jobs: pull-requests: write # for actions/dependency-review-action to post comments steps: - name: "Checkout Repository" - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: "Dependency Review" uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml index 18a0dad13..6571d1661 100644 --- a/.github/workflows/label-pr.yml +++ b/.github/workflows/label-pr.yml @@ -14,7 +14,7 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 + - uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.0 with: disable-releaser: true env: diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index fc1e687dc..31dde4f5f 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -68,7 +68,7 @@ jobs: create_pull_request: ${{steps.vars.outputs.create_pull_request }} steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.releaseBranch }} @@ -91,7 +91,7 @@ jobs: release_id: ${{ steps.vars.outputs.RELEASE_ID }} steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ needs.vars.outputs.github_release == 'true' }} with: ref: ${{ inputs.releaseBranch }} @@ -187,7 +187,7 @@ jobs: contents: write # Needed to tag a release steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 if: ${{ needs.vars.outputs.tag_release == 'true' }} with: ref: ${{ inputs.releaseBranch }} @@ -208,7 +208,7 @@ jobs: id-token: write # Needed to get a token to upload packages to NGINX repo steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.releaseBranch }} @@ -222,7 +222,7 @@ jobs: secrets-filter: 'artifactory' - name: Setup go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 + uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: go-version-file: 'go.mod' cache: false @@ -304,7 +304,7 @@ jobs: pull-requests: write # Needed to create pull request back into main branch steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/ccheckout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.releaseBranch }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a92108d07..3380771ee 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -28,7 +28,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/upload-release-assets.yml b/.github/workflows/upload-release-assets.yml index 4deb17d2f..e51dfce84 100644 --- a/.github/workflows/upload-release-assets.yml +++ b/.github/workflows/upload-release-assets.yml @@ -36,7 +36,7 @@ jobs: upload_azure: ${{steps.vars.outputs.upload_azure }} steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.releaseBranch }} @@ -56,7 +56,7 @@ jobs: contents: write # Needed for uploading release assets to GitHub steps: - name: Checkout Repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.releaseBranch }} @@ -75,7 +75,7 @@ jobs: echo "Checking Packages in ${{inputs.pkgRepo}}/nginx-agent" echo "${{ env.nginx-pkg-certificate }}" > pubtest.crt echo "${{ env.nginx-pkg-key }}" > pubtest.key - + DL=1 PKG_REPO=${{inputs.pkgRepo}} \ CERT=pubtest.crt KEY=pubtest.key \ scripts/packages/package-check.sh ${{inputs.pkgVersion}} @@ -107,7 +107,7 @@ jobs: -c ${{ secrets.AZURE_CONTAINER_NAME }} \ --account-name ${{ secrets.AZURE_ACCOUNT_NAME }} \ --overwrite -n nginx-agent/release-${{ inputs.pkgVersion }}/nginx-agent.tar.gz - + echo "Uploading packages..." for i in $(find ${{ inputs.pkgRepo }}/nginx-agent | grep -e "nginx-agent[_-]${{ inputs.pkgVersion }}"); do dest="nginx-agent/release-${{ inputs.pkgVersion }}/${i##*/}" diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml index 20e519b48..564351f77 100644 --- a/.github/workflows/vulncheck.yml +++ b/.github/workflows/vulncheck.yml @@ -27,8 +27,8 @@ jobs: - name: Checkout Repository uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: - fetch-depth: 0 - ref: ${{ inputs.target-branch || 'main' }} + fetch-depth: 0 + ref: ${{ inputs.target-branch || 'main' }} - name: Check Go version id: get-go-version @@ -36,7 +36,7 @@ jobs: echo "Reading from go.mod" GO_VERSION=$(grep -E "^toolchain " go.mod | awk -F' ' '{print $2}' | tr -d 'go') echo "Found $GO_VERSION" - echo "go-version="$GO_VERSION"" >> $GITHUB_OUTPUT + echo "go-version="$GO_VERSION"" >> $GITHUB_OUTPUT - name: Run govulncheck id: govulncheck