diff --git a/.github/workflows/api-release.yml b/.github/workflows/api-release.yml index 0d7012260..f8dbc8bcf 100644 --- a/.github/workflows/api-release.yml +++ b/.github/workflows/api-release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ github.ref }} path: src/github.com/containerd/containerd @@ -50,7 +50,7 @@ jobs: working-directory: src/github.com/containerd/containerd - name: Save release notes - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: containerd-release-notes path: src/github.com/containerd/containerd/release-notes.md @@ -65,11 +65,11 @@ jobs: needs: [check] steps: - name: Download release notes - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: builds - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: token: ${{ secrets.GITHUB_TOKEN }} fail_on_unmatched_files: true diff --git a/.github/workflows/build-test-images.yml b/.github/workflows/build-test-images.yml index e11754db8..df593eafc 100644 --- a/.github/workflows/build-test-images.yml +++ b/.github/workflows/build-test-images.yml @@ -41,7 +41,7 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd @@ -72,18 +72,18 @@ jobs: echo "SSH_PUB_KEY=$(cat ~/.ssh/id_rsa.pub)" >> $GITHUB_ENV - name: Azure Login - uses: azure/login@v2 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: creds: ${{ secrets.AZURE_CREDS }} - name: Create Azure Resource Group - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az group create -n ${{ env.AZURE_RESOURCE_GROUP }} -l ${{ github.event.inputs.azure_location }} --tags creationTimestamp=$(date +%Y-%m-%dT%T%z) - name: Create Windows Helper VM - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | PASSWORD="$(/usr/bin/tr -dc "a-zA-Z0-9@#$%^&*()_+?><~\`;" < /dev/urandom | /usr/bin/head -c 24; echo '')" @@ -98,7 +98,7 @@ jobs: az vm open-port --resource-group ${{ env.AZURE_RESOURCE_GROUP }} --name WinDockerHelper --port 2376 --priority 102 - name: Prepare Windows image helper - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | # Installs Windows features, opens SSH and Docker port @@ -120,7 +120,7 @@ jobs: --parameters 'SSHPublicKey=${{ env.SSH_PUB_KEY }}' - name: Get Windows Helper IPs - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | VM_DETAILS=$(az vm show -d -g ${{ env.AZURE_RESOURCE_GROUP }} -n WinDockerHelper -o json) @@ -142,7 +142,7 @@ jobs: scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.PUBLIC_IP }}:/Users/azureuser/.docker/key.pem $HOME/.docker/key.pem - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -161,7 +161,7 @@ jobs: - name: Cleanup resources if: always() - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az group delete -g ${{ env.AZURE_RESOURCE_GROUP }} --yes diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f2b315d3..5bf531992 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,9 +29,9 @@ jobs: steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go - - uses: golangci/golangci-lint-action@v6 + - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: version: v1.60.1 skip-cache: true @@ -46,14 +46,14 @@ jobs: timeout-minutes: 5 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd fetch-depth: 100 - uses: ./src/github.com/containerd/containerd/.github/actions/install-go - - uses: containerd/project-checks@v1.1.0 + - uses: containerd/project-checks@434a07157608eeaa1d5c8d4dd506154204cd9401 # v1.1.0 if: github.repository == 'containerd/containerd' with: working-directory: src/github.com/containerd/containerd @@ -78,7 +78,7 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd @@ -108,7 +108,7 @@ jobs: timeout-minutes: 5 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go - run: go install github.com/cpuguy83/go-md2man/v2@v2.0.2 - run: make man @@ -139,7 +139,7 @@ jobs: goarm: "7" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go - run: | set -e -x @@ -195,7 +195,7 @@ jobs: exclude: - os: ${{ github.repository != 'containerd/containerd' && 'arm64-8core-32gb' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go with: go-version: ${{ matrix.go-version }} @@ -227,13 +227,13 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd - uses: ./src/github.com/containerd/containerd/.github/actions/install-go - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: repository: kubernetes-sigs/cri-tools path: src/github.com/kubernetes-sigs/cri-tools @@ -367,7 +367,7 @@ jobs: } critest.exe --runtime-endpoint=npipe://.//pipe//containerd-containerd --test-images-file='${{env.CRI_TEST_IMAGES}}' --report-dir='${{github.workspace}}/critestreport' $skip - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if: always() with: name: TestResults ${{ matrix.os }} ${{ matrix.cgroup_driver }} @@ -396,7 +396,7 @@ jobs: env: GOTEST: gotestsum -- steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go - name: Install containerd dependencies @@ -514,7 +514,7 @@ jobs: sudo lsmod sudo dmesg -T -f kern - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if: always() with: name: TestResults ${{ matrix.runtime }} ${{matrix.runc}} ${{ matrix.os }} ${{ matrix.cgroup_driver }} @@ -553,8 +553,8 @@ jobs: cat /etc/os-release cat /proc/cpuinfo free -mt - - uses: actions/checkout@v4 - - uses: actions/cache@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 with: path: /root/.vagrant.d key: vagrant-${{ matrix.box }} @@ -595,7 +595,7 @@ jobs: cgroup_driver: [cgroupfs, systemd] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up cgroup v2 delegation run: | sudo mkdir -p /etc/systemd/system/user@.service.d @@ -644,7 +644,7 @@ jobs: GOTEST: gotestsum -- steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go - run: script/setup/install-gotestsum - run: script/setup/install-teststat @@ -657,7 +657,7 @@ jobs: if: always() - run: script/test/test2annotation.sh *-gotest.json if: always() - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if: always() with: name: TestResults MacOS diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9777e87c5..6ec840df0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,13 +30,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 # Override language selection by uncommenting this and choosing your languages # with: # languages: go, javascript, csharp, python, cpp, java @@ -46,4 +46,4 @@ jobs: make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 598a441b4..4ae1b69eb 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -14,19 +14,19 @@ jobs: steps: - name: Build Fuzzers id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@abe2c06d0e162320403dd10e8268adbb0b8923f8 # master with: oss-fuzz-project-name: 'containerd' language: go - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@abe2c06d0e162320403dd10e8268adbb0b8923f8 # master with: oss-fuzz-project-name: 'containerd' fuzz-seconds: 300 language: go continue-on-error: true - name: Upload Crash - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if: failure() && steps.build.outcome == 'success' with: name: artifacts @@ -40,6 +40,6 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 30 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: ./.github/actions/install-go - run: script/go-test-fuzz.sh diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index b39174a7a..7d2751804 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -26,7 +26,7 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 9d0b2f38b..8ab6e623c 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -18,9 +18,9 @@ jobs: name: lychee timeout-minutes: 15 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - - uses: lycheeverse/lychee-action@v1.10.0 + - uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0 with: # Fail action on broken links fail: true diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 288b5df21..804e4e3aa 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -20,7 +20,7 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd @@ -99,31 +99,31 @@ jobs: # - name: Upload artifacts (linux_amd64) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: linux_amd64 path: src/github.com/containerd/containerd/bin_amd64 - name: Upload artifacts (linux_arm64) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: linux_arm64 path: src/github.com/containerd/containerd/bin_arm64 - name: Upload artifacts (linux_s390x) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: linux_s390x path: src/github.com/containerd/containerd/bin_s390x - name: Upload artifacts (linux_ppc64le) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: linux_ppc64le path: src/github.com/containerd/containerd/bin_ppc64le - name: Upload artifacts (linux_riscv64) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: linux_riscv64 path: src/github.com/containerd/containerd/bin_riscv64 @@ -138,7 +138,7 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: path: src/github.com/containerd/containerd @@ -158,7 +158,7 @@ jobs: make binaries - name: Upload artifacts (windows_amd64) - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: windows_amd64 path: src/github.com/containerd/containerd/bin/ diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e040db926..0d246f6cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ github.ref }} path: src/github.com/containerd/containerd @@ -57,7 +57,7 @@ jobs: working-directory: src/github.com/containerd/containerd - name: Save release notes - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: containerd-release-notes path: src/github.com/containerd/containerd/release-notes.md @@ -93,7 +93,7 @@ jobs: releasever="${releasever#refs/tags/}" echo "RELEASE_VER=${releasever}" >> $GITHUB_ENV - name: Checkout containerd - uses: actions/checkout@v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: # Intentionally use github.repository instead of containerd/containerd to # make this action runnable on forks. @@ -103,10 +103,10 @@ jobs: path: src/github.com/containerd/containerd - name: Setup buildx instance - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 with: use: true - - uses: crazy-max/ghaction-github-runtime@v3 # sets up needed vars for caching to github + - uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 - name: Make shell: bash run: | @@ -127,7 +127,7 @@ jobs: env: PLATFORM: ${{ matrix.dockerfile-platform }} - name: Save Artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: release-tars-${{env.PLATFORM_CLEAN}} path: src/github.com/containerd/containerd/releases/*.tar.gz* @@ -144,11 +144,11 @@ jobs: needs: [build, check] steps: - name: Download builds and release notes - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: builds - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: token: ${{ secrets.GITHUB_TOKEN }} fail_on_unmatched_files: true @@ -160,6 +160,6 @@ jobs: builds/release-tars-**/* make_latest: false - name: Attest Artifacts - uses: actions/attest-build-provenance@v1 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 with: subject-path: ./builds/release-tars-**/*.tar.gz diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 2c7330f90..16c57b5fb 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 # All stale bot options: https://github.com/actions/stale#all-options with: # Idle number of days before marking issues/PRs stale diff --git a/.github/workflows/windows-hyperv-periodic.yml b/.github/workflows/windows-hyperv-periodic.yml index f50689e2a..577621887 100644 --- a/.github/workflows/windows-hyperv-periodic.yml +++ b/.github/workflows/windows-hyperv-periodic.yml @@ -55,7 +55,7 @@ jobs: GOOGLE_BUCKET: "containerd-integration/logs/windows-ltsc2022-hyperv/" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install required packages run: | @@ -81,18 +81,18 @@ jobs: echo "SSH_PUB_KEY=$(cat ~/.ssh/id_rsa.pub)" >> $GITHUB_ENV - name: AZLogin - uses: azure/login@v2 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: creds: ${{ secrets.AZURE_CREDS }} - name: AZResourceGroupCreate - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az group create -n ${{ matrix.AZURE_RESOURCE_GROUP }} -l ${{ env.AZURE_DEFAULT_LOCATION }} --tags creationTimestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ') - name: AZTestVMCreate - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | DETAILS=$(az vm create -n winTestVM --admin-username ${{ env.DEFAULT_ADMIN_USERNAME }} --admin-password ${{ env.PASSWORD }} --image ${{ matrix.AZURE_IMG }} -g ${{ matrix.AZURE_RESOURCE_GROUP }} --nsg-rule SSH --size ${{ env.AZURE_DEFAULT_VM_SIZE }} --public-ip-sku Standard -o json) @@ -116,7 +116,7 @@ jobs: echo "VM_PUB_IP=$PUB_IP" >> $GITHUB_ENV - name: EnableAZVMSSH - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az vm run-command invoke --command-id RunPowerShellScript -n winTestVM -g ${{ matrix.AZURE_RESOURCE_GROUP }} --scripts @$GITHUB_WORKSPACE/script/setup/enable_ssh_windows.ps1 --parameters 'SSHPublicKey=${{ env.SSH_PUB_KEY }}' @@ -306,14 +306,14 @@ jobs: echo 'GCP_WORKLOAD_IDENTITY_PROVIDER=${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' >> $GITHUB_OUTPUT - name: AuthGcp - uses: google-github-actions/auth@v2 + uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER with: service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - name: UploadJobReport - uses: google-github-actions/upload-cloud-storage@v2.2.0 + uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0 if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER with: path: ${{ github.workspace }}/latest-build.txt @@ -321,7 +321,7 @@ jobs: parent: false - name: UploadLogsDir - uses: google-github-actions/upload-cloud-storage@v2.2.0 + uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0 if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER with: path: ${{ env.LOGS_DIR }} @@ -329,7 +329,7 @@ jobs: parent: false - name: Check all CI stages succeeded - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const stepResults = { @@ -349,7 +349,7 @@ jobs: - name: ResourceCleanup if: always() - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az group delete -g ${{ matrix.AZURE_RESOURCE_GROUP }} --yes diff --git a/.github/workflows/windows-periodic.yml b/.github/workflows/windows-periodic.yml index 3e1a0760c..3e6ac8664 100644 --- a/.github/workflows/windows-periodic.yml +++ b/.github/workflows/windows-periodic.yml @@ -55,7 +55,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 90 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Install required packages run: | @@ -81,18 +81,18 @@ jobs: echo "SSH_PUB_KEY=$(cat ~/.ssh/id_rsa.pub)" >> $GITHUB_ENV - name: AZLogin - uses: azure/login@v2 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: creds: ${{ secrets.AZURE_CREDS }} - name: AZResourceGroupCreate - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az group create -n ${{ matrix.AZURE_RESOURCE_GROUP }} -l ${{ env.AZURE_DEFAULT_LOCATION }} --tags creationTimestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ') - name: AZTestVMCreate - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | DETAILS=$(az vm create -n winTestVM --admin-username ${{ env.DEFAULT_ADMIN_USERNAME }} --admin-password ${{ env.PASSWORD }} --image ${{ matrix.AZURE_IMG }} -g ${{ matrix.AZURE_RESOURCE_GROUP }} --nsg-rule SSH --size ${{ env.AZURE_DEFAULT_VM_SIZE }} --public-ip-sku Standard -o json) @@ -116,7 +116,7 @@ jobs: echo "VM_PUB_IP=$PUB_IP" >> $GITHUB_ENV - name: EnableAZVMSSH - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az vm run-command invoke --command-id RunPowerShellScript -n winTestVM -g ${{ matrix.AZURE_RESOURCE_GROUP }} --scripts @$GITHUB_WORKSPACE/script/setup/enable_ssh_windows.ps1 --parameters 'SSHPublicKey=${{ env.SSH_PUB_KEY }}' @@ -256,14 +256,14 @@ jobs: echo 'GCP_WORKLOAD_IDENTITY_PROVIDER=${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' >> $GITHUB_OUTPUT - name: AuthGcp - uses: google-github-actions/auth@v2 + uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER with: service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - name: UploadJobReport - uses: google-github-actions/upload-cloud-storage@v2.2.0 + uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0 if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER with: path: ${{ github.workspace }}/latest-build.txt @@ -271,7 +271,7 @@ jobs: parent: false - name: UploadLogsDir - uses: google-github-actions/upload-cloud-storage@v2.2.0 + uses: google-github-actions/upload-cloud-storage@e485962f2bef914ac9c3bdd571f821f0ba7946c4 # v2.2.0 if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER with: path: ${{ env.LOGS_DIR }} @@ -279,7 +279,7 @@ jobs: parent: false - name: Check all CI stages succeeded - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const stepResults = { @@ -301,7 +301,7 @@ jobs: - name: ResourceCleanup if: always() - uses: azure/CLI@v1 + uses: azure/CLI@4db43908b9df2e7ac93c8275a8f9a448c59338dd # v1.0.9 with: inlinescript: | az group delete -g ${{ matrix.AZURE_RESOURCE_GROUP }} --yes