diff --git a/.github/workflows/bootstrap.yaml b/.github/workflows/bootstrap.yaml index 79c05511..f1af6800 100644 --- a/.github/workflows/bootstrap.yaml +++ b/.github/workflows/bootstrap.yaml @@ -12,16 +12,16 @@ jobs: if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Restore Go cache - uses: actions/cache@v1 + uses: actions/cache@v3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go1.18- - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18.x - name: Setup Kubernetes diff --git a/.github/workflows/e2e-arm64.yaml b/.github/workflows/e2e-arm64.yaml index 38460402..62a886ac 100644 --- a/.github/workflows/e2e-arm64.yaml +++ b/.github/workflows/e2e-arm64.yaml @@ -12,9 +12,9 @@ jobs: runs-on: [self-hosted, Linux, ARM64, equinix] steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18.x - name: Prepare diff --git a/.github/workflows/e2e-azure.yaml b/.github/workflows/e2e-azure.yaml index 0d5c0081..6b02880b 100644 --- a/.github/workflows/e2e-azure.yaml +++ b/.github/workflows/e2e-azure.yaml @@ -12,9 +12,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Restore Go cache - uses: actions/cache@v1 + uses: actions/cache@v3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 1a058668..14c38578 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -11,16 +11,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Restore Go cache - uses: actions/cache@v1 + uses: actions/cache@v3 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go1.18- - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18.x - name: Setup Kubernetes diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 65a7d260..0d95facd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,18 +14,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Unshallow run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18.x - name: Setup QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Setup Docker Buildx id: buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Setup Syft uses: anchore/sbom-action/download-syft@v0 - name: Setup Cosign @@ -33,13 +33,13 @@ jobs: - name: Setup Kustomize uses: fluxcd/pkg//actions/kustomize@main - name: Login to GitHub Container Registry - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: registry: ghcr.io username: fluxcdbot password: ${{ secrets.GHCR_TOKEN }} - name: Login to Docker Hub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: fluxcdbot password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }} @@ -73,7 +73,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v1 + uses: goreleaser/goreleaser-action@v3 with: version: latest args: release --release-notes=output/notes.md --skip-validate diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index 9e1cc45b..682c4e1b 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -1,4 +1,4 @@ -name: Scan +name: scan on: push: @@ -8,12 +8,16 @@ on: schedule: - cron: '18 10 * * 3' +permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for codeQL to write security events + jobs: fossa: name: FOSSA runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Run FOSSA scan and upload build data uses: fossa-contrib/fossa-action@v1 with: @@ -26,7 +30,7 @@ jobs: runs-on: ubuntu-latest if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Setup Kustomize uses: fluxcd/pkg//actions/kustomize@main - name: Build manifests @@ -49,12 +53,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml index ab5732e6..b557ffc3 100644 --- a/.github/workflows/update.yaml +++ b/.github/workflows/update.yaml @@ -12,9 +12,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: go-version: 1.18.x - name: Update component versions