diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index 681da265..41afa2b0 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -4,6 +4,9 @@ on: pull_request_target: types: [closed, labeled] +permissions: + contents: read + jobs: pull-request: runs-on: ubuntu-latest diff --git a/.github/workflows/conformance.yaml b/.github/workflows/conformance.yaml index cee6430f..0a751150 100644 --- a/.github/workflows/conformance.yaml +++ b/.github/workflows/conformance.yaml @@ -97,7 +97,7 @@ jobs: KUBECONFIG_PATH="$(git rev-parse --show-toplevel)/bin/kubeconfig.yaml" echo "kubeconfig-path=${KUBECONFIG_PATH}" >> $GITHUB_OUTPUT - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Build run: make build-dev - name: Create repository @@ -107,7 +107,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} - name: Create cluster id: create-cluster - uses: replicatedhq/compatibility-actions/create-cluster@v1 + uses: replicatedhq/compatibility-actions/create-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2 with: api-token: ${{ secrets.REPLICATED_API_TOKEN }} kubernetes-distribution: "k3s" @@ -151,7 +151,7 @@ jobs: kubectl delete ns flux-system --wait - name: Delete cluster if: ${{ always() }} - uses: replicatedhq/replicated-actions/remove-cluster@v1 + uses: replicatedhq/replicated-actions/remove-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2 continue-on-error: true with: api-token: ${{ secrets.REPLICATED_API_TOKEN }} @@ -190,7 +190,7 @@ jobs: KUBECONFIG_PATH="$(git rev-parse --show-toplevel)/bin/kubeconfig.yaml" echo "kubeconfig-path=${KUBECONFIG_PATH}" >> $GITHUB_OUTPUT - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Build run: make build-dev - name: Create repository @@ -200,7 +200,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }} - name: Create cluster id: create-cluster - uses: replicatedhq/compatibility-actions/create-cluster@v1 + uses: replicatedhq/compatibility-actions/create-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2 with: api-token: ${{ secrets.REPLICATED_API_TOKEN }} kubernetes-distribution: "openshift" @@ -242,7 +242,7 @@ jobs: kubectl delete ns flux-system --wait - name: Delete cluster if: ${{ always() }} - uses: replicatedhq/replicated-actions/remove-cluster@v1 + uses: replicatedhq/replicated-actions/remove-cluster@77121785951d05387334b773644c356885191f14 # v1.16.2 continue-on-error: true with: api-token: ${{ secrets.REPLICATED_API_TOKEN }} diff --git a/.github/workflows/e2e-bootstrap.yaml b/.github/workflows/e2e-bootstrap.yaml index d8bed3e3..22e4d8a0 100644 --- a/.github/workflows/e2e-bootstrap.yaml +++ b/.github/workflows/e2e-bootstrap.yaml @@ -35,9 +35,9 @@ jobs: node_image: ghcr.io/fluxcd/kindest/node:v1.30.0-amd64 kubectl_version: v1.30.0 - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Setup yq - uses: fluxcd/pkg/actions/yq@main + uses: fluxcd/pkg/actions/yq@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Build run: make build-dev - name: Set outputs diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 864e144b..25ad9e11 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -46,7 +46,7 @@ jobs: run: | kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/calico.yaml - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Run tests run: make test - name: Run e2e tests diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9af1055a..63e996c5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -38,7 +38,7 @@ jobs: - name: Setup Cosign uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -59,7 +59,7 @@ jobs: run: | kustomize build manifests/crds > all-crds.yaml - name: Generate OpenAPI JSON schemas from CRDs - uses: fluxcd/pkg/actions/crdjsonschema@main + uses: fluxcd/pkg/actions/crdjsonschema@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main with: crd: all-crds.yaml output: schemas @@ -112,7 +112,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Setup Flux CLI uses: ./action/ - name: Prepare diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml index b62c80e8..f60c4a5a 100644 --- a/.github/workflows/scan.yaml +++ b/.github/workflows/scan.yaml @@ -33,7 +33,7 @@ jobs: steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Kustomize - uses: fluxcd/pkg/actions/kustomize@main + uses: fluxcd/pkg/actions/kustomize@11195c91e5e1898cfa5840267a7fd0aa462cd040 # main - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: