diff --git a/.github/workflows/operator-bundle.yaml b/.github/workflows/operator-bundle.yaml index 2fb5e0cb7d..e7e40c42cf 100644 --- a/.github/workflows/operator-bundle.yaml +++ b/.github/workflows/operator-bundle.yaml @@ -15,16 +15,15 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod + cache-dependency-path: ./operator/go.sum - name: make bundle run: | make bundle-all && git diff --exit-code -I'^ createdAt: ' diff --git a/.github/workflows/operator-check-prepare-release-commit.yml b/.github/workflows/operator-check-prepare-release-commit.yml index cf87bffe2b..a623b0be1e 100644 --- a/.github/workflows/operator-check-prepare-release-commit.yml +++ b/.github/workflows/operator-check-prepare-release-commit.yml @@ -12,8 +12,6 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" if: | github.event.pull_request.head.ref == 'release-please--branches--main--components--operator' && contains(github.event.pull_request.title, 'chore( operator): community release') @@ -29,7 +27,7 @@ jobs: - name: Generate GitHub App Token id: app-token - uses: "actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547" # v1 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 with: # Variables generated by the previous step get-secrets app-id: ${{ env.APP_ID }} @@ -45,7 +43,7 @@ jobs: echo "semver=$SEMVER" >> $GITHUB_OUTPUT - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: ref: main path: "release" diff --git a/.github/workflows/operator-images.yaml b/.github/workflows/operator-images.yaml index c18ea4fa20..3c696d3595 100644 --- a/.github/workflows/operator-images.yaml +++ b/.github/workflows/operator-images.yaml @@ -20,18 +20,16 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: "fetch openshift credentials from vault" uses: "grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760" @@ -41,7 +39,7 @@ jobs: OPENSHIFT_PASS=openshift-credentials:password - name: Login to Quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io logout: true @@ -61,7 +59,7 @@ jobs: echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT - name: Build and publish image on quay.io - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: ./operator push: true @@ -71,18 +69,16 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: "fetch openshift credentials from vault" uses: "grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760" @@ -92,7 +88,7 @@ jobs: OPENSHIFT_PASS=openshift-credentials:password - name: Login to Quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io logout: true @@ -112,7 +108,7 @@ jobs: echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT - name: Build and publish image on quay.io - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: ./operator/bundle/openshift file: ./operator/bundle/openshift/bundle.Dockerfile @@ -123,18 +119,16 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: "fetch openshift credentials from vault" uses: "grafana/shared-workflows/actions/get-vault-secrets@28361cdb22223e5f1e34358c86c20908e7248760" @@ -144,7 +138,7 @@ jobs: OPENSHIFT_PASS=openshift-credentials:password - name: Login to Quay.io - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: quay.io logout: true @@ -164,7 +158,7 @@ jobs: echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT - name: Build and publish image on quay.io - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: ./operator file: ./operator/calculator.Dockerfile diff --git a/.github/workflows/operator-release-please.yml b/.github/workflows/operator-release-please.yml index 032e7e5a23..f49f091208 100644 --- a/.github/workflows/operator-release-please.yml +++ b/.github/workflows/operator-release-please.yml @@ -34,14 +34,14 @@ jobs: PRIVATE_KEY=loki-gh-app:private-key - name: Generate GitHub App Token id: app-token - uses: "actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547" # v1 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 with: # Variables generated by the previous step get-secrets app-id: ${{ env.APP_ID }} private-key: ${{ env.PRIVATE_KEY }} owner: ${{ github.repository_owner }} - - uses: googleapis/release-please-action@a02a34c4d625f9be7cb89156071d8567266a2445 # v4 + - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 id: release with: path: operator @@ -60,14 +60,14 @@ jobs: pull-requests: "write" steps: - name: "Set up QEMU" - uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392" # v3 + uses: "docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392" # v3.6.0 - name: "Set up docker buildx" - uses: "docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2" # v3 + uses: "docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435" # v3.11.1 - name: "Login to DockerHub (from vault)" uses: "grafana/shared-workflows/actions/dockerhub-login@75804962c1ba608148988c1e2dc35fbb0ee21746" - name: "Build and push" timeout-minutes: "${{ fromJSON(env.BUILD_TIMEOUT) }}" - uses: "docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1" # v6 + uses: "docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83" # v6.18.0 with: context: "operator" file: "Dockerfile" @@ -94,14 +94,14 @@ jobs: PRIVATE_KEY=loki-gh-app:private-key - name: Generate GitHub App Token id: app-token - uses: "actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547" # v1 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 with: # Variables generated by the previous step get-secrets app-id: ${{ env.APP_ID }} private-key: ${{ env.PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: "pull code to release" - uses: "actions/checkout@v4" + uses: "actions/checkout@v5" with: persist-credentials: false path: "release" diff --git a/.github/workflows/operator-reusable-hub-release.yml b/.github/workflows/operator-reusable-hub-release.yml index 6646476c60..a44675ccbe 100644 --- a/.github/workflows/operator-reusable-hub-release.yml +++ b/.github/workflows/operator-reusable-hub-release.yml @@ -32,7 +32,7 @@ jobs: PRIVATE_KEY=loki-gh-app:private-key - name: Generate GitHub App Token id: app-token - uses: "actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547" # v1 + uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1 with: # Variables generated by the previous step get-secrets app-id: ${{ env.APP_ID }} @@ -70,14 +70,14 @@ jobs: --force - name: Checkout operatorhub repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: grafanabot/${{ inputs.repo }} token: ${{ steps.app-token.outputs.token }} persist-credentials: false - name: Checkout loki to tmp/ directory - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: grafana/loki token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/operator-scorecard.yaml b/.github/workflows/operator-scorecard.yaml index 6e754051e9..d591cc0078 100644 --- a/.github/workflows/operator-scorecard.yaml +++ b/.github/workflows/operator-scorecard.yaml @@ -15,19 +15,18 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod - - uses: engineerd/setup-kind@aa272fe2a7309878ffc2a81c56cfe3ef108ae7d0 # v0.5.0 + cache-dependency-path: ./operator/go.sum + - uses: engineerd/setup-kind@71e45b960fc8dd50b4aeabf6eb6ef2ca0920b4c1 # v0.6.2 with: - version: "v0.17.0" + version: "v0.30.0" - name: Run scorecard run: make scorecard working-directory: ./operator diff --git a/.github/workflows/operator.yaml b/.github/workflows/operator.yaml index 9d1bb73257..b5f0b5a3b9 100644 --- a/.github/workflows/operator.yaml +++ b/.github/workflows/operator.yaml @@ -15,16 +15,15 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod + cache-dependency-path: ./operator/go.sum - name: Check generated docs working-directory: ./operator run: | @@ -36,16 +35,15 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod + cache-dependency-path: ./operator/go.sum - name: Lint uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8 with: @@ -61,16 +59,15 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod + cache-dependency-path: ./operator/go.sum id: go - name: Build Manager working-directory: ./operator @@ -82,16 +79,15 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod + cache-dependency-path: ./operator/go.sum - name: Build Broker working-directory: ./operator run: |- @@ -102,16 +98,15 @@ jobs: runs-on: ubuntu-latest permissions: contents: "read" - id-token: "write" - pull-requests: "write" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: persist-credentials: false - name: Set up Go 1.x - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: ./operator/go.mod + cache-dependency-path: ./operator/go.sum - name: Run tests working-directory: ./operator run: go test -coverprofile=profile.cov ./... @@ -119,7 +114,7 @@ jobs: working-directory: ./operator run: make test-unit-prometheus - name: Send coverage - uses: shogo82148/actions-goveralls@e6875f831db61e6abffbd8df91a2eb6cd24b46c9 # v1 + uses: shogo82148/actions-goveralls@25f5320d970fb565100cf1993ada29be1bb196a1 # v1.10.0 with: working-directory: ./operator path-to-profile: profile.cov