From 1fa45a6c69d7ca5b84c033f97a9bd229b3387e74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Chapron?= <34628915+sc979@users.noreply.github.com> Date: Wed, 20 Dec 2023 12:23:48 +0100 Subject: [PATCH] enh(chore): github actions hardening (#4780) --- .../actions/deb-delivery-legacy/action.yml | 4 ++-- .github/actions/deb-delivery/action.yml | 4 ++-- .github/actions/package-nfpm/action.yml | 4 ++-- .github/actions/package/action.yml | 4 ++-- .github/actions/promote-to-stable/action.yml | 2 +- .../actions/rpm-delivery-legacy/action.yml | 4 ++-- .github/actions/rpm-delivery/action.yml | 4 ++-- .github/actions/runner-docker/action.yml | 2 +- .github/dependabot.yml | 9 +++++++ .github/workflows/actionlint.yml | 4 ++-- .github/workflows/connector-vmware.yml | 6 ++--- .../docker-builder-packaging-plugins.yml | 10 ++++---- .github/workflows/get-environment.yml | 2 +- .github/workflows/nrpe.yml | 6 ++--- .github/workflows/perl-cpan-libraries.yml | 20 ++++++++-------- .github/workflows/perl-crypt-argon2.yml | 10 ++++---- .github/workflows/perl-filesys-smbclient.yml | 20 ++++++++-------- .github/workflows/perl-json-path.yml | 10 ++++---- .github/workflows/perl-keepass-reader.yml | 24 +++++++++---------- .github/workflows/perl-libssh-session.yml | 10 ++++---- .github/workflows/perl-net-curl.yml | 10 ++++---- .github/workflows/perl-openwsman.yml | 10 ++++---- .github/workflows/perl-vmware-vsphere.yml | 10 ++++---- .github/workflows/plink.yml | 16 ++++++------- .github/workflows/plugin-delivery.yml | 14 +++++------ .github/workflows/plugins-selinux.yml | 4 ++-- .github/workflows/plugins.yml | 16 ++++++------- .github/workflows/tests-functional.yml | 6 ++--- 28 files changed, 127 insertions(+), 118 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/actions/deb-delivery-legacy/action.yml b/.github/actions/deb-delivery-legacy/action.yml index 53fa62794..3bdb630f4 100644 --- a/.github/actions/deb-delivery-legacy/action.yml +++ b/.github/actions/deb-delivery-legacy/action.yml @@ -24,13 +24,13 @@ runs: using: "composite" steps: - name: Use cache DEB files - uses: actions/cache/restore@v3 + uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.deb key: ${{ inputs.cache_key }} fail-on-cache-miss: true - - uses: jfrog/setup-jfrog-cli@v3 + - uses: jfrog/setup-jfrog-cli@901bb9632db90821c2d3f076012bdeaf66598555 # v3.4.1 env: JF_URL: https://centreon.jfrog.io JF_ACCESS_TOKEN: ${{ inputs.artifactory_token }} diff --git a/.github/actions/deb-delivery/action.yml b/.github/actions/deb-delivery/action.yml index 088709d9e..5af1b4eeb 100644 --- a/.github/actions/deb-delivery/action.yml +++ b/.github/actions/deb-delivery/action.yml @@ -25,13 +25,13 @@ runs: shell: bash - name: Use cache DEB files - uses: actions/cache/restore@v3 + uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.deb key: ${{ inputs.cache_key }} fail-on-cache-miss: true - - uses: jfrog/setup-jfrog-cli@v3 + - uses: jfrog/setup-jfrog-cli@901bb9632db90821c2d3f076012bdeaf66598555 # v3.4.1 env: JF_URL: https://centreon.jfrog.io JF_ACCESS_TOKEN: ${{ inputs.artifactory_token }} diff --git a/.github/actions/package-nfpm/action.yml b/.github/actions/package-nfpm/action.yml index 0cd140c3e..50bc05e38 100644 --- a/.github/actions/package-nfpm/action.yml +++ b/.github/actions/package-nfpm/action.yml @@ -105,7 +105,7 @@ runs: shell: bash - name: Cache packages - uses: actions/cache/save@v3 + uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.${{ inputs.package_extension }} key: ${{ inputs.cache_key }} @@ -113,7 +113,7 @@ runs: # Update if condition to true to get packages as artifacts - if: ${{ false }} name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ inputs.distrib }} path: ./*.${{ inputs.package_extension}} diff --git a/.github/actions/package/action.yml b/.github/actions/package/action.yml index b0797d1ec..f8e5d685f 100644 --- a/.github/actions/package/action.yml +++ b/.github/actions/package/action.yml @@ -72,14 +72,14 @@ runs: shell: bash - name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ inputs.distrib }} path: ./*.${{ inputs.package_extension }} retention-days: 1 - name: Cache packages - uses: actions/cache/save@v3 + uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.${{ inputs.package_extension }} key: ${{ inputs.cache_key }} diff --git a/.github/actions/promote-to-stable/action.yml b/.github/actions/promote-to-stable/action.yml index 275577ef7..05d5bf2da 100644 --- a/.github/actions/promote-to-stable/action.yml +++ b/.github/actions/promote-to-stable/action.yml @@ -17,7 +17,7 @@ inputs: runs: using: "composite" steps: - - uses: jfrog/setup-jfrog-cli@v3 + - uses: jfrog/setup-jfrog-cli@901bb9632db90821c2d3f076012bdeaf66598555 # v3.4.1 env: JF_URL: https://centreon.jfrog.io JF_ACCESS_TOKEN: ${{ inputs.artifactory_token }} diff --git a/.github/actions/rpm-delivery-legacy/action.yml b/.github/actions/rpm-delivery-legacy/action.yml index 39578cd10..f5ab84809 100644 --- a/.github/actions/rpm-delivery-legacy/action.yml +++ b/.github/actions/rpm-delivery-legacy/action.yml @@ -24,13 +24,13 @@ runs: using: "composite" steps: - name: Use cache RPM files - uses: actions/cache/restore@v3 + uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: ${{ inputs.cache_key }} fail-on-cache-miss: true - - uses: jfrog/setup-jfrog-cli@v3 + - uses: jfrog/setup-jfrog-cli@901bb9632db90821c2d3f076012bdeaf66598555 # v3.4.1 env: JF_URL: https://centreon.jfrog.io JF_ACCESS_TOKEN: ${{ inputs.artifactory_token }} diff --git a/.github/actions/rpm-delivery/action.yml b/.github/actions/rpm-delivery/action.yml index 1436631b9..45eabad40 100644 --- a/.github/actions/rpm-delivery/action.yml +++ b/.github/actions/rpm-delivery/action.yml @@ -25,13 +25,13 @@ runs: shell: bash - name: Use cache RPM files - uses: actions/cache/restore@v3 + uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: ${{ inputs.cache_key }} fail-on-cache-miss: true - - uses: jfrog/setup-jfrog-cli@v3 + - uses: jfrog/setup-jfrog-cli@901bb9632db90821c2d3f076012bdeaf66598555 # v3.4.1 env: JF_URL: https://centreon.jfrog.io JF_ACCESS_TOKEN: ${{ inputs.artifactory_token }} diff --git a/.github/actions/runner-docker/action.yml b/.github/actions/runner-docker/action.yml index b457eee72..a5558424b 100644 --- a/.github/actions/runner-docker/action.yml +++ b/.github/actions/runner-docker/action.yml @@ -29,7 +29,7 @@ runs: using: "composite" steps: - name: Login to Registry (via runner) - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ${{ inputs.registry_url }} username: ${{ inputs.registry_username }} diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..ff9fb1d34 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: '/' + schedule: + interval: weekly + open-pull-requests-limit: 10 + labels: + - 'pr: dependencies' diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index c1c365d44..61c74f5ff 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download actionlint id: get_actionlint @@ -40,7 +40,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Yaml run: | diff --git a/.github/workflows/connector-vmware.yml b/.github/workflows/connector-vmware.yml index 47206aad6..0be147a0c 100644 --- a/.github/workflows/connector-vmware.yml +++ b/.github/workflows/connector-vmware.yml @@ -51,7 +51,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Package uses: ./.github/actions/package @@ -80,7 +80,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -104,7 +104,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery diff --git a/.github/workflows/docker-builder-packaging-plugins.yml b/.github/workflows/docker-builder-packaging-plugins.yml index c7f4fea52..dd95281c6 100644 --- a/.github/workflows/docker-builder-packaging-plugins.yml +++ b/.github/workflows/docker-builder-packaging-plugins.yml @@ -42,25 +42,25 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Login to Registry - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }} username: ${{ secrets.DOCKER_REGISTRY_ID }} password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} - name: Login to proxy registry - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ${{ vars.DOCKER_PROXY_REGISTRY_URL }} username: ${{ secrets.DOCKER_REGISTRY_ID }} password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} - - uses: docker/setup-buildx-action@v2 + - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 - - uses: docker/build-push-action@v3 + - uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: file: .github/docker/Dockerfile.${{ matrix.dockerfile }} context: . diff --git a/.github/workflows/get-environment.yml b/.github/workflows/get-environment.yml index b432b4a2b..3ae9be4ae 100644 --- a/.github/workflows/get-environment.yml +++ b/.github/workflows/get-environment.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - id: get_environment run: | diff --git a/.github/workflows/nrpe.yml b/.github/workflows/nrpe.yml index 64fdb4687..b76e986cc 100644 --- a/.github/workflows/nrpe.yml +++ b/.github/workflows/nrpe.yml @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download nrpe sources run: | @@ -118,7 +118,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -140,7 +140,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery diff --git a/.github/workflows/perl-cpan-libraries.yml b/.github/workflows/perl-cpan-libraries.yml index 84bd8939a..d2b9bbaff 100644 --- a/.github/workflows/perl-cpan-libraries.yml +++ b/.github/workflows/perl-cpan-libraries.yml @@ -162,7 +162,7 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - if: ${{ contains(matrix.build_distribs, matrix.distrib) && matrix.package_extension == 'rpm' }} run: | @@ -255,7 +255,7 @@ jobs: DEB_BUILD_OPTIONS="nocheck nodocs notest" dh-make-perl make --build $PACKAGE_VERSION --cpan ${{ matrix.name }} shell: bash - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.package_extension }}-${{ matrix.distrib }} path: ./*.${{ matrix.package_extension }} @@ -280,9 +280,9 @@ jobs: - run: apt-get install -y zstd shell: bash - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: packages-rpm-${{ matrix.distrib }} path: ./ @@ -293,7 +293,7 @@ jobs: - run: rpmsign --addsign ./*.rpm shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: ${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -302,12 +302,12 @@ jobs: needs: [package] runs-on: ubuntu-22.04 steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: packages-deb-bullseye path: ./ - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.deb key: ${{ github.sha }}-${{ github.run_id }}-deb-bullseye @@ -323,7 +323,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -345,7 +345,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -366,7 +366,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-crypt-argon2.yml b/.github/workflows/perl-crypt-argon2.yml index 04740a534..2706c1b74 100644 --- a/.github/workflows/perl-crypt-argon2.yml +++ b/.github/workflows/perl-crypt-argon2.yml @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install locally Crypt::Argon2 run: | @@ -118,7 +118,7 @@ jobs: # set condition to true if artifacts are needed - if: ${{ false }} name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }}-${{ matrix.arch }} path: ./*.${{ matrix.package_extension}} @@ -137,7 +137,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -165,7 +165,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -194,7 +194,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} ${{ matrix.arch }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-filesys-smbclient.yml b/.github/workflows/perl-filesys-smbclient.yml index 122fcc680..9d92daf0c 100644 --- a/.github/workflows/perl-filesys-smbclient.yml +++ b/.github/workflows/perl-filesys-smbclient.yml @@ -42,7 +42,7 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | yum install -y yum-utils @@ -61,7 +61,7 @@ jobs: cp -r ~/rpmbuild/RPMS/x86_64/*.rpm . shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: unsigned-${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -90,9 +90,9 @@ jobs: apt-get install -y zstd shell: bash - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: unsigned-${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -103,7 +103,7 @@ jobs: - run: rpmsign --addsign ./*.rpm shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: ${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -126,7 +126,7 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | apt update @@ -138,7 +138,7 @@ jobs: DEB_BUILD_OPTIONS="nocheck nodocs notest noautodbgsym" dh-make-perl make --verbose --build --version 4.0-${{ matrix.distrib }} perl-filesys-smbclient/ shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.deb key: ${{ github.sha }}-${{ github.run_id }}-deb-${{ matrix.distrib }} @@ -154,7 +154,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -176,7 +176,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -197,7 +197,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-json-path.yml b/.github/workflows/perl-json-path.yml index 29fc80b66..251be4850 100644 --- a/.github/workflows/perl-json-path.yml +++ b/.github/workflows/perl-json-path.yml @@ -51,7 +51,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install locally JSON::Path run: | @@ -108,7 +108,7 @@ jobs: # set condition to true if artifacts are needed - if: ${{ false }} name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }} path: ./*.${{ matrix.package_extension}} @@ -127,7 +127,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -152,7 +152,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -173,7 +173,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-keepass-reader.yml b/.github/workflows/perl-keepass-reader.yml index f551f9a9c..f0fb14c34 100644 --- a/.github/workflows/perl-keepass-reader.yml +++ b/.github/workflows/perl-keepass-reader.yml @@ -42,7 +42,7 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | yum install -y make perl perl-devel perl-ExtUtils-MakeMaker @@ -57,7 +57,7 @@ jobs: cp -r ~/rpmbuild/RPMS/noarch/*.rpm . shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: unsigned-${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -86,9 +86,9 @@ jobs: apt-get install -y zstd shell: bash - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: unsigned-${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -99,12 +99,12 @@ jobs: - run: rpmsign --addsign ./*.rpm shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: ${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }} path: ./*.rpm @@ -128,7 +128,7 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | apt update @@ -140,12 +140,12 @@ jobs: DEB_BUILD_OPTIONS="nocheck nodocs notest noautodbgsym" dh-make-perl make -p libkeepass-reader-perl --verbose --build --version 0.2-${{ matrix.distrib }} perl-keepass-reader/ shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.deb key: ${{ github.sha }}-${{ github.run_id }}-deb-${{ matrix.distrib }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }} path: ./*.deb @@ -162,7 +162,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -184,7 +184,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -205,7 +205,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-libssh-session.yml b/.github/workflows/perl-libssh-session.yml index 7262fd592..b50b85779 100644 --- a/.github/workflows/perl-libssh-session.yml +++ b/.github/workflows/perl-libssh-session.yml @@ -62,7 +62,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install locally Libssh::Session run: | @@ -116,7 +116,7 @@ jobs: # set condition to true if artifacts are needed - if: ${{ false }} name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }}-${{ matrix.arch }} path: ./*.${{ matrix.package_extension}} @@ -135,7 +135,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -163,7 +163,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -192,7 +192,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} ${{ matrix.arch }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-net-curl.yml b/.github/workflows/perl-net-curl.yml index 3c7641893..ac184b3cd 100644 --- a/.github/workflows/perl-net-curl.yml +++ b/.github/workflows/perl-net-curl.yml @@ -62,7 +62,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install locally Net::Curl run: | @@ -116,7 +116,7 @@ jobs: # set condition to true if artifacts are needed - if: ${{ false }} name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }}-${{ matrix.arch }} path: ./*.${{ matrix.package_extension}} @@ -135,7 +135,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -163,7 +163,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -192,7 +192,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} ${{ matrix.arch }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/perl-openwsman.yml b/.github/workflows/perl-openwsman.yml index a3c479916..82ed23b6e 100644 --- a/.github/workflows/perl-openwsman.yml +++ b/.github/workflows/perl-openwsman.yml @@ -64,7 +64,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install locally sblim-sfcc run: | @@ -180,7 +180,7 @@ jobs: # set condition to true if artifacts are needed - if: ${{ false }} name: Upload package artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }}-${{ matrix.arch }} path: ./*.${{ matrix.package_extension}} @@ -199,7 +199,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery libwsman uses: ./.github/actions/rpm-delivery @@ -236,7 +236,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery sblim-sfcc uses: ./.github/actions/deb-delivery @@ -283,7 +283,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote sblim-sfcc ${{ matrix.distrib }} ${{ matrix.arch }} to stable if: ${{ matrix.distrib == 'bullseye' }} diff --git a/.github/workflows/perl-vmware-vsphere.yml b/.github/workflows/perl-vmware-vsphere.yml index d0623409e..b1847e802 100644 --- a/.github/workflows/perl-vmware-vsphere.yml +++ b/.github/workflows/perl-vmware-vsphere.yml @@ -39,7 +39,7 @@ jobs: shell: bash - name: Cache vsphere cli sources - uses: actions/cache/save@v3 + uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: vmware-vsphere-cli-distrib key: ${{ github.sha }}-${{ github.run_id }}-sources-perl-vmware-vsphere @@ -71,10 +71,10 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Import source files - uses: actions/cache/restore@v3 + uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: vmware-vsphere-cli-distrib key: ${{ github.sha }}-${{ github.run_id }}-sources-perl-vmware-vsphere @@ -105,7 +105,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -129,7 +129,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery diff --git a/.github/workflows/plink.yml b/.github/workflows/plink.yml index 600953aa0..ff5429a78 100644 --- a/.github/workflows/plink.yml +++ b/.github/workflows/plink.yml @@ -41,7 +41,7 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_PASSWD }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: | yum install -y wget gcc make @@ -55,7 +55,7 @@ jobs: cp -r ~/rpmbuild/RPMS/x86_64/*.rpm . shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: unsigned-${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -84,9 +84,9 @@ jobs: apt-get install -y zstd shell: bash - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: unsigned-${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} @@ -97,12 +97,12 @@ jobs: - run: rpmsign --addsign ./*.rpm shell: bash - - uses: actions/cache@v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./*.rpm key: ${{ github.sha }}-${{ github.run_id }}-rpm-${{ matrix.distrib }} - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: packages-${{ matrix.distrib }} path: ./*.rpm @@ -119,7 +119,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -140,7 +140,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Promote ${{ matrix.distrib }} to stable uses: ./.github/actions/promote-to-stable diff --git a/.github/workflows/plugin-delivery.yml b/.github/workflows/plugin-delivery.yml index ea2d91bdc..e528995fd 100644 --- a/.github/workflows/plugin-delivery.yml +++ b/.github/workflows/plugin-delivery.yml @@ -28,9 +28,9 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/cache/restore@v3 + - uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./build/ key: fatpacked-plugins-${{ github.sha }}-${{ github.run_id }} @@ -56,7 +56,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery @@ -78,7 +78,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery-legacy @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery @@ -122,7 +122,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/deb-delivery-legacy @@ -140,7 +140,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Push git release tag run: | diff --git a/.github/workflows/plugins-selinux.yml b/.github/workflows/plugins-selinux.yml index ab83e5049..4a771a394 100644 --- a/.github/workflows/plugins-selinux.yml +++ b/.github/workflows/plugins-selinux.yml @@ -45,7 +45,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Generate selinux binary run: | @@ -79,7 +79,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Delivery uses: ./.github/actions/rpm-delivery diff --git a/.github/workflows/plugins.yml b/.github/workflows/plugins.yml index c9f14b37b..274f6280f 100644 --- a/.github/workflows/plugins.yml +++ b/.github/workflows/plugins.yml @@ -29,15 +29,15 @@ jobs: outputs: plugins: ${{ steps.get_plugins.outputs.plugins }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: '3.9' - - uses: dorny/paths-filter@v2 + - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 id: filter with: base: ${{ github.ref }} @@ -88,7 +88,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 1 @@ -104,7 +104,7 @@ jobs: COMMIT=$(git log -1 HEAD --pretty=format:%h) perl .github/scripts/plugins-source.container.pl "${{ needs.get-plugins.outputs.plugins }}" "${{ needs.get-environment.outputs.version }} ($COMMIT)" - - uses: actions/cache/save@v3 + - uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./build/ key: fatpacked-plugins-${{ github.sha }}-${{ github.run_id }} @@ -141,13 +141,13 @@ jobs: steps: - name: Checkout sources if: ${{ matrix.distrib == 'el7' }} - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Checkout sources if: ${{ matrix.distrib != 'el7' }} - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actions/cache/restore@v3 + - uses: actions/cache/restore@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ./build/ key: fatpacked-plugins-${{ github.sha }}-${{ github.run_id }} diff --git a/.github/workflows/tests-functional.yml b/.github/workflows/tests-functional.yml index 07eebf720..a3d2f13e6 100644 --- a/.github/workflows/tests-functional.yml +++ b/.github/workflows/tests-functional.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install libs run: | @@ -28,7 +28,7 @@ jobs: sudo apt-get install -qqy snmpsim - name: Install Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 with: node-version: 16 @@ -50,7 +50,7 @@ jobs: XML::LibXML - name: Install Python - uses: actions/setup-python@v4 + uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: '3.11'