mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

feat: pin dependencies in gh actions (#2952)

Browse source 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
Shubham Palriwala 2022-01-13 10:53:05 +05:30 committed by GitHub
parent 59d4cf8c0b
commit 1257388b97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 81 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
.github/workflows/build.yaml vendored
View file

@ -12,18 +12,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -51,7 +51,7 @@ jobs:
fi
- name: golangci-lint
uses: reviewdog/action-golangci-lint@v1
uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # v1.25.0
- name: Checking unused pkgs using go mod tidy
run: |
@ -62,18 +62,18 @@ jobs:
needs: pre-checks
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -81,7 +81,7 @@ jobs:
${{ runner.os }}-go-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -95,18 +95,18 @@ jobs:
needs: pre-checks
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -114,7 +114,7 @@ jobs:
${{ runner.os }}-go-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -124,7 +124,7 @@ jobs:
make docker-build-kyverno
- name: Trivy Scan Image
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
with:
scan-type: 'fs'
format: 'table'
@ -138,18 +138,18 @@ jobs:
needs: pre-checks
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -157,7 +157,7 @@ jobs:
${{ runner.os }}-go-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -171,18 +171,18 @@ jobs:
needs: pre-checks
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}

12
.github/workflows/e2e.yaml vendored
View file

@ -22,26 +22,26 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Set up Helm
uses: azure/setup-helm@v1
uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1
with:
version: v3.5.0
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.0.1
uses: helm/chart-testing-action@b0d4458c71155b54fcf33e11dd465dc923550009 # v2.0.1
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -80,7 +80,7 @@ jobs:
fi
- name: golangci-lint
uses: reviewdog/action-golangci-lint@v1
uses: reviewdog/action-golangci-lint@02bcf8c1a9febe8620f1ca523b18dd64f82296db # v1.25.0
- name: docker images build (AMD64)
run: |

4
.github/workflows/fossa.yml vendored
View file

@ -9,8 +9,8 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: "^1.16.x"
- run: go version

12
.github/workflows/helm-release.yaml vendored
View file

@ -9,17 +9,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- uses: actions/setup-python@v2
- uses: actions/setup-python@f38219332975fe8f9c04cca981d674bf22aea1d3 # v2.3.1
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.0.1
uses: helm/chart-testing-action@b0d4458c71155b54fcf33e11dd465dc923550009 # v2.0.1
- name: Run chart-testing (lint)
run: ct lint --target-branch=main --check-version-increment=false
@ -29,17 +29,17 @@ jobs:
needs: helm-tests
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
fetch-depth: 0
- name: Install Helm
uses: azure/setup-helm@v1
uses: azure/setup-helm@18bc76811624f360dbd7f18c2d4ecb32c7b87bab # v1.1
with:
version: v3.4.1
- name: Run chart-releaser
uses: stefanprodan/helm-gh-pages@v1.4.1
uses: stefanprodan/helm-gh-pages@f1701eb82e4d4b82016e7965501c8b6d79feaec9 #v1.4.1
with:
token: "${{ secrets.GITHUB_TOKEN }}"
linting: off

6
.github/workflows/helm-test.yaml vendored
View file

@ -12,17 +12,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- uses: actions/setup-python@v2
- uses: actions/setup-python@f38219332975fe8f9c04cca981d674bf22aea1d3 # v2.3.1
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.0.1
uses: helm/chart-testing-action@b0d4458c71155b54fcf33e11dd465dc923550009 # v2.0.1
- name: Run chart-testing (lint)
run: ct lint --target-branch=main --check-version-increment=false

24
.github/workflows/image.yaml vendored
View file

@ -13,18 +13,18 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
cosign-release: 'v1.4.1'
@ -32,7 +32,7 @@ jobs:
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -65,18 +65,18 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
cosign-release: 'v1.4.1'
@ -84,7 +84,7 @@ jobs:
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -116,18 +116,18 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
cosign-release: 'v1.4.1'
@ -135,7 +135,7 @@ jobs:
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true

64
.github/workflows/release.yaml vendored
View file

@ -12,22 +12,22 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
cosign-release: 'v1.4.1'
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -35,16 +35,16 @@ jobs:
${{ runner.os }}-go-
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- uses: creekorful/goreportcard-action@v1.0
- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
- name: login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -81,22 +81,22 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
cosign-release: 'v1.4.1'
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -104,16 +104,16 @@ jobs:
${{ runner.os }}-go-
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- uses: creekorful/goreportcard-action@v1.0
- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
- name: login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -124,12 +124,12 @@ jobs:
echo "KYVERNO_VERSION=$(git describe --match "v[0-9]*")" >> $GITHUB_ENV
- name: Generate SBOM JSON
uses: CycloneDX/gh-gomod-generate-sbom@v1
uses: CycloneDX/gh-gomod-generate-sbom@c18e41a4e3defe6dbf69b594e4d831a89db82ead # v1.0.0
with:
version: v1
args: mod -licenses -json -output kyverno-v${{ env.KYVERNO_VERSION }}-bom.cdx.json
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
with:
name: kyverno-bom-cdx
path: kyverno-v*-bom.cdx.json
@ -156,7 +156,7 @@ jobs:
cosign attach sbom -sbom ./*-bom.cdx.json -type cyclonedx ghcr.io/kyverno/sbom:latest
- name: Trivy Scan Image
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
with:
image-ref: 'ghcr.io/kyverno/kyverno:${{env.KYVERNO_VERSION}}'
format: 'table'
@ -173,22 +173,22 @@ jobs:
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
cosign-release: 'v1.4.1'
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -196,16 +196,16 @@ jobs:
${{ runner.os }}-go-
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- uses: creekorful/goreportcard-action@v1.0
- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
- name: login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
id: buildx
with:
install: true
@ -245,27 +245,27 @@ jobs:
run: echo ::set-output name=version::${GITHUB_REF#refs/*/}
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- name: Cache Go modules
uses: actions/cache@v1
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
with:
go-version: 1.16
- uses: creekorful/goreportcard-action@v1.0
- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
- name: Make Release
env:
@ -277,7 +277,7 @@ jobs:
cat release/release-notes.out
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
uses: goreleaser/goreleaser-action@5df302e5e9e4c66310a6b6493a8865b12c555af2 #v2.8.0
with:
version: latest
args: release --rm-dist --debug --release-notes=release/release-notes.out
@ -290,7 +290,7 @@ jobs:
- create-release
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- name: Unshallow
run: git fetch --prune --unshallow
@ -304,4 +304,4 @@ jobs:
- name: Update new version in krew-index
if: steps.check-tag.outputs.match == 'true'
uses: rajatjindal/krew-release-bot@v0.0.38
uses: rajatjindal/krew-release-bot@3320c0b546b5d2320613c46762bd3f73e2801bdc # v0.0.38