diff --git a/.github/actions/authenticate-ghcr/action.yaml b/.github/actions/authenticate-ghcr/action.yaml index 4509fadabf5d..3251ef74e552 100644 --- a/.github/actions/authenticate-ghcr/action.yaml +++ b/.github/actions/authenticate-ghcr/action.yaml @@ -11,7 +11,7 @@ runs: using: "composite" steps: - name: Login to GitHub Container Registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ghcr.io username: ${{ inputs.actor }} diff --git a/.github/actions/e2e/cleanup/action.yaml b/.github/actions/e2e/cleanup/action.yaml index 8db0b5f83dc3..af7ce12be260 100644 --- a/.github/actions/e2e/cleanup/action.yaml +++ b/.github/actions/e2e/cleanup/action.yaml @@ -21,7 +21,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - uses: ./.github/actions/e2e/install-eksctl @@ -31,7 +31,7 @@ runs: shell: bash run: | eksctl delete cluster --name ${{ inputs.cluster_name }} --timeout 60m --wait || true - - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: test/hack/resource/go.mod cache-dependency-path: test/hack/resource/go.sum diff --git a/.github/actions/e2e/install-karpenter/action.yaml b/.github/actions/e2e/install-karpenter/action.yaml index ba5bc9b900fd..99bdad00b2d4 100644 --- a/.github/actions/e2e/install-karpenter/action.yaml +++ b/.github/actions/e2e/install-karpenter/action.yaml @@ -27,7 +27,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - uses: ./.github/actions/e2e/install-helm @@ -40,7 +40,7 @@ runs: kubectl label ns karpenter scrape=enabled --overwrite=true kubectl label ns karpenter pod-security.kubernetes.io/enforce=restricted --overwrite=true - name: login to ecr via docker - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ${{ inputs.ecr_account_id }}.dkr.ecr.${{ inputs.ecr_region }}.amazonaws.com logout: true @@ -48,7 +48,7 @@ runs: shell: bash run: | aws eks update-kubeconfig --name "${{ inputs.cluster_name }}" - + # Parse minor version to determine whether to enable the webhooks VERSION=${{ inputs.k8s_version }} RELEASE_VERSION_MINOR="${VERSION#*.}" @@ -56,7 +56,7 @@ runs: if (( RELEASE_VRESION_MINOR < 25 )); then WEBHOOK_ENABLED=true fi - + helm upgrade --install karpenter oci://${{ inputs.ecr_account_id }}.dkr.ecr.${{ inputs.ecr_region }}.amazonaws.com/karpenter/snapshot/karpenter \ -n kube-system \ --version "v0-$(git rev-parse HEAD)" \ diff --git a/.github/actions/e2e/install-prometheus/action.yaml b/.github/actions/e2e/install-prometheus/action.yaml index 93b7281dd148..b5e31525bd28 100644 --- a/.github/actions/e2e/install-prometheus/action.yaml +++ b/.github/actions/e2e/install-prometheus/action.yaml @@ -21,7 +21,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - uses: ./.github/actions/e2e/install-helm diff --git a/.github/actions/e2e/setup-cluster/action.yaml b/.github/actions/e2e/setup-cluster/action.yaml index 2bdcd853c282..029d03ecf90a 100644 --- a/.github/actions/e2e/setup-cluster/action.yaml +++ b/.github/actions/e2e/setup-cluster/action.yaml @@ -43,7 +43,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - uses: ./.github/actions/e2e/install-eksctl diff --git a/.github/actions/e2e/slack/notify/action.yaml b/.github/actions/e2e/slack/notify/action.yaml index ba715ed3d3a9..8ee4e14f5f50 100644 --- a/.github/actions/e2e/slack/notify/action.yaml +++ b/.github/actions/e2e/slack/notify/action.yaml @@ -14,7 +14,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - id: get-run-name diff --git a/.github/actions/e2e/upgrade-crds/action.yaml b/.github/actions/e2e/upgrade-crds/action.yaml index e53bd336e40e..0789baa43eca 100644 --- a/.github/actions/e2e/upgrade-crds/action.yaml +++ b/.github/actions/e2e/upgrade-crds/action.yaml @@ -24,7 +24,7 @@ runs: role-to-assume: arn:aws:iam::${{ inputs.account_id }}:role/${{ inputs.role }} aws-region: ${{ inputs.region }} role-duration-seconds: 21600 - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - name: install-karpenter diff --git a/.github/actions/install-deps/action.yaml b/.github/actions/install-deps/action.yaml index 2ea9edf00b91..1203196adb4f 100644 --- a/.github/actions/install-deps/action.yaml +++ b/.github/actions/install-deps/action.yaml @@ -7,7 +7,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: go.mod check-latest: true @@ -15,7 +15,7 @@ runs: # Root path permission workaround for caching https://github.com/actions/cache/issues/845#issuecomment-1252594999 - run: sudo chown "$USER" /usr/local shell: bash - - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3 + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 id: cache-toolchain with: path: | diff --git a/.github/workflows/approval-comment.yaml b/.github/workflows/approval-comment.yaml index 5bac480ac7ac..6d4625bd59bc 100644 --- a/.github/workflows/approval-comment.yaml +++ b/.github/workflows/approval-comment.yaml @@ -7,7 +7,7 @@ jobs: if: startsWith(github.event.review.body, '/karpenter snapshot') || startsWith(github.event.review.body, '/karpenter scale') || startsWith(github.event.review.body, '/karpenter versionCompatibility') runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Save info about the review comment as an artifact for other workflows that run on workflow_run to download them @@ -17,7 +17,7 @@ jobs: mkdir -p /tmp/artifacts { echo "$REVIEW_BODY"; echo ${{ github.event.pull_request.number }}; echo ${{ github.event.review.commit_id }}; } >> /tmp/artifacts/metadata.txt cat /tmp/artifacts/metadata.txt - - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: artifacts path: /tmp/artifacts diff --git a/.github/workflows/ci-test.yaml b/.github/workflows/ci-test.yaml index 13a0092c39c4..8c46f1416c08 100644 --- a/.github/workflows/ci-test.yaml +++ b/.github/workflows/ci-test.yaml @@ -13,7 +13,7 @@ jobs: matrix: k8sVersion: ["1.23.x", "1.24.x", "1.25.x", "1.26.x", "1.27.x", "1.28.x"] steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps with: k8sVersion: ${{ matrix.k8sVersion }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7f7b827fe6c9..a967a8521f7d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,7 +10,7 @@ jobs: ci: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps - name: Enable the actionlint matcher run: echo "::add-matcher::.github/actionlint-matcher.json" diff --git a/.github/workflows/codegen.yaml b/.github/workflows/codegen.yaml index f8485cd71323..014cbd590f63 100644 --- a/.github/workflows/codegen.yaml +++ b/.github/workflows/codegen.yaml @@ -11,7 +11,7 @@ jobs: if: github.repository == 'aws/karpenter-provider-aws' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps - run: | git config user.name "APICodeGen" diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index fee81ff414f1..87fe878f8049 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -21,11 +21,11 @@ jobs: language: [ 'go' ] steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps - run: make vulncheck - - uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2 + - uses: github/codeql-action/init@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 with: languages: ${{ matrix.language }} - - uses: github/codeql-action/autobuild@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2 - - uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2 + - uses: github/codeql-action/autobuild@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 + - uses: github/codeql-action/analyze@df32e399139a3050671466d7d9b3cbacc1cfd034 # v2.22.8 diff --git a/.github/workflows/deflake.yaml b/.github/workflows/deflake.yaml index 960f71031236..1fba63ef89d1 100644 --- a/.github/workflows/deflake.yaml +++ b/.github/workflows/deflake.yaml @@ -8,7 +8,7 @@ jobs: if: github.repository == 'aws/karpenter-provider-aws' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps - name: Running tests 5 times to find flaky tests id: run-deflake diff --git a/.github/workflows/docgen.yaml b/.github/workflows/docgen.yaml index b22c9db43752..a7d1e8b462ef 100644 --- a/.github/workflows/docgen.yaml +++ b/.github/workflows/docgen.yaml @@ -11,7 +11,7 @@ jobs: if: github.repository == 'aws/karpenter-provider-aws' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/install-deps - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: diff --git a/.github/workflows/e2e-cleanup.yaml b/.github/workflows/e2e-cleanup.yaml index 3705bb4e3cca..66fe2ae829ca 100644 --- a/.github/workflows/e2e-cleanup.yaml +++ b/.github/workflows/e2e-cleanup.yaml @@ -21,7 +21,7 @@ jobs: name: cleanup-${{ inputs.cluster_name }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - name: configure aws credentials diff --git a/.github/workflows/e2e-upgrade.yaml b/.github/workflows/e2e-upgrade.yaml index 9d4a7ceb2198..74e9458182e0 100644 --- a/.github/workflows/e2e-upgrade.yaml +++ b/.github/workflows/e2e-upgrade.yaml @@ -57,7 +57,7 @@ jobs: runs-on: ubuntu-latest steps: # This additional checkout can be removed when the commit status action is added to the from_git_ref version of Karpenter - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.to_git_ref }} - if: always() && github.event_name == 'workflow_run' @@ -66,7 +66,7 @@ jobs: name: ${{ github.workflow }} (${{ inputs.k8s_version }}) / e2e (Upgrade) git_ref: ${{ inputs.to_git_ref }} - uses: ./.github/actions/install-deps - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.from_git_ref }} - name: configure aws credentials @@ -96,7 +96,7 @@ jobs: ecr_region: ${{ vars.ECR_REGION }} prometheus_workspace_id: ${{ vars.WORKSPACE_ID }} prometheus_region: ${{ vars.PROMETHEUS_REGION }} - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.to_git_ref }} - name: upgrade eks cluster '${{ steps.generate-cluster-name.outputs.CLUSTER_NAME }}' diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index bbd387d37438..65fe2df1b1bb 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -75,7 +75,7 @@ jobs: name: suite-${{ inputs.suite }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ inputs.git_ref }} - if: always() && github.event_name == 'workflow_run' diff --git a/.github/workflows/pr-snapshot.yaml b/.github/workflows/pr-snapshot.yaml index 350cadd00bfa..ce502aefee30 100644 --- a/.github/workflows/pr-snapshot.yaml +++ b/.github/workflows/pr-snapshot.yaml @@ -12,7 +12,7 @@ jobs: if: github.event.workflow_run.conclusion == 'success' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: ./.github/actions/download-artifact - id: metadata run: | @@ -20,7 +20,7 @@ jobs: pr_commit="$(tail -n 1 /tmp/artifacts/metadata.txt)" echo PR_COMMIT="$pr_commit" >> "$GITHUB_OUTPUT" echo PR_NUMBER="$pr_number" >> "$GITHUB_OUTPUT" - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ steps.metadata.outputs.PR_COMMIT }} - uses: ./.github/actions/commit-status/start diff --git a/.github/workflows/publish-test-tools.yaml b/.github/workflows/publish-test-tools.yaml index 6ad6baf5adae..41429d121df7 100644 --- a/.github/workflows/publish-test-tools.yaml +++ b/.github/workflows/publish-test-tools.yaml @@ -16,7 +16,7 @@ jobs: if: github.repository == 'aws/karpenter-provider-aws' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - uses: ./.github/actions/install-deps diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 0c129eeb9bac..19d9c1d87461 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -16,7 +16,7 @@ jobs: if: github.repository == 'aws/karpenter-provider-aws' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - name: Create GitHub Release diff --git a/.github/workflows/resolve-args.yaml b/.github/workflows/resolve-args.yaml index 2f44ab644069..0c4a19b87921 100644 --- a/.github/workflows/resolve-args.yaml +++ b/.github/workflows/resolve-args.yaml @@ -19,7 +19,7 @@ jobs: steps: # Download the artifact and resolve the commit if initiated by PR snapshot # Otherwise, use the currently checked-out branch to run the E2E tests against - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - if: github.event_name == 'workflow_run' uses: ./.github/actions/download-artifact - id: resolve-step diff --git a/.github/workflows/resource-count.yaml b/.github/workflows/resource-count.yaml index 18e7d19e0658..33d3fa9a7461 100644 --- a/.github/workflows/resource-count.yaml +++ b/.github/workflows/resource-count.yaml @@ -14,13 +14,13 @@ jobs: region: [us-east-2, us-west-2, eu-west-1] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: configure aws credentials uses: aws-actions/configure-aws-credentials@v4.0.1 with: role-to-assume: arn:aws:iam::${{ vars.ACCOUNT_ID }}:role/${{ vars.ROLE_NAME }} aws-region: ${{ matrix.region }} - - uses: actions/setup-go@v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: test/hack/resource/go.mod check-latest: true diff --git a/.github/workflows/snapshot.yaml b/.github/workflows/snapshot.yaml index 52c40a30f071..905312610b30 100644 --- a/.github/workflows/snapshot.yaml +++ b/.github/workflows/snapshot.yaml @@ -11,7 +11,7 @@ jobs: if: github.repository == 'aws/karpenter-provider-aws' runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - uses: ./.github/actions/install-deps diff --git a/.github/workflows/sweeper.yaml b/.github/workflows/sweeper.yaml index cc441413eaad..2a190f513614 100644 --- a/.github/workflows/sweeper.yaml +++ b/.github/workflows/sweeper.yaml @@ -14,13 +14,13 @@ jobs: region: [us-east-2, us-west-2, eu-west-1] runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: configure aws credentials uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 with: role-to-assume: arn:aws:iam::${{ vars.ACCOUNT_ID }}:role/${{ vars.ROLE_NAME }} aws-region: ${{ matrix.region }} - - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: test/hack/resource/go.mod check-latest: true