diff --git a/.github/workflows/bootstrap.yaml b/.github/workflows/bootstrap.yaml
index 79c0551181f0eea6f880a8c4d296b847b7a31808..f1af6800240c134ad52840fe5220f099c900e89e 100644
--- a/.github/workflows/bootstrap.yaml
+++ b/.github/workflows/bootstrap.yaml
@@ -12,16 +12,16 @@ jobs:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Restore Go cache
- uses: actions/cache@v1
+ uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go1.18-
- name: Setup Go
- uses: actions/setup-go@v2
+ uses: actions/setup-go@v3
with:
go-version: 1.18.x
- name: Setup Kubernetes
diff --git a/.github/workflows/e2e-arm64.yaml b/.github/workflows/e2e-arm64.yaml
index 38460402e0ad981c7d5b448c33aa2580ea4e66e1..62a886ac80bfdfb40f4d8d8dcbbe3f45ffedb488 100644
--- a/.github/workflows/e2e-arm64.yaml
+++ b/.github/workflows/e2e-arm64.yaml
@@ -12,9 +12,9 @@ jobs:
runs-on: [self-hosted, Linux, ARM64, equinix]
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Setup Go
- uses: actions/setup-go@v2
+ uses: actions/setup-go@v3
with:
go-version: 1.18.x
- name: Prepare
diff --git a/.github/workflows/e2e-azure.yaml b/.github/workflows/e2e-azure.yaml
index 0d5c0081a3341548d7fa52da1b3d1ec391fbbae0..6b02880b64750634beee42b558f0670bec3ea3d0 100644
--- a/.github/workflows/e2e-azure.yaml
+++ b/.github/workflows/e2e-azure.yaml
@@ -12,9 +12,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Restore Go cache
- uses: actions/cache@v1
+ uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 1a0586681d1c5e779a503a01b1e62de1b59a99f6..14c38578a720bb1e24dbfe65e2bc04313d35f36a 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -11,16 +11,16 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Restore Go cache
- uses: actions/cache@v1
+ uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go1.18-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go1.18-
- name: Setup Go
- uses: actions/setup-go@v2
+ uses: actions/setup-go@v3
with:
go-version: 1.18.x
- name: Setup Kubernetes
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 65a7d2605e5747b6dbb54939f4f9eadacfea73a3..0d95facd28817b72759d032b5d1fca547d419883 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -14,18 +14,18 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Unshallow
run: git fetch --prune --unshallow
- name: Setup Go
- uses: actions/setup-go@v2
+ uses: actions/setup-go@v3
with:
go-version: 1.18.x
- name: Setup QEMU
- uses: docker/setup-qemu-action@v1
+ uses: docker/setup-qemu-action@v2
- name: Setup Docker Buildx
id: buildx
- uses: docker/setup-buildx-action@v1
+ uses: docker/setup-buildx-action@v2
- name: Setup Syft
uses: anchore/sbom-action/download-syft@v0
- name: Setup Cosign
@@ -33,13 +33,13 @@ jobs:
- name: Setup Kustomize
uses: fluxcd/pkg//actions/kustomize@main
- name: Login to GitHub Container Registry
- uses: docker/login-action@v1
+ uses: docker/login-action@v2
with:
registry: ghcr.io
username: fluxcdbot
password: ${{ secrets.GHCR_TOKEN }}
- name: Login to Docker Hub
- uses: docker/login-action@v1
+ uses: docker/login-action@v2
with:
username: fluxcdbot
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
@@ -73,7 +73,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run GoReleaser
- uses: goreleaser/goreleaser-action@v1
+ uses: goreleaser/goreleaser-action@v3
with:
version: latest
args: release --release-notes=output/notes.md --skip-validate
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index 9e1cc45b4e80485ec5c03b94cafdf5180fbf1b25..682c4e1bdcfce84ac290a9603e19a68780a5bd7f 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -1,4 +1,4 @@
-name: Scan
+name: scan
on:
push:
@@ -8,12 +8,16 @@ on:
schedule:
- cron: '18 10 * * 3'
+permissions:
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for codeQL to write security events
+
jobs:
fossa:
name: FOSSA
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- name: Run FOSSA scan and upload build data
uses: fossa-contrib/fossa-action@v1
with:
@@ -26,7 +30,7 @@ jobs:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- name: Setup Kustomize
uses: fluxcd/pkg//actions/kustomize@main
- name: Build manifests
@@ -49,12 +53,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Initialize CodeQL
- uses: github/codeql-action/init@v1
+ uses: github/codeql-action/init@v2
with:
languages: go
- name: Autobuild
- uses: github/codeql-action/autobuild@v1
+ uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
+ uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
index ab5732e6a3ced29ad70f489eec67d3549b7f9519..b557ffc3593229e983056ce75c6c4f5b243de54e 100644
--- a/.github/workflows/update.yaml
+++ b/.github/workflows/update.yaml
@@ -12,9 +12,9 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Setup Go
- uses: actions/setup-go@v2
+ uses: actions/setup-go@v3
with:
go-version: 1.18.x
- name: Update component versions