From 72f8e70b5d41952c77d203fccf3bb56968e95b1b Mon Sep 17 00:00:00 2001 From: Timo Behrendt Date: Sat, 14 Feb 2026 19:28:18 +0100 Subject: [PATCH] ci: pin various actions to a proper semver version (#49) Reviewed-on: https://gitea.t000-n.de/t.behrendt/k/pulls/49 Co-authored-by: Timo Behrendt Co-committed-by: Timo Behrendt --- .gitea/workflows/deploy.yaml | 44 +++++++++++++++++----------------- .gitea/workflows/validate.yaml | 28 +++++++++++----------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 251f71e..e1a6533 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -15,10 +15,10 @@ jobs: traefik: ${{ steps.filter.outputs.traefik }} crowdsec: ${{ steps.filter.outputs.crowdsec }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter with: filters: | @@ -36,9 +36,9 @@ jobs: needs: check-changes if: ${{ needs.check-changes.outputs.node-labels == 'true' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} @@ -51,9 +51,9 @@ jobs: needs: check-changes if: ${{ needs.check-changes.outputs.coredns == 'true' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} @@ -69,14 +69,14 @@ jobs: needs: check-changes if: ${{ needs.check-changes.outputs.traefik == 'true' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} - name: Set ionos api credentials - uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5 + uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1 with: namespace: kube-system secret-name: ionos-api-credentials @@ -86,7 +86,7 @@ jobs: "apiKey": "${{ secrets.IONOS_API_KEY }}" } - name: Set admin basic auth credentials - uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5 + uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1 with: namespace: kube-system secret-name: admin-basic-auth-credentials @@ -96,7 +96,7 @@ jobs: "auth": "${{ secrets.ADMIN_BASIC_AUTH_CREDENTIALS }}" } - name: Set crowdsec bouncer api key - uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5 + uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1 with: namespace: kube-system secret-name: crowdsec-bouncer-api-key @@ -118,21 +118,21 @@ jobs: needs: check-changes if: ${{ needs.check-changes.outputs.crowdsec == 'true' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@v0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: https://gitea.t000-n.de/t.behrendt/k_deploy_workflows/.gitea/actions/extract-namespace-from-repo-name@0.0.2 id: namespace with: repo: ${{ github.repository }} - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: version: "3.15.0" - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} - name: Deploy helm - uses: helmfile/helmfile-action@37b026692c13757b2852cd7449e6e82eccc345d3 # v2.1.1 + uses: helmfile/helmfile-action@6867d18430fbe251b9c1a498e26b6c45fe6ed9db # v2.2.0 with: helmfile-args: apply helmfile-workdirectory: "crowdsec" @@ -141,9 +141,9 @@ jobs: runs-on: ubuntu-latest needs: check-changes steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} diff --git a/.gitea/workflows/validate.yaml b/.gitea/workflows/validate.yaml index 3fa5c28..ee639e4 100644 --- a/.gitea/workflows/validate.yaml +++ b/.gitea/workflows/validate.yaml @@ -9,9 +9,9 @@ jobs: validate-node-lables: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} @@ -22,9 +22,9 @@ jobs: validate-coredns: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} @@ -35,14 +35,14 @@ jobs: validate-traefik: runs-on: ubuntu-latest steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} - name: Validate - uses: azure/k8s-lint@6aefe5066f95e73d2b140d8835cc95583b886989 # v3 + uses: azure/k8s-lint@6aefe5066f95e73d2b140d8835cc95583b886989 # v3.0.1 with: namespace: kube-system lintType: dryrun @@ -53,17 +53,17 @@ jobs: - ubuntu-latest - linux_amd64 steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1 - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 with: version: "3.15.0" - - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4 + - uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4.0.2 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} - name: Validate Helm - uses: helmfile/helmfile-action@37b026692c13757b2852cd7449e6e82eccc345d3 # v2.1.1 + uses: helmfile/helmfile-action@6867d18430fbe251b9c1a498e26b6c45fe6ed9db # v2.2.0 with: helmfile-args: diff helmfile-workdirectory: "crowdsec"