From d61fd227481a7aef6e60238a890b51745962077f Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:23:55 +0100 Subject: [PATCH 1/7] chore(ci): update buildx step actions. --- .github/workflows/buildx.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/buildx.yml b/.github/workflows/buildx.yml index 7bf843f62..3b79cfebd 100644 --- a/.github/workflows/buildx.yml +++ b/.github/workflows/buildx.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create matrix id: platforms @@ -41,10 +41,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Run run: | @@ -66,16 +66,16 @@ jobs: echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Build - uses: docker/bake-action@v2 + uses: docker/bake-action@3fc70e1131fee40a422dd8dd0ff22014ae20a1f3 # v5.11.0 with: targets: release set: | @@ -100,10 +100,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: kubehound path: bin/release @@ -126,9 +126,9 @@ jobs: - name: GitHub Release if: startsWith(github.ref, 'refs/tags/v') - uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0 + uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 with: artifacts: bin/release/* generateReleaseNotes: true draft: true - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + token: ${{ secrets.GITHUB_TOKEN }} From 8f9cc9eb99f8b4ce9c00e5a349633dc342ad50ce Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:26:43 +0100 Subject: [PATCH 2/7] chore(ci): update dd-sa step actions. --- .github/workflows/datadog-static-analysis.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml index 45c53e345..66d922972 100644 --- a/.github/workflows/datadog-static-analysis.yml +++ b/.github/workflows/datadog-static-analysis.yml @@ -11,14 +11,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Check code meets quality and security standards id: datadog-static-analysis - uses: DataDog/datadog-static-analyzer-github-action@v1 + uses: DataDog/datadog-static-analyzer-github-action@06d501a75f56e4075c67a7dbc61a74b6539a05c8 # v1.2.1 with: dd_api_key: ${{ secrets.DD_API_KEY }} dd_app_key: ${{ secrets.DD_APP_KEY }} - dd_service: kubehound - dd_env: ci dd_site: datadoghq.com cpu_count: 2 From 0646970da45f75150a97bd4de71c9e5292ddd937 Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:32:43 +0100 Subject: [PATCH 3/7] chore(ci): update docker step actions. --- .github/workflows/buildx.yml | 2 +- .github/workflows/docker.yml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/buildx.yml b/.github/workflows/buildx.yml index 3b79cfebd..f5cff94f8 100644 --- a/.github/workflows/buildx.yml +++ b/.github/workflows/buildx.yml @@ -84,7 +84,7 @@ jobs: *.cache-to=type=gha,scope=binary-${{ env.PLATFORM_PAIR }},mode=max - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: kubehound path: ./bin/release/* diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5b2acb6fe..f8ddc0401 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: # egress-policy: audit egress-policy: block @@ -72,23 +72,23 @@ jobs: iojs.org:443 - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Build and push Docker image if: ${{ github.event_name == 'push' }} - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: ${{ matrix.workdir }} platforms: linux/amd64,linux/arm64 @@ -102,7 +102,7 @@ jobs: - name: Build and push Docker image if: ${{ github.event_name == 'workflow_dispatch' }} - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: ${{ matrix.workdir }} platforms: linux/amd64,linux/arm64 From 18cc0d6ab94467c23e123856b843d2f719aa1843 Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:34:59 +0100 Subject: [PATCH 4/7] chore(ci): update docs step actions. --- .github/workflows/docs.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 59a066b4e..7abcf9b3f 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -26,9 +26,9 @@ jobs: github.com:443 pypi.org:443 - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab - - uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.x - run: pip install mkdocs-material mkdocs-awesome-pages-plugin markdown-captions - - run: mkdocs gh-deploy --force \ No newline at end of file + - run: mkdocs gh-deploy --force From 2daf6b1f5d2d4393a2f4201764b0a3a76502d935 Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:37:16 +0100 Subject: [PATCH 5/7] chore(ci): update linter step actions. --- .github/workflows/linter.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 57cfbd52e..f11385c90 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -31,15 +31,15 @@ jobs: raw.githubusercontent.com:443 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: "1.23" - name: Checkout Git Repo - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: golangci-lint - uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: - version: v1.62.0 + version: v1.63.3 args: ./... From a7bc7c9c0da5980255d1df341c70e2c9c0b16230 Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:41:19 +0100 Subject: [PATCH 6/7] chore(ci): update system-test step actions. --- .github/workflows/system-test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/system-test.yml b/.github/workflows/system-test.yml index e292e64d2..065baf770 100644 --- a/.github/workflows/system-test.yml +++ b/.github/workflows/system-test.yml @@ -27,7 +27,7 @@ jobs: - 8126:8126 steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -48,10 +48,10 @@ jobs: *.datadoghq.com:443 - name: Checkout Git Repo - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create K8s Kind Cluster - uses: helm/kind-action@9e8295d178de23cbfbd8fa16cf844eec1d773a07 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 with: cluster_name: kubehound.test.local config: test/setup/test-cluster/cluster.yaml @@ -65,7 +65,7 @@ jobs: KUBECONFIG: ./test/setup/.kube-config - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: "1.23" From 2cdde729869d0c084e935243028b969339229981 Mon Sep 17 00:00:00 2001 From: Thibault Normand Date: Fri, 3 Jan 2025 12:43:49 +0100 Subject: [PATCH 7/7] chore(ci): update unit-test step actions. --- .github/workflows/unit-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index d350e5b9c..e1aeccc77 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: @@ -27,12 +27,12 @@ jobs: *.docker.io:443 - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: "1.23" - name: Checkout Git Repo - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Unit Tests run: make test