Skip to content

Commit

Permalink
Merge branch 'master' into ap-patch-836fg
Browse files Browse the repository at this point in the history
  • Loading branch information
@apeabody
apeabody authored Jul 26, 2023
2 parents 6a988db + 0a14d2b commit 64c072e
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 30 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/codeql.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,16 +41,16 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- name: Checkout repository
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -60,7 +60,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
uses: github/codeql-action/autobuild@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -73,6 +73,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
with:
category: "/language:${{matrix.language}}"
6 changes: 3 additions & 3 deletions .github/workflows/dependency-review.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- name: 'Checkout Repository'
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: 'Dependency Review'
uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4
uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6
6 changes: 3 additions & 3 deletions .github/workflows/scorecards.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- name: "Checkout code"
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
persist-credentials: false

Expand Down Expand Up @@ -71,6 +71,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@29b1f65c5e92e24fe6b6647da1eaabe529cec70f # v2.3.3
uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
with:
sarif_file: results.sarif
6 changes: 3 additions & 3 deletions .github/workflows/website.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@ jobs:
working-directory: website
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

- name: Setup Node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
with:
node-version: "16"

Expand Down
26 changes: 13 additions & 13 deletions .github/workflows/workflow.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,19 @@ jobs:
runs-on: ubuntu-latest
name: "Test scripts"
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Unit test
run: |
make unit-test
generate:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Generate templates and docs
run: |
make generate generate-website-docs generate-artifacthub-artifacts
Expand All @@ -49,11 +49,11 @@ jobs:
name: Unit test on ${{ matrix.os }} opa ${{ matrix.opa }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- run: |
binary=$([[ "$OSTYPE" == "darwin"* ]] && echo "opa_darwin_amd64" || echo "opa_linux_amd64")
sudo curl -L -o /usr/local/bin/opa https://github.com/open-policy-agent/opa/releases/download/${{ matrix.opa }}/$binary
Expand All @@ -69,12 +69,12 @@ jobs:
name: "Integration test on Gatekeeper ${{ matrix.gatekeeper }}"
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- name: Check out code into the Go module directory
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9

- name: Bootstrap integration test
run: |
Expand Down Expand Up @@ -104,11 +104,11 @@ jobs:
name: "Require a suite.yaml file alongside every template.yaml"
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run script
run: |
make require-suites
Expand All @@ -117,11 +117,11 @@ jobs:
name: "Require a sync.yaml file and metadata.gatekeeper.sh/requires-sync-data annotation for every template.yaml using data.inventory"
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- name: Run script
run: |
make require-sync
Expand All @@ -130,10 +130,10 @@ jobs:
name: "Verify assertions in suite.yaml files"
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit

- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- run: |
make verify-gator-dockerized
2 changes: 1 addition & 1 deletion scripts/require-sync/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ replace (
require (
github.com/open-policy-agent/frameworks/constraint v0.0.0-20221214024800-b745745c4118
github.com/open-policy-agent/gatekeeper v0.0.0-20230426022931-1f6f701644ba
k8s.io/apimachinery v0.24.14
k8s.io/apimachinery v0.24.15
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
)

Expand Down
4 changes: 2 additions & 2 deletions scripts/require-sync/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1096,8 +1096,8 @@ k8s.io/api v0.24.9/go.mod h1:qQOu7t0mNvyvT5NE5rngeVHpBovp8Fd/FEI7CFZrlYY=
k8s.io/apiextensions-apiserver v0.24.7 h1:bq8kg5Q1eR6/1OaZeE6R4Cj4lBwLRyP8Lsbdrwvys1s=
k8s.io/apiextensions-apiserver v0.24.7/go.mod h1:BayNIvxdL4Fr78kGoy+nQYscNWaW4bJz8YTRvm9IqrA=
k8s.io/apimachinery v0.24.7/go.mod h1:WR5z9Lpw2mOAeDg20iSSrEBRQMY0p2YXVdYpUIgSr4o=
k8s.io/apimachinery v0.24.14 h1:i7GrBju4O0onF1+jqXXPVmfXWilplxWYkTNU6G/h6Cs=
k8s.io/apimachinery v0.24.14/go.mod h1:Yyft+DTAvOmHyT332HkCMoTKroxYDEEx7NRLsdCYDoc=
k8s.io/apimachinery v0.24.15 h1:yyPEqYqYNAZL+ybqyCo4pzfxQLYezRJITFiaTmEFr7M=
k8s.io/apimachinery v0.24.15/go.mod h1:kSzhCwldu9XB172NDdLffRN0sJ3x95RR7Bmyc4SHhs0=
k8s.io/apiserver v0.24.7 h1:J5X1BxF0hQ7Ssu5B1P5JikBA633LXsY98oshFSxSqek=
k8s.io/apiserver v0.24.7/go.mod h1:0VDfpwku0fDEJGSGfmZN0CRy0YJ/3JG/qlNdd6aSc+w=
k8s.io/client-go v0.24.7/go.mod h1:UoQaKAGHRRE77THP0jGUehwqt5javBlv1AoKdpfz3JA=
Expand Down

0 comments on commit 64c072e

Please sign in to comment.