diff --git a/.github/workflows/build-docs.yaml b/.github/workflows/build-docs.yaml index fade223c..b3ab6775 100644 --- a/.github/workflows/build-docs.yaml +++ b/.github/workflows/build-docs.yaml @@ -17,8 +17,8 @@ jobs: contents: write pages: write steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.x - run: pip install mkdocs-material==9.* diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 35972116..c2b2ea2c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -33,10 +33,10 @@ jobs: digest: ${{ steps.build.outputs.digest }} tag: ${{ steps.container_meta.outputs.version }} steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Login to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 if: ${{ github.event_name != 'pull_request' }} with: registry: ghcr.io @@ -44,11 +44,11 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 - name: Container meta id: container_meta - uses: docker/metadata-action@c4ee3adeed93b1fa6a762f209fb01608c1a22f1e # v4 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4 with: images: | ${{ env.IMAGE_NAME }} @@ -57,7 +57,7 @@ jobs: - name: Build image id: build - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 with: cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache cache-to: type=inline @@ -70,7 +70,7 @@ jobs: MODULE_NAME=${{ inputs.module-name }} - name: Run unit tests - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 with: cache-from: type=gha cache-to: type=gha,mode=max @@ -81,7 +81,7 @@ jobs: MODULE_NAME=${{ inputs.module-name }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # 0.10.0 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} severity: "CRITICAL" @@ -90,7 +90,7 @@ jobs: timeout: 15m - name: Save Trivy vulnerability attestation - uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2 # 0.10.0 + uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f # 0.12.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} exit-code: "0" @@ -99,7 +99,7 @@ jobs: timeout: 15m - name: Upload image vulnerability attestation - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: ${{ inputs.module-name }}-attestations path: | @@ -115,7 +115,7 @@ jobs: - name: Upload container image if: ${{ github.event_name == 'pull_request' }} - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: ${{ inputs.module-name }}-build-artifacts path: | @@ -130,7 +130,7 @@ jobs: id-token: write packages: write # for uploading attestations. if: ${{ startsWith(github.ref, 'refs/tags/') }} - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: ${{ needs.build.outputs.image }} digest: ${{ needs.build.outputs.digest }} @@ -154,7 +154,7 @@ jobs: IMAGE: "${{ needs.build.outputs.image }}@${{ needs.build.outputs.digest }}" steps: - name: Login to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: registry: ghcr.io username: ${{ github.actor }} @@ -167,7 +167,7 @@ jobs: path: /tmp - name: Install Cosign - uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5 + uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 - name: Sign image run: | diff --git a/.github/workflows/chaos-test.yaml b/.github/workflows/chaos-test.yaml index 76294607..e2b88626 100644 --- a/.github/workflows/chaos-test.yaml +++ b/.github/workflows/chaos-test.yaml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 - name: Build image - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 with: push: false load: true @@ -26,7 +26,7 @@ jobs: ghcr.io/miracum/recruit/chaos-tester:v1 - name: Create KinD cluster - uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 with: cluster_name: kind diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index 360296cb..211ac2fb 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -14,7 +14,7 @@ jobs: permissions: issues: write steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Link Checker id: lychee diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c537a7c5..27a2768e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,7 +53,7 @@ jobs: env: IMAGE_NAME: ghcr.io/${{ github.repository }}/${{ matrix.module }} steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - uses: ./.github/actions/test-image with: diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index d5fc2e05..d01440ee 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -42,10 +42,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Set up Java - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3 + uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3 with: java-version: "17" distribution: "adopt" @@ -53,7 +53,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2 + uses: github/codeql-action/init@2cb752a87e96af96708ab57187ab6372ee1973ab # v2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -66,7 +66,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2 + uses: github/codeql-action/autobuild@2cb752a87e96af96708ab57187ab6372ee1973ab # v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -79,6 +79,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2 + uses: github/codeql-action/analyze@2cb752a87e96af96708ab57187ab6372ee1973ab # v2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index 6029f318..fea1a4e4 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -10,14 +10,23 @@ permissions: read-all jobs: lint: runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.1.28@sha256:74c2ec2b1ac6d33891aaca488d5732a61668039fb0ccf2b9c883ed3df9ec463a + container: ghcr.io/chgl/kube-powertools:v2.2.7@sha256:10278eaefa090a009ad2b08b2147f2743ec3350be1e0a23a9b29b00430e2352b steps: - name: Add workspace as safe directory run: | git config --global --add safe.directory /__w/recruit/recruit + - name: downgrade helm + shell: bash + run: | + rm /usr/local/bin/helm + curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > /tmp/helm.sh + chmod +x /tmp/helm.sh + /tmp/helm.sh --version v3.12.3 + helm version + - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 @@ -54,7 +63,7 @@ jobs: - name: Cache kubeconform schemas id: cache-powerlint-kubeconform - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: /tmp key: ${{ runner.os }}-powerlint-kubeconform diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml index de01c9b7..e017434e 100644 --- a/.github/workflows/lint-pr-title.yaml +++ b/.github/workflows/lint-pr-title.yaml @@ -14,7 +14,7 @@ jobs: name: Validate PR title runs-on: ubuntu-22.04 steps: - - uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0 + - uses: amannn/action-semantic-pull-request@47b15d52c5c30e94a17ec87eb8dd51ff5221fed9 # v5.3.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 4f1a7235..10665d64 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -14,7 +14,7 @@ jobs: contents: write pull-requests: write steps: - - uses: google-github-actions/release-please-action@51ee8ae2605bd5ce1cfdcc5938684908f1cd9f69 # v3.7.9 + - uses: google-github-actions/release-please-action@4c5670f886fe259db4d11222f7dff41c1382304d # v3.7.12 with: token: ${{ secrets.MIRACUM_BOT_SEMANTIC_RELEASE_TOKEN }} release-type: simple diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2c51197f..f86c4401 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,10 +20,10 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Login to GitHub Container Registry - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: registry: ghcr.io username: ${{ github.actor }} @@ -35,7 +35,7 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@dd6b2e2b610a11fd73dd187a43d57cc1394e35f9 # v3.0.5 + uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 - name: Add helm repos and update deps run: | @@ -54,7 +54,7 @@ jobs: cosign sign --yes "ghcr.io/${{ github.repository }}/charts/recruit:${CHART_VERSION}" - - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: helm-chart path: | @@ -66,11 +66,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: path: recruit - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: token: ${{ secrets.GITHUB_TOKEN }} repository: miracum/charts @@ -101,11 +101,11 @@ jobs: publish-kyverno-policies: name: publish kyverno policies runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.1.28@sha256:74c2ec2b1ac6d33891aaca488d5732a61668039fb0ccf2b9c883ed3df9ec463a + container: ghcr.io/chgl/kube-powertools:v2.2.7@sha256:10278eaefa090a009ad2b08b2147f2743ec3350be1e0a23a9b29b00430e2352b continue-on-error: true steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Push policy folder env: @@ -126,7 +126,7 @@ jobs: contents: write # to upload artifacts to the release steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download Helm chart uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3 @@ -174,7 +174,7 @@ jobs: id-token: write contents: write # To add assets to a release. # can't be referenced by digest. See - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0 with: base64-subjects: "${{ needs.prepare-artifacts.outputs.hashes }}" compile-generator: true # Workaround for https://github.com/slsa-framework/slsa-github-generator/issues/1163 diff --git a/.github/workflows/reset-chart-changelog-annotations.yaml b/.github/workflows/reset-chart-changelog-annotations.yaml index bee9710c..f9a15d66 100644 --- a/.github/workflows/reset-chart-changelog-annotations.yaml +++ b/.github/workflows/reset-chart-changelog-annotations.yaml @@ -16,7 +16,7 @@ jobs: reset-commit-and-push: name: reset changelog annotations, commit, and push runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.1.28@sha256:74c2ec2b1ac6d33891aaca488d5732a61668039fb0ccf2b9c883ed3df9ec463a + container: ghcr.io/chgl/kube-powertools:v2.2.7@sha256:10278eaefa090a009ad2b08b2147f2743ec3350be1e0a23a9b29b00430e2352b permissions: contents: write steps: @@ -25,7 +25,7 @@ jobs: git config --global --add safe.directory /__w/recruit/recruit - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 ref: ${{ github.head_ref }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index c452785e..e04e5471 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0 + uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/upload-sarif@2cb752a87e96af96708ab57187ab6372ee1973ab # v2.22.0 with: sarif_file: results.sarif diff --git a/.github/workflows/test-compose-installation.yaml b/.github/workflows/test-compose-installation.yaml index c47e5524..ef41b474 100644 --- a/.github/workflows/test-compose-installation.yaml +++ b/.github/workflows/test-compose-installation.yaml @@ -16,7 +16,7 @@ jobs: RECRUIT_IMAGE_BASE_NAME: ghcr.io/${{ github.repository }} RECRUIT_IMAGE_TAG: ${{ inputs.image-tag }} steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Download all artifacts if: ${{ github.event_name == 'pull_request' }} diff --git a/.github/workflows/test-k8s-installation.yaml b/.github/workflows/test-k8s-installation.yaml index 63a60601..25975cae 100644 --- a/.github/workflows/test-k8s-installation.yaml +++ b/.github/workflows/test-k8s-installation.yaml @@ -14,7 +14,7 @@ jobs: test: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: downgrade helm shell: bash @@ -26,10 +26,10 @@ jobs: helm version - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 - name: Build tester image - uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0 + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 with: push: false load: true @@ -40,7 +40,7 @@ jobs: ghcr.io/miracum/recruit/tester:v1 - name: Create k8s KinD cluster - uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 with: cluster_name: kind @@ -115,7 +115,7 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: kind-cluster-dump.txt path: | diff --git a/.github/workflows/validate-fhir-resources.yaml b/.github/workflows/validate-fhir-resources.yaml index 23a85634..b116e8d1 100644 --- a/.github/workflows/validate-fhir-resources.yaml +++ b/.github/workflows/validate-fhir-resources.yaml @@ -12,10 +12,10 @@ jobs: validate-fhir-resource: name: Validate FHIR resources runs-on: ubuntu-22.04 - container: ghcr.io/miracum/ig-build-tools:v2.0.4@sha256:1b2bc9cb9a9ee3bb57b1f52dffeb9467dd9660517ef28d5af123eba98372d95a + container: ghcr.io/miracum/ig-build-tools:v2.0.9@sha256:da4a32b4a33a7de616a5066e4ce249045a739ea53cb9ac9feb6fa0a97634cd0c steps: - name: Checkout code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 - name: Restore FHIR package dependencies working-directory: fhir/ diff --git a/.github/workflows/validate-gradle-wrapper.yaml b/.github/workflows/validate-gradle-wrapper.yaml index a02b48e5..578eab45 100644 --- a/.github/workflows/validate-gradle-wrapper.yaml +++ b/.github/workflows/validate-gradle-wrapper.yaml @@ -14,5 +14,5 @@ jobs: name: "Validation" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - - uses: gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b # v1.0.6 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 # v1.1.0 diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml index 5253ddf4..189b2772 100644 --- a/.github/workflows/yamllint.yaml +++ b/.github/workflows/yamllint.yaml @@ -18,10 +18,10 @@ jobs: yamllint: runs-on: ubuntu-22.04 # contains yamllint - container: ghcr.io/chgl/kube-powertools:v2.1.28@sha256:74c2ec2b1ac6d33891aaca488d5732a61668039fb0ccf2b9c883ed3df9ec463a + container: ghcr.io/chgl/kube-powertools:v2.2.7@sha256:10278eaefa090a009ad2b08b2147f2743ec3350be1e0a23a9b29b00430e2352b steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Run yamllint run: yamllint -c .yamllint.yaml . diff --git a/charts/recruit/README.md b/charts/recruit/README.md index 91074ed5..3f0ba74f 100644 --- a/charts/recruit/README.md +++ b/charts/recruit/README.md @@ -228,4 +228,4 @@ See the documentation on distributed tracing for more information: