From 829de1be95f2d3e326466b29eb7d98825ee869ef Mon Sep 17 00:00:00 2001 From: Christoph Hamsen <37963496+xopham@users.noreply.github.com> Date: Wed, 5 Feb 2025 15:51:04 +0100 Subject: [PATCH] ci: pin github actions by hash and update via dependabot (#3146) --- .github/dependabot.yml | 15 +++++++ .github/workflows/appsec.yml | 22 +++++----- .github/workflows/codeql-analysis.yml | 8 ++-- .github/workflows/datadog-static-analysis.yml | 2 +- .github/workflows/ecosystems-label-issue.yml | 2 +- .github/workflows/ecosystems-label-pr.yml | 2 +- .github/workflows/govulncheck.yml | 6 +-- .github/workflows/multios-unit-tests.yml | 4 +- .github/workflows/needs-triage.yml | 2 +- .github/workflows/orchestrion.yml | 18 ++++----- .github/workflows/outdated-integrations.yml | 4 +- .github/workflows/parametric-tests.yml | 6 +-- .../workflows/service-extensions-publish.yml | 12 +++--- .github/workflows/smoke-tests.yml | 14 +++---- .github/workflows/stale.yml | 2 +- .github/workflows/system-tests.yml | 6 +-- .github/workflows/test-apps.yml | 40 +++++++++---------- .github/workflows/unit-integration-tests.yml | 14 +++---- 18 files changed, 97 insertions(+), 82 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..c272b36b58 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + gh-actions-packages: + patterns: + - "*" diff --git a/.github/workflows/appsec.yml b/.github/workflows/appsec.yml index d238b55ba3..43aa4f3e2b 100644 --- a/.github/workflows/appsec.yml +++ b/.github/workflows/appsec.yml @@ -67,7 +67,7 @@ jobs: key: ${{ steps.cfg.outputs.key }} path: ${{ steps.cfg.outputs.path }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Compute cache configuration id: cfg @@ -75,13 +75,13 @@ jobs: echo "key=go-pkg-mod-${{ hashFiles('**/go.sum') }}" >> $GITHUB_OUTPUT echo "path=go_pkg_mod_cache" >> $GITHUB_OUTPUT - - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: cache: false - name: Cache Go modules id: cache - uses: actions/cache@v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ steps.cfg.outputs.path }} key: ${{ steps.cfg.outputs.key }} @@ -104,10 +104,10 @@ jobs: go-version: [ "1.23", "1.22" ] fail-fast: true # saving some CI time - macos runners are too long to get steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore Go modules cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ needs.go-mod-caching.outputs.path }} key: ${{ needs.go-mod-caching.outputs.key }} @@ -115,7 +115,7 @@ jobs: enableCrossOsArchive: true fail-on-cache-miss: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ matrix.go-version }} cache: false # we manage the caching ourselves @@ -151,10 +151,10 @@ jobs: matrix: runs-on: [ macos-latest, windows-latest, ubuntu-latest-16-cores ] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore Go modules cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ needs.go-mod-caching.outputs.path }} key: ${{ needs.go-mod-caching.outputs.key }} @@ -162,7 +162,7 @@ jobs: enableCrossOsArchive: true fail-on-cache-miss: true - - uses: actions/setup-go@v5 + - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: stable cache: false # we manage the caching ourselves @@ -199,10 +199,10 @@ jobs: fail-fast: false steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore Go modules cache - uses: actions/cache/restore@v4 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ${{ needs.go-mod-caching.outputs.path }} key: ${{ needs.go-mod-caching.outputs.key }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 53fb2d4cc2..28ea8ff621 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -35,13 +35,13 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -52,7 +52,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 diff --git a/.github/workflows/datadog-static-analysis.yml b/.github/workflows/datadog-static-analysis.yml index 9a00adaad1..13ce59e524 100644 --- a/.github/workflows/datadog-static-analysis.yml +++ b/.github/workflows/datadog-static-analysis.yml @@ -12,7 +12,7 @@ jobs: name: Datadog Static Analyzer steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - name: Check code meets quality and security standards id: datadog-static-analysis uses: DataDog/datadog-static-analyzer-github-action@v1 diff --git a/.github/workflows/ecosystems-label-issue.yml b/.github/workflows/ecosystems-label-issue.yml index 29853e45bc..9ba77cd4f9 100644 --- a/.github/workflows/ecosystems-label-issue.yml +++ b/.github/workflows/ecosystems-label-issue.yml @@ -15,6 +15,6 @@ jobs: steps: # https://github.com/marketplace/actions/actions-ecosystem-add-labels - name: add label - uses: actions-ecosystem/action-add-labels@v1 + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 with: labels: apm:ecosystem diff --git a/.github/workflows/ecosystems-label-pr.yml b/.github/workflows/ecosystems-label-pr.yml index 4cadafd3e7..da40054b3c 100644 --- a/.github/workflows/ecosystems-label-pr.yml +++ b/.github/workflows/ecosystems-label-pr.yml @@ -16,6 +16,6 @@ jobs: steps: # https://github.com/marketplace/actions/actions-ecosystem-add-labels - name: add label - uses: actions-ecosystem/action-add-labels@v1 + uses: actions-ecosystem/action-add-labels@18f1af5e3544586314bbe15c0273249c770b2daf # v1.1.3 with: labels: apm:ecosystem diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index e7549a71fc..045c8aca95 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -24,11 +24,11 @@ jobs: govulncheck-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Checkout Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: 'stable' - name: Install govulncheck @@ -40,4 +40,4 @@ jobs: run: | go list -f '{{.Dir}}' ./contrib/... | while read dir ; do govulncheck -C $dir . - done \ No newline at end of file + done diff --git a/.github/workflows/multios-unit-tests.yml b/.github/workflows/multios-unit-tests.yml index 1cdd9191b6..3bbdac4729 100644 --- a/.github/workflows/multios-unit-tests.yml +++ b/.github/workflows/multios-unit-tests.yml @@ -40,10 +40,10 @@ jobs: DD_APPSEC_WAF_TIMEOUT: 1h steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 with: ref: ${{ inputs.ref || github.ref }} - - uses: actions/setup-go@v3 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: ${{ inputs.go-version }} check-latest: true diff --git a/.github/workflows/needs-triage.yml b/.github/workflows/needs-triage.yml index 6b0f1c0c44..0d78f115f3 100644 --- a/.github/workflows/needs-triage.yml +++ b/.github/workflows/needs-triage.yml @@ -94,7 +94,7 @@ jobs: steps: - name: Notify about ${{ matrix.number }} - uses: slackapi/slack-github-action@v1.24.0 + uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 with: payload: |- { diff --git a/.github/workflows/orchestrion.yml b/.github/workflows/orchestrion.yml index f661f09b8c..b7d439e7bf 100644 --- a/.github/workflows/orchestrion.yml +++ b/.github/workflows/orchestrion.yml @@ -35,9 +35,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: stable cache: true @@ -54,12 +54,12 @@ jobs: json: ${{ steps.matrix.outputs.json }} steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ inputs.orchestrion-version != '' && 'DataDog/dd-trace-go' || github.repository }} ref: ${{ inputs.orchestrion-version != '' && 'main' || github.sha }} - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: stable cache: true @@ -93,7 +93,7 @@ jobs: runs-on: ${{ matrix.runs-on == 'ubuntu' && fromJson('{"labels":"ubuntu-16-core-latest","group":"Large Runner Shared Public"}') || (matrix.runs-on == 'windows' && fromJson('{"labels":"windows-shared-8core","group":"LARGE WINDOWS SHARED"}')) || format('{0}-latest', matrix.runs-on) }} steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: ${{ github.workspace }}/dd-trace-go repository: ${{ inputs.orchestrion-version != '' && 'DataDog/dd-trace-go' || github.repository }} @@ -102,7 +102,7 @@ jobs: - name: Check out orchestrion if: inputs.orchestrion-version != '' id: checkout-orchestrion - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: ${{ github.workspace }}/orchestrion repository: DataDog/orchestrion @@ -110,7 +110,7 @@ jobs: - name: Setup Go id: setup-go - uses: actions/setup-go@v5 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: ${{ matrix.go-version }} cache: true @@ -120,7 +120,7 @@ jobs: # ddapm-test-agent is used to observe side effects from the tracer during integration tests. - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: 3.x cache: pip @@ -214,7 +214,7 @@ jobs: echo "version=$(echo '${{ steps.setup-go.outputs.go-version }}' | cut -d'.' -f1,2)" >> "${GITHUB_OUTPUT}" - name: Upload coverage report if: inputs.collect-coverage - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: coverage-integration+${{ matrix.mode }}+go${{ steps.go.outputs.version }}+${{ runner.os }}+${{ runner.arch }} path: ${{ github.workspace }}/orchestrion/coverage/integration.out diff --git a/.github/workflows/outdated-integrations.yml b/.github/workflows/outdated-integrations.yml index 0e559c8039..695ef9b570 100644 --- a/.github/workflows/outdated-integrations.yml +++ b/.github/workflows/outdated-integrations.yml @@ -20,7 +20,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: go get github.com/Masterminds/semver/v3 @@ -30,7 +30,7 @@ jobs: - name: Create Pull Request id: pr - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} branch: "upgrade-latest-major-version" diff --git a/.github/workflows/parametric-tests.yml b/.github/workflows/parametric-tests.yml index 4027451800..0df7edbef2 100644 --- a/.github/workflows/parametric-tests.yml +++ b/.github/workflows/parametric-tests.yml @@ -34,18 +34,18 @@ jobs: TEST_LIBRARY: golang steps: - name: Checkout system tests - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: repository: 'DataDog/system-tests' ref: ${{ inputs.ref }} - name: Checkout dd-trace-go - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.branch_ref || github.ref }} path: 'binaries/dd-trace-go' - - uses: actions/setup-go@v3 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "oldstable" diff --git a/.github/workflows/service-extensions-publish.yml b/.github/workflows/service-extensions-publish.yml index 0601c76b08..8813618ac9 100644 --- a/.github/workflows/service-extensions-publish.yml +++ b/.github/workflows/service-extensions-publish.yml @@ -59,7 +59,7 @@ jobs: sudo chmod 666 /var/run/docker.sock - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to Docker shell: bash @@ -67,13 +67,13 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: ${{ env.REGISTRY_IMAGE }} - name: Build and push by digest id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . file: ./contrib/envoyproxy/go-control-plane/cmd/serviceextensions/Dockerfile @@ -88,7 +88,7 @@ jobs: touch "/tmp/digests/${digest#sha256:}" - name: Upload digest - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: digests-${{ env.PLATFORM_PAIR }} path: /tmp/digests/* @@ -102,14 +102,14 @@ jobs: steps: - name: Download digests - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: /tmp/digests pattern: digests-* merge-multiple: true - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.8.0 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Login to Docker shell: bash diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 9a05bdc8ba..a3a7074d3f 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -42,7 +42,7 @@ jobs: env: PACKAGES: ./internal/... ./ddtrace/... ./profiler/... ./appsec/... steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.ref }} # Manually specify the repository, which is necessary in the workflow_call situation, as the default is @@ -50,7 +50,7 @@ jobs: # repository where the called workflow is (i.e, this repository); but I don't know of a more elegant way to # obtain its name than hard-coding it. repository: DataDog/dd-trace-go - - uses: actions/setup-go@v3 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "stable" cache: true @@ -82,10 +82,10 @@ jobs: # without having to download a newer one. GOTOOLCHAIN: local steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.ref }} - - uses: actions/setup-go@v3 + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "1.22" cache: true @@ -169,7 +169,7 @@ jobs: deployment-env: scratch steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.ref }} # Manually specify the repository, which is necessary in the workflow_call situation, as the default is @@ -177,9 +177,9 @@ jobs: # repository where the called workflow is (i.e, this repository); but I don't know of a more elegant way to # obtain its name than hard-coding it. repository: DataDog/dd-trace-go - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: context: . file: ./internal/setup-smoke-test/Dockerfile diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 24ffaae4da..23ef548d29 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: stale: runs-on: ubuntu-latest steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: stale-pr-message: 'This PR is stale because it has been open 20 days with no activity. Remove stale label or comment or this will be closed in 10 days.' close-pr-message: 'This PR was closed because it has been open for 30 days with no activity.' diff --git a/.github/workflows/system-tests.yml b/.github/workflows/system-tests.yml index 1bd0bebbe3..8737be24af 100644 --- a/.github/workflows/system-tests.yml +++ b/.github/workflows/system-tests.yml @@ -124,13 +124,13 @@ jobs: name: Test (${{ matrix.weblog-variant }}, ${{ matrix.scenario }}) steps: - name: Checkout system tests - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: repository: 'DataDog/system-tests' ref: ${{ inputs.ref }} - name: Checkout dd-trace-go - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.branch_ref || github.ref }} path: 'binaries/dd-trace-go' @@ -152,7 +152,7 @@ jobs: run: tar -czvf artifact.tar.gz $(ls | grep logs) - name: Upload artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if: ${{ always() }} with: name: logs_${{ matrix.weblog-variant }}_${{ matrix.scenario }} diff --git a/.github/workflows/test-apps.yml b/.github/workflows/test-apps.yml index bff3c60c53..57fba63a43 100644 --- a/.github/workflows/test-apps.yml +++ b/.github/workflows/test-apps.yml @@ -73,7 +73,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''unit-of-work/v1'') && inputs[''env: prod'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -82,7 +82,7 @@ jobs: api_key: ${{ secrets['DD_TEST_APP_API_KEY'] }} datadog_site: datadoghq.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -99,7 +99,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''unit-of-work/v1'') && inputs[''env: staging'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -108,7 +108,7 @@ jobs: api_key: ${{ secrets['DD_TEST_AND_DEMO_API_KEY'] }} datadog_site: datad0g.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -125,7 +125,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''unit-of-work/v2'') && inputs[''env: prod'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -134,7 +134,7 @@ jobs: api_key: ${{ secrets['DD_TEST_APP_API_KEY'] }} datadog_site: datadoghq.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -151,7 +151,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''unit-of-work/v2'') && inputs[''env: staging'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -160,7 +160,7 @@ jobs: api_key: ${{ secrets['DD_TEST_AND_DEMO_API_KEY'] }} datadog_site: datad0g.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -177,7 +177,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''memory-leak/goroutine'') && inputs[''env: prod'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -186,7 +186,7 @@ jobs: api_key: ${{ secrets['DD_TEST_APP_API_KEY'] }} datadog_site: datadoghq.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -203,7 +203,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''memory-leak/goroutine'') && inputs[''env: staging'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -212,7 +212,7 @@ jobs: api_key: ${{ secrets['DD_TEST_AND_DEMO_API_KEY'] }} datadog_site: datad0g.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -229,7 +229,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''memory-leak/heap'') && inputs[''env: prod'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -238,7 +238,7 @@ jobs: api_key: ${{ secrets['DD_TEST_APP_API_KEY'] }} datadog_site: datadoghq.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -255,7 +255,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''memory-leak/heap'') && inputs[''env: staging'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -264,7 +264,7 @@ jobs: api_key: ${{ secrets['DD_TEST_AND_DEMO_API_KEY'] }} datadog_site: datad0g.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -281,7 +281,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''memory-leak/goroutine-heap'') && inputs[''env: prod'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -290,7 +290,7 @@ jobs: api_key: ${{ secrets['DD_TEST_APP_API_KEY'] }} datadog_site: datadoghq.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true @@ -307,7 +307,7 @@ jobs: if: 'contains(fromJSON(inputs[''scenarios'']), ''memory-leak/goroutine-heap'') && inputs[''env: staging'']' steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Start Agent @@ -316,7 +316,7 @@ jobs: api_key: ${{ secrets['DD_TEST_AND_DEMO_API_KEY'] }} datadog_site: datad0g.com - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: stable check-latest: true diff --git a/.github/workflows/unit-integration-tests.yml b/.github/workflows/unit-integration-tests.yml index a27aa3c138..8d5a132253 100644 --- a/.github/workflows/unit-integration-tests.yml +++ b/.github/workflows/unit-integration-tests.yml @@ -28,11 +28,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: stable - name: Copyright @@ -44,12 +44,12 @@ jobs: group: "APM Larger Runners" steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} - name: golangci-lint - uses: reviewdog/action-golangci-lint@v2 + uses: reviewdog/action-golangci-lint@dd3fda91790ca90e75049e5c767509dc0ec7d99b # v2.7.0 with: golangci_lint_flags: "--timeout 10m" # We are hitting timeout when there is no cache go_version: ${{ inputs.go-version }} @@ -58,7 +58,7 @@ jobs: reporter: github-pr-review - name: golangci-lint (internal/orchestrion/_integration) - uses: reviewdog/action-golangci-lint@v2 + uses: reviewdog/action-golangci-lint@dd3fda91790ca90e75049e5c767509dc0ec7d99b # v2.7.0 with: golangci_lint_flags: "--timeout 10m" # We are hitting timeout when there is no cache go_version: ${{ inputs.go-version }} @@ -217,7 +217,7 @@ jobs: - 4566:4566 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }} @@ -305,7 +305,7 @@ jobs: - 8126:8126 steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: ref: ${{ inputs.ref || github.ref }}