marko/cnpg-postgres-containers
1
0
Fork 0
forked from repo-mirrors/cnpg-postgres-containers
Code Pull Requests Actions Activity

chore(deps): pin dependencies (#176)

Browse Source 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot]
2025-04-30 17:22:58 +02:00
committed by GitHub
parent e223614400
commit 48b6e1b541
3 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/bake.yaml vendored
View File

@@ -33,10 +33,10 @@ jobs:
images: ${{ steps.images.outputs.images }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -45,15 +45,15 @@ jobs:
# TODO: review this when GitHub has linux/arm64 runners available (Q1 2025?)
# https://github.com/github/roadmap/issues/970
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
with:
platforms: 'arm64'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
- name: Build and push
uses: docker/bake-action@v6
uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6
id: build
env:
environment: testing
@@ -71,7 +71,7 @@ jobs:
# Even if we're testing we sign the images, so we can push them to production later if that's required
- name: Install cosign
uses: sigstore/cosign-installer@v3
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3
# See https://github.blog/security/supply-chain-security/safeguard-container-signing-capability-actions/
# and https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml for more details on
# how to use cosign.
@@ -91,17 +91,17 @@ jobs:
image: ${{fromJson(needs.testbuild.outputs.images)}}
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Dockle
uses: erzz/dockle-action@v1
uses: erzz/dockle-action@69369bc745ee29813f730231a821bcd4f71cd290 # v1
with:
image: ${{ matrix.image }}
exit-code: '1'
@@ -116,7 +116,7 @@ jobs:
args: --severity-threshold=high --file=Dockerfile
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3
continue-on-error: true
with:
sarif_file: snyk.sarif
@@ -141,7 +141,7 @@ jobs:
id-token: write
steps:
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -172,7 +172,7 @@ jobs:
done
- name: Install cosign
uses: sigstore/cosign-installer@v3
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3
- name: Sign images
run: |

30
.github/workflows/build.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
strategy: ${{ steps.generate-jobs.outputs.strategy }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Generate Jobs
id: generate-jobs
shell: bash
@@ -39,10 +39,10 @@ jobs:
security-events: write
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
with:
platforms: ${{ matrix.platforms }}
@@ -63,10 +63,10 @@ jobs:
echo "TAGS=${RESULT%,}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
- name: Log in to the GitHub Container registry
uses: docker/login-action@v3
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -93,7 +93,7 @@ jobs:
fi
- name: Build and load
uses: docker/build-push-action@v6
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
if: ${{ env.MISSING_TAG == 'true' }}
with:
context: ${{ matrix.dir }}
@@ -103,7 +103,7 @@ jobs:
tags: ${{ env.TAGS }}
- name: Dockle scan
uses: erzz/dockle-action@v1
uses: erzz/dockle-action@69369bc745ee29813f730231a821bcd4f71cd290 # v1
if: ${{ env.MISSING_TAG == 'true' }}
with:
image: "${{ env.IMAGE_STAGING }}:${{ matrix.tags[0] }}"
@@ -123,7 +123,7 @@ jobs:
args: --severity-threshold=high --file=${{ matrix.file }}
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3
if: ${{ env.MISSING_TAG == 'true' }}
continue-on-error: true
with:
@@ -131,7 +131,7 @@ jobs:
- name: Build and push
id: build
uses: docker/build-push-action@v6
uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6
if: ${{ env.MISSING_TAG == 'true' }}
with:
context: ${{ matrix.dir }}
@@ -170,7 +170,7 @@ jobs:
}' > ${{ matrix.version }}-${{ matrix.distro }}.yaml
- name: Upload artifact
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: ${{ matrix.version }}-${{ matrix.distro }}-clusterimagecatalog
path: ${{ matrix.version }}-${{ matrix.distro }}.yaml
@@ -181,12 +181,12 @@ jobs:
needs: build
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: ${{ secrets.REPO_GHA_PAT }}
- name: Download artifacts
uses: actions/download-artifact@v4
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
pattern: '*-clusterimagecatalog'
path: clusterimagecatalog
@@ -202,14 +202,14 @@ jobs:
- name: Temporarily disable "include administrators" branch protection
if: ${{ always() && github.ref == 'refs/heads/main' }}
id: disable_include_admins
uses: benjefferies/branch-protection-bot@v1.1.2
uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2
with:
access_token: ${{ secrets.REPO_GHA_PAT }}
branch: main
enforce_admins: false
- name: Push ClusterImageCatalog updates
uses: EndBug/add-and-commit@v9
uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
if: ${{ github.ref == 'refs/heads/main' }}
with:
author_name: CloudNativePG Automated Updates
@@ -218,7 +218,7 @@ jobs:
add: 'Debian/ClusterImageCatalog*.yaml'
- name: Enable "include administrators" branch protection
uses: benjefferies/branch-protection-bot@v1.1.2
uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2
if: ${{ always() && github.ref == 'refs/heads/main' }}
with:
access_token: ${{ secrets.REPO_GHA_PAT }}

16
.github/workflows/update.yml vendored
View File

@@ -14,16 +14,16 @@ jobs:
name: Run update script
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
token: ${{ secrets.REPO_GHA_PAT }}
- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: 3.9
- name: Run update script
uses: nick-fields/retry@v3
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: 15
max_attempts: 3
@@ -35,12 +35,12 @@ jobs:
echo "Updating Debian bullseye images"
./Debian/update.sh -d bullseye
- uses: actions/setup-python@v5
- uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5
with:
python-version: 3.11
- name: Run update script
uses: nick-fields/retry@v3
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3
with:
timeout_minutes: 15
max_attempts: 3
@@ -60,20 +60,20 @@ jobs:
- name: Temporarily disable "include administrators" branch protection
if: ${{ always() && github.ref == 'refs/heads/main' }}
id: disable_include_admins
uses: benjefferies/branch-protection-bot@v1.1.2
uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2
with:
access_token: ${{ secrets.REPO_GHA_PAT }}
branch: main
enforce_admins: false
- uses: EndBug/add-and-commit@v9
- uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9
with:
author_name: CloudNativePG Automated Updates
author_email: noreply@cnpg.com
message: 'Daily automatic update'
- name: Enable "include administrators" branch protection
uses: benjefferies/branch-protection-bot@v1.1.2
uses: benjefferies/branch-protection-bot@af281f37de86139d1c7a27b91176b5dc1c2c827c # v1.1.2
if: ${{ always() && github.ref == 'refs/heads/main' }}
with:
access_token: ${{ secrets.REPO_GHA_PAT }}