From 3d277087a3bb7c8397b9a5f339c8711e3c2f3de9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 09:37:04 -0800 Subject: [PATCH] chore(deps): pin dependencies (#1321) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yaml | 14 ++++++------ .github/workflows/changelog.yml | 2 +- .github/workflows/checks.yml | 24 ++++++++++----------- .github/workflows/codespell.yaml | 2 +- .github/workflows/kind.yml | 16 +++++++------- .github/workflows/offsets.yml | 6 +++--- .github/workflows/probe_load.yaml | 4 ++-- .github/workflows/release.yaml | 14 ++++++------ Dockerfile | 2 +- examples/httpPlusdb/Dockerfile | 2 +- examples/httpPlusdb/docker-compose.yaml | 2 +- examples/kafka-go/Dockerfile | 2 +- examples/kafka-go/docker-compose.yml | 6 +++--- examples/rolldice/Dockerfile | 2 +- examples/rolldice/docker-compose.yaml | 2 +- internal/test/e2e/autosdk/Dockerfile | 2 +- internal/test/e2e/databasesql/Dockerfile | 2 +- internal/test/e2e/gin/Dockerfile | 2 +- internal/test/e2e/grpc/Dockerfile | 2 +- internal/test/e2e/kafka-go/Dockerfile | 4 ++-- internal/test/e2e/nethttp/Dockerfile | 2 +- internal/test/e2e/nethttp_custom/Dockerfile | 2 +- internal/test/e2e/otelglobal/Dockerfile | 2 +- 23 files changed, 59 insertions(+), 59 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5323df81a..95ab17b64 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -33,9 +33,9 @@ jobs: runs-on: macos-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -56,7 +56,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Build auto-instrumentation run: | make docker-build @@ -64,9 +64,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 5f585b8b2..aa3bc763b 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -16,7 +16,7 @@ jobs: if: ${{ !contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.pull_request.labels.*.name, 'Skip Changelog') && !contains(github.event.pull_request.title, '[chore]')}} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Check for CHANGELOG changes run: | # Only the latest commit of the feature branch is available diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index d772e4767..d5d619f08 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -13,10 +13,10 @@ jobs: check-links: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 - - uses: lycheeverse/lychee-action@v2.1.0 + - uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0 with: args: >- -v -n "*.md" "**/*.md" @@ -26,22 +26,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true cache-dependency-path: "**/go.sum" - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Module cache - uses: actions/cache@v4.1.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 env: cache-name: go-mod-cache with: path: ~/go/pkg/mod key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('**/go.sum') }} - name: Tools cache - uses: actions/cache@v4.1.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 env: cache-name: go-tools-cache with: @@ -58,9 +58,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ matrix.go-version }} check-latest: true @@ -82,9 +82,9 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ matrix.go-version }} check-latest: true @@ -99,9 +99,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/codespell.yaml b/.github/workflows/codespell.yaml index 774c020cb..96a4164d5 100644 --- a/.github/workflows/codespell.yaml +++ b/.github/workflows/codespell.yaml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Codespell run: make codespell diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml index 52b3eecef..df0b479a7 100644 --- a/.github/workflows/kind.yml +++ b/.github/workflows/kind.yml @@ -13,13 +13,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Build auto-instrumentation run: | IMG=otel-go-instrumentation:latest make docker-build docker save otel-go-instrumentation:latest -o otel-go-instrumentation.tar - name: Upload Docker image artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4 with: name: otel-go-instrumentation path: otel-go-instrumentation.tar @@ -33,9 +33,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup BATS - uses: mig4/setup-bats@v1 + uses: mig4/setup-bats@af9a00deb21b5d795cabfeaa8d9060410377686d # v1 - name: Build sample app from script if: ${{ hashFiles(format('internal/test/e2e/{0}/build.sh', matrix.library)) != '' }} run: ./internal/test/e2e/${{ matrix.library }}/build.sh -t sample-app:latest @@ -44,11 +44,11 @@ jobs: working-directory: ./internal/test/e2e/${{ matrix.library }} run: docker build -t sample-app:latest . - name: Set up Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4 with: version: v3.9.0 - name: Create kind cluster - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: node_image: kindest/node:${{ matrix.k8s-version }} kubectl_version: ${{ matrix.k8s-version }} @@ -58,7 +58,7 @@ jobs: kubectl get node docker ps -a --filter label=io.x-k8s.kind.cluster=chart-testing - name: Download Docker image artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 with: name: otel-go-instrumentation - name: Load Docker image @@ -72,7 +72,7 @@ jobs: shell: bash run: | helm repo add open-telemetry https://open-telemetry.github.io/opentelemetry-helm-charts - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: repository: 'open-telemetry/opentelemetry-helm-charts' path: opentelemetry-helm-charts diff --git a/.github/workflows/offsets.yml b/.github/workflows/offsets.yml index beeffe399..650956d1e 100644 --- a/.github/workflows/offsets.yml +++ b/.github/workflows/offsets.yml @@ -9,10 +9,10 @@ jobs: updateOffsets: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: "~1.23.1" check-latest: true @@ -22,7 +22,7 @@ jobs: run: make offsets - name: Create pull request - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7 with: commit-message: Update generated offsets branch: automated/generated-offsets diff --git a/.github/workflows/probe_load.yaml b/.github/workflows/probe_load.yaml index f6ec0fc4a..218254a78 100644 --- a/.github/workflows/probe_load.yaml +++ b/.github/workflows/probe_load.yaml @@ -24,9 +24,9 @@ jobs: - "5.10" - "5.4" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 with: go-version: '${{ env.go_version }}' - name: make docker-generate diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c899f89f0..faa6398da 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,37 +12,37 @@ jobs: env: IMAGE_NAME: autoinstrumentation-go steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Log in to Docker Hub - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Log in to the Container registry - uses: docker/login-action@v3.3.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3.2.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3.7.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5.6.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | otel/${{ env.IMAGE_NAME }} ghcr.io/${{ github.repository }}/${{ env.IMAGE_NAME }} - name: Build and push - uses: docker/build-push-action@v6.9.0 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: push: true tags: ${{ steps.meta.outputs.tags }} diff --git a/Dockerfile b/Dockerfile index d72090fb9..28b565992 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$BUILDPLATFORM golang:1.23.3-bookworm AS base +FROM --platform=$BUILDPLATFORM golang:1.23.3-bookworm@sha256:3f3b9daa3de608f3e869cd2ff8baf21555cf0fca9fd34251b8f340f9b7c30ec5 AS base RUN apt-get update && apt-get install -y curl clang gcc llvm make libbpf-dev diff --git a/examples/httpPlusdb/Dockerfile b/examples/httpPlusdb/Dockerfile index e294b7fd8..aae92675a 100644 --- a/examples/httpPlusdb/Dockerfile +++ b/examples/httpPlusdb/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /app COPY ./*.go . RUN go mod init main diff --git a/examples/httpPlusdb/docker-compose.yaml b/examples/httpPlusdb/docker-compose.yaml index c0fc551e1..47038da7a 100644 --- a/examples/httpPlusdb/docker-compose.yaml +++ b/examples/httpPlusdb/docker-compose.yaml @@ -36,7 +36,7 @@ services: - /proc:/host/proc jaeger: - image: jaegertracing/all-in-one:1.60 + image: jaegertracing/all-in-one:1.60@sha256:4fd2d70fa347d6a47e79fcb06b1c177e6079f92cba88b083153d56263082135e ports: - "16686:16686" - "14268:14268" diff --git a/examples/kafka-go/Dockerfile b/examples/kafka-go/Dockerfile index 0ebcd0160..445a58acc 100644 --- a/examples/kafka-go/Dockerfile +++ b/examples/kafka-go/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /app COPY . . ARG BINARY_NAME diff --git a/examples/kafka-go/docker-compose.yml b/examples/kafka-go/docker-compose.yml index 6fcb966e6..c04b14914 100644 --- a/examples/kafka-go/docker-compose.yml +++ b/examples/kafka-go/docker-compose.yml @@ -17,7 +17,7 @@ services: kafka: depends_on: - zookeeper - image: wurstmeister/kafka:2.12-2.3.1 + image: wurstmeister/kafka:2.12-2.3.1@sha256:0b22bb436ecde11e0db1ce84170b979ce7130e5f1b292b16eace548cd78d7d9e restart: on-failure:3 links: - zookeeper @@ -51,7 +51,7 @@ services: retries: 5 zookeeper: - image: wurstmeister/zookeeper + image: wurstmeister/zookeeper@sha256:7a7fd44a72104bfbd24a77844bad5fabc86485b036f988ea927d1780782a6680 expose: - "2181" ports: @@ -124,7 +124,7 @@ services: command: ["/otel-go-instrumentation", "-global-impl"] jaeger: - image: jaegertracing/all-in-one:1.60 + image: jaegertracing/all-in-one:1.60@sha256:4fd2d70fa347d6a47e79fcb06b1c177e6079f92cba88b083153d56263082135e ports: - "16686:16686" - "14268:14268" diff --git a/examples/rolldice/Dockerfile b/examples/rolldice/Dockerfile index e294b7fd8..aae92675a 100644 --- a/examples/rolldice/Dockerfile +++ b/examples/rolldice/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /app COPY ./*.go . RUN go mod init main diff --git a/examples/rolldice/docker-compose.yaml b/examples/rolldice/docker-compose.yaml index efe0707f3..a16c87e4b 100644 --- a/examples/rolldice/docker-compose.yaml +++ b/examples/rolldice/docker-compose.yaml @@ -34,7 +34,7 @@ services: - /proc:/host/proc jaeger: - image: jaegertracing/all-in-one:1.60 + image: jaegertracing/all-in-one:1.60@sha256:4fd2d70fa347d6a47e79fcb06b1c177e6079f92cba88b083153d56263082135e ports: - "16686:16686" - "14268:14268" diff --git a/internal/test/e2e/autosdk/Dockerfile b/internal/test/e2e/autosdk/Dockerfile index e558298df..f040393f0 100644 --- a/internal/test/e2e/autosdk/Dockerfile +++ b/internal/test/e2e/autosdk/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 # Make sure this dir exists. WORKDIR /usr/src/go.opentelemetry.io/auto/internal/test/e2e/autosdk diff --git a/internal/test/e2e/databasesql/Dockerfile b/internal/test/e2e/databasesql/Dockerfile index 2cc27b334..5d6ea68f7 100644 --- a/internal/test/e2e/databasesql/Dockerfile +++ b/internal/test/e2e/databasesql/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /sample-app COPY . . RUN go build -o main diff --git a/internal/test/e2e/gin/Dockerfile b/internal/test/e2e/gin/Dockerfile index 2cc27b334..5d6ea68f7 100644 --- a/internal/test/e2e/gin/Dockerfile +++ b/internal/test/e2e/gin/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /sample-app COPY . . RUN go build -o main diff --git a/internal/test/e2e/grpc/Dockerfile b/internal/test/e2e/grpc/Dockerfile index 2cc27b334..5d6ea68f7 100644 --- a/internal/test/e2e/grpc/Dockerfile +++ b/internal/test/e2e/grpc/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /sample-app COPY . . RUN go build -o main diff --git a/internal/test/e2e/kafka-go/Dockerfile b/internal/test/e2e/kafka-go/Dockerfile index aea76ac09..220d3b127 100644 --- a/internal/test/e2e/kafka-go/Dockerfile +++ b/internal/test/e2e/kafka-go/Dockerfile @@ -1,9 +1,9 @@ -FROM golang:1.23.3 AS builder +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 AS builder WORKDIR /sample-app COPY . . RUN CGO_ENABLED=0 go build -o main -FROM bitnami/kafka:latest +FROM bitnami/kafka:latest@sha256:978583d0859444d3bc6b6592b38b5af5a834d473db51441071a20e67e0afb945 USER root ENV KAFKA_CFG_PROCESS_ROLES=controller,broker diff --git a/internal/test/e2e/nethttp/Dockerfile b/internal/test/e2e/nethttp/Dockerfile index 2cc27b334..5d6ea68f7 100644 --- a/internal/test/e2e/nethttp/Dockerfile +++ b/internal/test/e2e/nethttp/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /sample-app COPY . . RUN go build -o main diff --git a/internal/test/e2e/nethttp_custom/Dockerfile b/internal/test/e2e/nethttp_custom/Dockerfile index 2cc27b334..5d6ea68f7 100644 --- a/internal/test/e2e/nethttp_custom/Dockerfile +++ b/internal/test/e2e/nethttp_custom/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /sample-app COPY . . RUN go build -o main diff --git a/internal/test/e2e/otelglobal/Dockerfile b/internal/test/e2e/otelglobal/Dockerfile index 2cc27b334..5d6ea68f7 100644 --- a/internal/test/e2e/otelglobal/Dockerfile +++ b/internal/test/e2e/otelglobal/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR /sample-app COPY . . RUN go build -o main