From 329cc3e6df470b82aec964c88e04f3e2c2fc0f40 Mon Sep 17 00:00:00 2001
From: Jesse Szwedko <jesse.szwedko@datadoghq.com>
Date: Mon, 16 Dec 2024 15:47:01 -0800
Subject: [PATCH] chore(ci): Pin ubuntu versions in GHA

`ubuntu-latest` recently changed to 24.04 for some workflows which caused unexpected breakages.
I think it is better to pin to a specific version and upgrade as-needed rather than track latest and
have it break unexpectedly.

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
---
 .github/workflows/changelog.yaml                     | 4 ++--
 .github/workflows/changes.yml                        | 4 ++--
 .github/workflows/ci-integration-review.yml          | 4 ++--
 .github/workflows/ci-review-trigger.yml              | 2 +-
 .github/workflows/cli.yml                            | 2 +-
 .github/workflows/component_features.yml             | 2 +-
 .github/workflows/create_preview_sites.yml           | 2 +-
 .github/workflows/cross.yml                          | 2 +-
 .github/workflows/deny.yml                           | 2 +-
 .github/workflows/e2e.yml                            | 2 +-
 .github/workflows/gardener_issue_comment.yml         | 2 +-
 .github/workflows/gardener_open_issue.yml            | 2 +-
 .github/workflows/gardener_open_pr.yml               | 4 ++--
 .github/workflows/gardener_remove_waiting_author.yml | 2 +-
 .github/workflows/integration.yml                    | 2 +-
 .github/workflows/k8s_e2e.yml                        | 4 ++--
 .github/workflows/msrv.yml                           | 2 +-
 .github/workflows/preview_site_trigger.yml           | 2 +-
 .github/workflows/protobuf.yml                       | 2 +-
 .github/workflows/regression.yml                     | 6 +++---
 .github/workflows/scorecard.yml                      | 2 +-
 .github/workflows/semantic.yml                       | 2 +-
 .github/workflows/spelling.yml                       | 2 +-
 23 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml
index fc73f73b183d8..57d7013f3b2d6 100644
--- a/.github/workflows/changelog.yaml
+++ b/.github/workflows/changelog.yaml
@@ -18,7 +18,7 @@ on:
 
 jobs:
   validate-changelog:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     if: github.event_name == 'pull_request'
     env:
       PR_HAS_LABEL: ${{ contains( github.event.pull_request.labels.*.name, 'no-changelog') }}
@@ -52,7 +52,7 @@ jobs:
 
   check-changelog:
     name: Changelog
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: validate-changelog
     if: always()
     env:
diff --git a/.github/workflows/changes.yml b/.github/workflows/changes.yml
index 8b31b8136a252..5682e875ed85b 100644
--- a/.github/workflows/changes.yml
+++ b/.github/workflows/changes.yml
@@ -196,7 +196,7 @@ jobs:
 
   # Detects changes that are specific to integration tests
   int_tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: ${{ inputs.int_tests }}
     outputs:
@@ -254,7 +254,7 @@ jobs:
 
   # Detects changes that are specific to e2e tests
   e2e_tests:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: ${{ inputs.e2e_tests }}
     outputs:
diff --git a/.github/workflows/ci-integration-review.yml b/.github/workflows/ci-integration-review.yml
index 333af38f7b450..dd8297f9da076 100644
--- a/.github/workflows/ci-integration-review.yml
+++ b/.github/workflows/ci-integration-review.yml
@@ -53,7 +53,7 @@ env:
 jobs:
   prep-pr:
     name: (PR review) Signal pending to PR
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: startsWith(github.event.review.body, '/ci-run-integration') || contains(github.event.review.body, '/ci-run-all')
     steps:
@@ -496,7 +496,7 @@ jobs:
 
   update-pr-status:
     name: Signal result to PR
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     needs:
       - integration-tests
diff --git a/.github/workflows/ci-review-trigger.yml b/.github/workflows/ci-review-trigger.yml
index c5164b64c45d5..06f638da5fbab 100644
--- a/.github/workflows/ci-review-trigger.yml
+++ b/.github/workflows/ci-review-trigger.yml
@@ -51,7 +51,7 @@ env:
 jobs:
   validate:
     name: Validate review
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: |
         startsWith(github.event.review.body, '/ci-run-all')
diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml
index f87ab4da5bc43..4678686cb2a9e 100644
--- a/.github/workflows/cli.yml
+++ b/.github/workflows/cli.yml
@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   test-cli:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     timeout-minutes: 15
     env:
       CARGO_INCREMENTAL: 0
diff --git a/.github/workflows/component_features.yml b/.github/workflows/component_features.yml
index 4cb1d25cb1c91..a8a05af06d42f 100644
--- a/.github/workflows/component_features.yml
+++ b/.github/workflows/component_features.yml
@@ -22,7 +22,7 @@ permissions:
 jobs:
   check-component-features:
     # use free tier on schedule and 8 core to expedite results on demand invocation
-    runs-on: ${{ github.event_name == 'schedule' && 'ubuntu-latest' || 'ubuntu-20.04-8core' }}
+    runs-on: ${{ github.event_name == 'schedule' && 'ubuntu-20.04' || 'ubuntu-20.04-8core' }}
     if: github.event_name == 'pull_request_review' || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
     steps:
       - name: (PR review) Set latest commit status as pending
diff --git a/.github/workflows/create_preview_sites.yml b/.github/workflows/create_preview_sites.yml
index 4c179cd217cd4..1e79c621a7932 100644
--- a/.github/workflows/create_preview_sites.yml
+++ b/.github/workflows/create_preview_sites.yml
@@ -29,7 +29,7 @@ permissions:
 
 jobs:
   create_preview_site:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     steps:
 
diff --git a/.github/workflows/cross.yml b/.github/workflows/cross.yml
index 126d6147f9f96..d9040040ff1a2 100644
--- a/.github/workflows/cross.yml
+++ b/.github/workflows/cross.yml
@@ -9,7 +9,7 @@ permissions:
 jobs:
   cross-linux:
     name: Cross - ${{ matrix.target }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     timeout-minutes: 45
     env:
       CARGO_INCREMENTAL: 0
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
index 6c265dff7a149..430c21ca43c01 100644
--- a/.github/workflows/deny.yml
+++ b/.github/workflows/deny.yml
@@ -21,7 +21,7 @@ permissions:
 
 jobs:
   test-deny:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     timeout-minutes: 15
     env:
       CARGO_INCREMENTAL: 0
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index eaf5d70b2b4a5..a660339f27121 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -103,7 +103,7 @@ jobs:
 
   e2e-test-suite:
     name: E2E Test Suite
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: always()
     needs: e2e-tests
diff --git a/.github/workflows/gardener_issue_comment.yml b/.github/workflows/gardener_issue_comment.yml
index 91afeff7b3c0c..1e38590b7ca7d 100644
--- a/.github/workflows/gardener_issue_comment.yml
+++ b/.github/workflows/gardener_issue_comment.yml
@@ -13,7 +13,7 @@ on:
 jobs:
   move-to-backlog:
     name: Move issues back to Gardener project board Triage
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: ${{ !github.event.issue.pull_request }}
     steps:
diff --git a/.github/workflows/gardener_open_issue.yml b/.github/workflows/gardener_open_issue.yml
index bb846d4799968..303e8d5147fce 100644
--- a/.github/workflows/gardener_open_issue.yml
+++ b/.github/workflows/gardener_open_issue.yml
@@ -9,7 +9,7 @@ on:
 jobs:
   add-to-project:
     name: Add issue to Gardener project board
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     steps:
       - uses: actions/add-to-project@v1.0.2
diff --git a/.github/workflows/gardener_open_pr.yml b/.github/workflows/gardener_open_pr.yml
index 6edf1de2e3377..c299c9318a42a 100644
--- a/.github/workflows/gardener_open_pr.yml
+++ b/.github/workflows/gardener_open_pr.yml
@@ -10,7 +10,7 @@ on:
 jobs:
   add-contributor-to-project:
     name: Add contributor PR to Gardener project board
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
@@ -33,7 +33,7 @@ jobs:
           github-token: ${{ secrets.GH_PROJECT_PAT }}
   add-dependabot-to-project:
     name: Add dependabot PR to Gardener project board
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
diff --git a/.github/workflows/gardener_remove_waiting_author.yml b/.github/workflows/gardener_remove_waiting_author.yml
index e2599e596361f..a9e7f52cb3660 100644
--- a/.github/workflows/gardener_remove_waiting_author.yml
+++ b/.github/workflows/gardener_remove_waiting_author.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   remove_label:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
index e653c20723943..05259d83c7bb9 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -483,7 +483,7 @@ jobs:
 
   integration-test-suite:
     name: Integration Test Suite
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: always()
     needs:
diff --git a/.github/workflows/k8s_e2e.yml b/.github/workflows/k8s_e2e.yml
index f501819cd0d31..cd8085b3f28e4 100644
--- a/.github/workflows/k8s_e2e.yml
+++ b/.github/workflows/k8s_e2e.yml
@@ -125,7 +125,7 @@ jobs:
   # See https://github.community/t/feature-request-and-use-case-example-to-allow-matrix-in-if-s/126067
   compute-k8s-test-plan:
     name: Compute K8s test plan
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     needs: changes
     # Run this job even if `changes` job is skipped
@@ -234,7 +234,7 @@ jobs:
 
   final-result:
     name: K8s E2E Suite
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     needs:
       - changes
diff --git a/.github/workflows/msrv.yml b/.github/workflows/msrv.yml
index 15dbd9da1a74f..baa2b5c2ed70e 100644
--- a/.github/workflows/msrv.yml
+++ b/.github/workflows/msrv.yml
@@ -13,7 +13,7 @@ env:
 
 jobs:
   check-msrv:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     timeout-minutes: 20
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/preview_site_trigger.yml b/.github/workflows/preview_site_trigger.yml
index a8a20961f5db4..3ec4da8d034ee 100644
--- a/.github/workflows/preview_site_trigger.yml
+++ b/.github/workflows/preview_site_trigger.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   approval_check:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: ${{ contains(github.head_ref, 'website') }}
     steps:
diff --git a/.github/workflows/protobuf.yml b/.github/workflows/protobuf.yml
index d5ed4a1186a0c..d1e47e8bca5a2 100644
--- a/.github/workflows/protobuf.yml
+++ b/.github/workflows/protobuf.yml
@@ -15,7 +15,7 @@ concurrency:
 
 jobs:
   validate-protos:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     steps:
       # Run `git checkout`
diff --git a/.github/workflows/regression.yml b/.github/workflows/regression.yml
index 41abbe51ea1ae..5b21137582a3c 100644
--- a/.github/workflows/regression.yml
+++ b/.github/workflows/regression.yml
@@ -42,7 +42,7 @@ env:
 jobs:
 
   resolve-inputs:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     outputs:
       baseline-sha: ${{ steps.set_and_validate_shas.outputs.BASELINE_SHA }}
       comparison-sha: ${{ steps.set_and_validate_shas.outputs.COMPARISON_SHA }}
@@ -111,7 +111,7 @@ jobs:
 
   # Only run this workflow if files changed in areas that could possibly introduce a regression.
   check-source-changed:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     needs: resolve-inputs
     outputs:
@@ -172,7 +172,7 @@ jobs:
           echo "SOURCE_CHANGED=${SOURCE_CHANGED}" >> $GITHUB_OUTPUT
 
   should-run-gate:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: check-source-changed
     if: ${{ needs.check-source-changed.outputs.source_changed }}
     steps:
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 8518dc7df867d..472ed4e9ae07b 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -20,7 +20,7 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecard analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       # Needed to upload the results to code-scanning dashboard.
       security-events: write
diff --git a/.github/workflows/semantic.yml b/.github/workflows/semantic.yml
index 220027f6c3d80..8c15013b40697 100644
--- a/.github/workflows/semantic.yml
+++ b/.github/workflows/semantic.yml
@@ -13,7 +13,7 @@ on:
 jobs:
   main:
     name: Check Semantic PR
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: amannn/action-semantic-pull-request@v5
         env:
diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
index 59917f30a48fa..5976f1a9fedb4 100644
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@@ -77,7 +77,7 @@ jobs:
       security-events: write
     outputs:
       followup: ${{ steps.spelling.outputs.followup }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 5
     if: "contains(github.event_name, 'pull_request') || github.event_name == 'push'"
     concurrency: