diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4ec0b652..65191ddf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -17,12 +17,12 @@ jobs: runs-on: ubuntu-latest permissions: write-all steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 2 - name: Get changed files id: changed-files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 with: filters: | files: @@ -31,9 +31,9 @@ jobs: - '**/*.go' - 'integration_test/' - 'config-example.yaml' - - uses: nixbuild/nix-quick-install-action@master + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad if: steps.changed-files.outputs.files == 'true' - - uses: nix-community/cache-nix-action@main + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a if: steps.changed-files.outputs.files == 'true' with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} @@ -55,7 +55,7 @@ jobs: exit $BUILD_STATUS - name: Nix gosum diverging - uses: actions/github-script@v6 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea if: failure() && steps.build.outcome == 'failure' with: github-token: ${{secrets.GITHUB_TOKEN}} @@ -67,7 +67,7 @@ jobs: body: 'Nix build failed with wrong gosum, please update "vendorSha256" (${{ steps.build.outputs.OLD_HASH }}) for the "headscale" package in flake.nix with the new SHA: ${{ steps.build.outputs.NEW_HASH }}' }) - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 if: steps.changed-files.outputs.files == 'true' with: name: headscale-linux @@ -86,16 +86,16 @@ jobs: - "GOARCH=arm64 GOOS=darwin" - "GOARCH=amd64 GOOS=darwin" steps: - - uses: actions/checkout@v4 - - uses: nixbuild/nix-quick-install-action@master - - uses: nix-community/cache-nix-action@main + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }} - name: Run go cross compile run: env ${{ matrix.env }} nix develop --command -- go build -o "headscale" ./cmd/headscale - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 with: name: "headscale-${{ matrix.env }}" path: "headscale" diff --git a/.github/workflows/check-tests.yaml b/.github/workflows/check-tests.yaml index 84149088..29c9d9d5 100644 --- a/.github/workflows/check-tests.yaml +++ b/.github/workflows/check-tests.yaml @@ -10,12 +10,12 @@ jobs: check-tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 2 - name: Get changed files id: changed-files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 with: filters: | files: @@ -24,9 +24,9 @@ jobs: - '**/*.go' - 'integration_test/' - 'config-example.yaml' - - uses: nixbuild/nix-quick-install-action@master + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad if: steps.changed-files.outputs.files == 'true' - - uses: nix-community/cache-nix-action@main + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a if: steps.changed-files.outputs.files == 'true' with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index 94b285e7..18caa512 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -21,15 +21,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 0 - name: Install python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.x - name: Setup cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 with: key: ${{ github.ref }} path: .cache diff --git a/.github/workflows/docs-test.yml b/.github/workflows/docs-test.yml index a2b15324..71a3b4c3 100644 --- a/.github/workflows/docs-test.yml +++ b/.github/workflows/docs-test.yml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Install python - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 with: python-version: 3.x - name: Setup cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 with: key: ${{ github.ref }} path: .cache diff --git a/.github/workflows/gh-actions-updater.yaml b/.github/workflows/gh-actions-updater.yaml index f46fb67c..f7f62185 100644 --- a/.github/workflows/gh-actions-updater.yaml +++ b/.github/workflows/gh-actions-updater.yaml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: # [Required] Access token with `workflow` scope. token: ${{ secrets.WORKFLOW_SECRET }} - name: Run GitHub Actions Version Updater - uses: saadmk11/github-actions-version-updater@v0.8.1 + uses: saadmk11/github-actions-version-updater@64be81ba69383f81f2be476703ea6570c4c8686e with: # [Required] Access token with `workflow` scope. token: ${{ secrets.WORKFLOW_SECRET }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 934876b1..eea790bb 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,12 +10,12 @@ jobs: golangci-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 2 - name: Get changed files id: changed-files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 with: filters: | files: @@ -24,9 +24,9 @@ jobs: - '**/*.go' - 'integration_test/' - 'config-example.yaml' - - uses: nixbuild/nix-quick-install-action@master + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad if: steps.changed-files.outputs.files == 'true' - - uses: nix-community/cache-nix-action@main + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a if: steps.changed-files.outputs.files == 'true' with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} @@ -39,12 +39,12 @@ jobs: prettier-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 2 - name: Get changed files id: changed-files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 with: filters: | files: @@ -58,9 +58,9 @@ jobs: - '**/*.css' - '**/*.scss' - '**/*.html' - - uses: nixbuild/nix-quick-install-action@master + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad if: steps.changed-files.outputs.files == 'true' - - uses: nix-community/cache-nix-action@main + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a if: steps.changed-files.outputs.files == 'true' with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} @@ -73,9 +73,9 @@ jobs: proto-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: nixbuild/nix-quick-install-action@master - - uses: nix-community/cache-nix-action@main + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e43012bf..378ae60c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,25 +13,25 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 0 - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GHCR - uses: docker/login-action@v3 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: nixbuild/nix-quick-install-action@master - - uses: nix-community/cache-nix-action@main + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index e6e5d511..1a7382cb 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/stale@v9 + - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 with: days-before-issue-stale: 90 days-before-issue-close: 7 diff --git a/.github/workflows/test-integration.yaml b/.github/workflows/test-integration.yaml index c3f1d46e..0999ad72 100644 --- a/.github/workflows/test-integration.yaml +++ b/.github/workflows/test-integration.yaml @@ -92,12 +92,12 @@ jobs: # that triggered the build. HAS_TAILSCALE_SECRET: ${{ secrets.TS_OAUTH_CLIENT_ID }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 2 - name: Get changed files id: changed-files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 with: filters: | files: @@ -108,7 +108,7 @@ jobs: - 'config-example.yaml' - name: Tailscale if: ${{ env.HAS_TAILSCALE_SECRET }} - uses: tailscale/github-action@v2 + uses: tailscale/github-action@6986d2c82a91fbac2949fe01f5bab95cf21b5102 with: oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} oauth-secret: ${{ secrets.TS_OAUTH_SECRET }} @@ -116,18 +116,18 @@ jobs: - name: Setup SSH server for Actor if: ${{ env.HAS_TAILSCALE_SECRET }} uses: alexellis/setup-sshd-actor@master - - uses: nixbuild/nix-quick-install-action@master + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad if: steps.changed-files.outputs.files == 'true' - - uses: nix-community/cache-nix-action@main + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a if: steps.changed-files.outputs.files == 'true' with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} restore-prefixes-first-match: nix-${{ runner.os }}-${{ runner.arch }} - - uses: satackey/action-docker-layer-caching@main + - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052 if: steps.changed-files.outputs.files == 'true' continue-on-error: true - name: Run Integration Test - uses: Wandalen/wretry.action@master + uses: Wandalen/wretry.action@e68c23e6309f2871ca8ae4763e7629b9c258e1ea if: steps.changed-files.outputs.files == 'true' with: # Our integration tests are started like a thundering herd, often @@ -145,12 +145,12 @@ jobs: nix develop --command -- hi run "^${{ matrix.test }}$" \ --timeout=120m \ --postgres=${{ matrix.database == 'postgres' && 'true' || 'false' }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 if: always() && steps.changed-files.outputs.files == 'true' with: name: ${{ matrix.test }}-${{matrix.database}}-logs path: "control_logs/*/*.log" - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 if: always() && steps.changed-files.outputs.files == 'true' with: name: ${{ matrix.test }}-${{matrix.database}}-archives diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0384b6ec..1fd3c5f5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,13 +11,13 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 2 - name: Get changed files id: changed-files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 with: filters: | files: @@ -27,9 +27,9 @@ jobs: - 'integration_test/' - 'config-example.yaml' - - uses: nixbuild/nix-quick-install-action@master + - uses: nixbuild/nix-quick-install-action@889f3180bb5f064ee9e3201428d04ae9e41d54ad if: steps.changed-files.outputs.files == 'true' - - uses: nix-community/cache-nix-action@main + - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a if: steps.changed-files.outputs.files == 'true' with: primary-key: nix-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml index 35067784..907cdc20 100644 --- a/.github/workflows/update-flake.yml +++ b/.github/workflows/update-flake.yml @@ -10,10 +10,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main + uses: DeterminateSystems/nix-installer-action@21a544727d0c62386e78b4befe52d19ad12692e3 - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@main + uses: DeterminateSystems/update-flake-lock@428c2b58a4b7414dabd372acb6a03dba1084d3ab with: pr-title: "Update flake.lock"