diff --git a/.github/workflows/check_wdk.yml b/.github/workflows/check_wdk.yml index edcb64e618..1d92b5c088 100644 --- a/.github/workflows/check_wdk.yml +++ b/.github/workflows/check_wdk.yml @@ -21,7 +21,7 @@ jobs: runs-on: Windows-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index dceda4522d..1a6334c3e3 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -20,7 +20,7 @@ jobs: runs-on: windows-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit diff --git a/.github/workflows/netperf.yml b/.github/workflows/netperf.yml index 167645181f..23697e56ef 100644 --- a/.github/workflows/netperf.yml +++ b/.github/workflows/netperf.yml @@ -34,7 +34,7 @@ jobs: runs-on: windows-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -53,13 +53,13 @@ jobs: gh run download $run_id --dir netperf --pattern ebpf* --repo microsoft/netperf - name: upload_results_azure_2022_x64 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: Test-Logs-netperf_azure_2022_x64 path: netperf/ebpf_azure_2022_x64/ebpf.csv - name: upload_results_lab_2022_x64 - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: Test-Logs-netperf_lab_2022_x64 path: netperf/ebpf_lab_2022_x64/ebpf.csv diff --git a/.github/workflows/nuget_update.yaml b/.github/workflows/nuget_update.yaml index d307563953..e073bf4669 100644 --- a/.github/workflows/nuget_update.yaml +++ b/.github/workflows/nuget_update.yaml @@ -33,7 +33,7 @@ jobs: steps: # Check out the main repo. - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -61,7 +61,7 @@ jobs: nuget update -noninteractive -verbosity detailed ${{env.SOLUTION_FILE_PATH}} - name: Create Pull Request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update NuGet packages diff --git a/.github/workflows/ossar-scan.yml b/.github/workflows/ossar-scan.yml index 35c8da480d..deedfb838f 100644 --- a/.github/workflows/ossar-scan.yml +++ b/.github/workflows/ossar-scan.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -81,6 +81,6 @@ jobs: - name: Upload results to Security tab if: steps.skip_check.outputs.should_skip != 'true' - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c with: sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/.github/workflows/release-scheduler.yml b/.github/workflows/release-scheduler.yml index 475d14920e..5ce77302ef 100644 --- a/.github/workflows/release-scheduler.yml +++ b/.github/workflows/release-scheduler.yml @@ -19,7 +19,7 @@ jobs: issues: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 0649a090a8..d34ec441e4 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -97,7 +97,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -135,7 +135,7 @@ jobs: - name: Initialize CodeQL if: inputs.build_codeql == true && steps.skip_check.outputs.should_skip != 'true' - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c with: languages: 'cpp' @@ -239,7 +239,7 @@ jobs: - name: Upload Build Output if: always() && (steps.skip_check.outputs.should_skip != 'true') && (inputs.build_artifact != 'none') - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: ${{inputs.build_artifact}}-${{matrix.configurations}} path: ${{github.workspace}}/build-${{ matrix.configurations }}.zip @@ -247,7 +247,7 @@ jobs: - name: Upload the MSI package if: inputs.build_msi == true - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: ebpf-for-windows - MSI installer (${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}}) path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/ebpf-for-windows.msi @@ -259,7 +259,7 @@ jobs: - name: Upload the NuGet package if: inputs.build_nuget == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease') && steps.skip_check.outputs.should_skip != 'true' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: ebpf-for-windows - NuGet package (${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}}) path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/eBPF-for-Windows.*.nupkg @@ -271,14 +271,14 @@ jobs: - name: Upload the NuGet Redist package if: inputs.build_nuget == true && (matrix.configurations == 'Release' || matrix.configurations == 'NativeOnlyRelease') && steps.skip_check.outputs.should_skip != 'true' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: ebpf-for-windows - NuGet Redist package (${{inputs.build_artifact}}_${{env.BUILD_CONFIGURATION}}) path: ${{github.workspace}}/${{env.BUILD_PLATFORM}}/${{env.BUILD_CONFIGURATION}}/eBPF-for-Windows-Redist.*.nupkg - name: Upload binlog if: (success() || failure()) && steps.skip_check.outputs.should_skip != 'true' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: build-binlog-${{env.BUILD_ARTIFACT_NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}} path: out.binlog @@ -294,7 +294,7 @@ jobs: - name: Upload any crash dumps # Upload crash dumps even if the workflow failed. if: (success() || failure()) && (steps.skip_check.outputs.should_skip != 'true') && (steps.check_dumps.outputs.files_exists == 'true') - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 id: upload_crash_dumps with: name: Crash-Dumps-${{env.NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}} @@ -303,4 +303,4 @@ jobs: - name: Perform CodeQL Analysis if: inputs.build_codeql == true && steps.skip_check.outputs.should_skip != 'true' - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c diff --git a/.github/workflows/reusable-test.yml b/.github/workflows/reusable-test.yml index 6f551a85c2..82eaf7703a 100644 --- a/.github/workflows/reusable-test.yml +++ b/.github/workflows/reusable-test.yml @@ -85,7 +85,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -408,7 +408,7 @@ jobs: - name: Upload any crash dumps # Upload crash dumps even if the workflow failed. if: always() && (steps.skip_check.outputs.should_skip != 'true') && (steps.check_dumps.outputs.files_exists == 'true') && (inputs.gather_dumps == true) - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 id: upload_crash_dumps with: name: Crash-Dumps-${{env.NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}} @@ -427,7 +427,7 @@ jobs: # Upload test logs even if the workflow failed. if: (success() || failure()) && (steps.skip_check.outputs.should_skip != 'true') && (steps.check_logs.outputs.files_exists == 'true') id: upload_logs - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 continue-on-error: true with: name: Test-Logs-${{env.NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}} @@ -447,7 +447,7 @@ jobs: if: (success() || failure()) && (steps.skip_check.outputs.should_skip != 'true') && (steps.check_artifacts.outputs.files_exists == 'true') id: upload_artifacts continue-on-error: true - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: Artifacts-${{env.NAME}}-${{env.BUILD_PLATFORM}}-${{env.BUILD_CONFIGURATION}} path: ${{github.workspace}}\${{env.BUILD_PLATFORM}}\${{env.BUILD_CONFIGURATION}}\Artifacts @@ -463,7 +463,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 4bae14c0fe..c0f22c5101 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -33,7 +33,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: disable-sudo: true egress-policy: block @@ -67,7 +67,7 @@ jobs: # Upload the results as artifacts (optional). - name: "Upload artifact" if: github.ref_name == 'main' - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: SARIF file path: results.sarif @@ -76,6 +76,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" if: github.ref_name == 'main' - uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c with: sarif_file: results.sarif diff --git a/.github/workflows/update-docs.yml b/.github/workflows/update-docs.yml index 553ec97adc..281690840d 100644 --- a/.github/workflows/update-docs.yml +++ b/.github/workflows/update-docs.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 with: egress-policy: block allowed-endpoints: > diff --git a/.github/workflows/upload-perf-results.yml b/.github/workflows/upload-perf-results.yml index ee5539cd5e..c1e3bea87d 100644 --- a/.github/workflows/upload-perf-results.yml +++ b/.github/workflows/upload-perf-results.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 with: egress-policy: audit @@ -65,7 +65,7 @@ jobs: # Grab the output from the results directory and upload it as an artifact to debug failures. - name: Upload data as artifacts for debugging - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: Test-Results-${{inputs.result_artifact}} path: ${{github.workspace}}/results @@ -105,7 +105,7 @@ jobs: psql -f ./check_perf_results.sql -v platform='${{inputs.platform}}' --csv > ${{github.workspace}}/results/regression_results.csv - name: Upload regression results - uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: Regression-Results-${{inputs.result_artifact}} path: ${{github.workspace}}/results/regression_results.csv