diff --git a/.github/workflows/Openstack-Rally-Tester.yaml b/.github/workflows/Openstack-Rally-Tester.yaml index 10bba311..9d8d2301 100644 --- a/.github/workflows/Openstack-Rally-Tester.yaml +++ b/.github/workflows/Openstack-Rally-Tester.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: Openstack-Rally-Tester on: @@ -19,9 +22,9 @@ jobs: matrix: python-version: ["3.10"] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -37,8 +40,8 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 with: scandir: "./OpenStack-Rally-Tester" diff --git a/.github/workflows/aq_zombie_finder.yaml b/.github/workflows/aq_zombie_finder.yaml index 681e283f..ee315da4 100644 --- a/.github/workflows/aq_zombie_finder.yaml +++ b/.github/workflows/aq_zombie_finder.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: AQ Zombie Finder Unittest on: @@ -19,9 +22,9 @@ jobs: matrix: python-version: ["3.9"] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: "pip" diff --git a/.github/workflows/black.yaml b/.github/workflows/black.yaml index 078058bf..bfc2364e 100644 --- a/.github/workflows/black.yaml +++ b/.github/workflows/black.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: Black formatter on: [push, pull_request] @@ -6,34 +9,34 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Prometheus IP Script - uses: psf/black@stable + uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 with: src: "prometheus_ip_script" - name: Aquilon Zombie Finder - uses: psf/black@stable + uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 with: src: "aq_zombie_finder" - name: DNS Entry Checker - uses: psf/black@stable + uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 with: src: "dns_entry_checker" - name: Word Cloud Generator - uses: psf/black@stable + uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 with: src: "word_cloud_generator" - name: JSM Metric Collection - uses: psf/black@stable + uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 with: src: "jsm_metric_collection" - name: Openstack-Rally-Tester - uses: psf/black@stable + uses: psf/black@c6755bb741b6481d6b3d3bb563c83fa060db96c9 with: src: "OpenStack-Rally-Tester" diff --git a/.github/workflows/chatops.yaml b/.github/workflows/chatops.yaml index 9dc1cbdb..4e5ec58c 100644 --- a/.github/workflows/chatops.yaml +++ b/.github/workflows/chatops.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: Linting on: @@ -16,7 +19,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Check Terraform run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2bcf5d46..148445ba 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,6 +9,9 @@ # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # +permissions: + contents: read + name: "CodeQL" on: @@ -56,11 +59,11 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v4 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -88,6 +91,6 @@ jobs: exit 1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dns_entry_checker.yaml b/.github/workflows/dns_entry_checker.yaml index 3fe95ffe..9ba5a634 100644 --- a/.github/workflows/dns_entry_checker.yaml +++ b/.github/workflows/dns_entry_checker.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: DNS Entry Checker Unittest on: @@ -19,9 +22,9 @@ jobs: matrix: python-version: ["3.9"] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: "pip" diff --git a/.github/workflows/gpu_benchmark.yaml b/.github/workflows/gpu_benchmark.yaml index da8ccae8..aaa56dbf 100644 --- a/.github/workflows/gpu_benchmark.yaml +++ b/.github/workflows/gpu_benchmark.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: GPU Benchmark PR on: push: @@ -16,8 +19,8 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master + uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 with: scandir: "./gpu_benchmark" diff --git a/.github/workflows/iriscast_build.yaml b/.github/workflows/iriscast_build.yaml index 4c9d62f0..b3d6a49a 100644 --- a/.github/workflows/iriscast_build.yaml +++ b/.github/workflows/iriscast_build.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: IRISCAST Bump, Build and Release on: @@ -22,17 +25,17 @@ jobs: steps: - name: "Setup Github Token" - uses: actions/create-github-app-token@v3 + uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 id: app-token with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v4 + uses:actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python - uses: actions/setup-python@v5 + uses:actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.11" @@ -61,7 +64,7 @@ jobs: echo "current-version=$(bump-my-version show current_version)" >> $GITHUB_OUTPUT - name: Push changes to GitHub - uses: ad-m/github-push-action@master + uses: ad-m/github-push-action@m4cc74773234f74829a8c21bc4d69dd4be9cfa599 with: github_token: "${{ steps.app-token.outputs.token }}" branch: master @@ -81,7 +84,7 @@ jobs: - name: Create GitHub Release if: steps.bump.outputs.bumped == 'true' - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with: tag_name: iriscasttools-v${{ steps.bump.outputs.current-version }} name: iriscasttools-v${{ steps.bump.outputs.current-version }} diff --git a/.github/workflows/iriscast_unittest.yaml b/.github/workflows/iriscast_unittest.yaml index febded32..d6bb91a0 100644 --- a/.github/workflows/iriscast_unittest.yaml +++ b/.github/workflows/iriscast_unittest.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: IRISCAST Unittest on: @@ -26,13 +29,13 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Navigate to iriscasttools project run: cd iriscasttools - name: Install uv and set the Python version - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/jsm_metric_collection.yaml b/.github/workflows/jsm_metric_collection.yaml index 9c361813..259b1c0f 100644 --- a/.github/workflows/jsm_metric_collection.yaml +++ b/.github/workflows/jsm_metric_collection.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: DNS Entry Checker Unittest on: @@ -19,9 +22,9 @@ jobs: matrix: python-version: ["3.9"] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: "pip" diff --git a/.github/workflows/prometheus_query_to_csv.yaml b/.github/workflows/prometheus_query_to_csv.yaml index 847f2841..339c98cb 100644 --- a/.github/workflows/prometheus_query_to_csv.yaml +++ b/.github/workflows/prometheus_query_to_csv.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: Pylint-Tests-Codecov on: @@ -19,9 +22,9 @@ jobs: matrix: python-version: ["3.x"] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -39,7 +42,7 @@ jobs: run: cd prometheus_query_to_csv && python3 -m pytest . --cov-report xml:coverage.xml --cov - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: token: ${{secrets.CODECOV_TOKEN}} files: ./prometheus_query_to_csv/coverage.xml diff --git a/.github/workflows/word_cloud_generator.yaml b/.github/workflows/word_cloud_generator.yaml index 73eb5774..7d340b4f 100644 --- a/.github/workflows/word_cloud_generator.yaml +++ b/.github/workflows/word_cloud_generator.yaml @@ -1,3 +1,6 @@ +permissions: + contents: read + name: Word Cloud Generator Unittest on: @@ -19,9 +22,9 @@ jobs: matrix: python-version: ["3.9"] steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: "pip"