From 8a1a2b49502c1397127886d5891d265a915be572 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Tue, 14 Oct 2025 08:54:44 +0100 Subject: [PATCH 01/17] Only create one PR when updating dependencies (cherry picked from commit 4834ac824f006fdee6fb789025c891029c990136) --- .github/workflows/stackhpc-update-kolla.yml | 2 +- .github/workflows/update-dependencies.yml | 223 ++++++++++++++------ 2 files changed, 160 insertions(+), 65 deletions(-) diff --git a/.github/workflows/stackhpc-update-kolla.yml b/.github/workflows/stackhpc-update-kolla.yml index fdffb66843..45e926c417 100644 --- a/.github/workflows/stackhpc-update-kolla.yml +++ b/.github/workflows/stackhpc-update-kolla.yml @@ -21,7 +21,7 @@ jobs: codename: Epoxy uses: ./.github/workflows/update-dependencies.yml with: - openstack_version: ${{ matrix.version }} + branch: ${{ matrix.version }} openstack_codename: ${{ matrix.codename }} permissions: contents: write diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 8ae3eb9ca4..3afacf5db9 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -3,92 +3,187 @@ name: Update dependencies on: workflow_call: inputs: - openstack_version: - description: OpenStack version + branch: + description: Branch to update. Must exist in all repositories. e.g. stackhpc/2025.1 type: string required: true openstack_codename: - description: OpenStack codename + description: OpenStack codename e.g. Epoxy + type: string + required: true + workflow_dispatch: + inputs: + branch: + description: Branch to update. Must exist in all repositories. e.g. stackhpc/2025.1 + type: string + required: true + openstack_codename: + description: OpenStack codename e.g. Epoxy type: string required: true jobs: - propose_github_release_updates: + propose-dependency-updates: if: github.repository == 'stackhpc/stackhpc-kayobe-config' - runs-on: ubuntu-22.04 - strategy: - matrix: - include: - - key: kolla - path: src/kayobe-config/etc/kayobe/stackhpc.yml - repository: stackhpc/kolla - search_regex: 'stackhpc_kolla_source_version\:.*$' - prefix: 'stackhpc_kolla_source_version\: ' - - - key: kolla-ansible - path: src/kayobe-config/etc/kayobe/stackhpc.yml - repository: stackhpc/kolla-ansible - search_regex: 'stackhpc_kolla_ansible_source_version\:.*$' - prefix: 'stackhpc_kolla_ansible_source_version\: ' - - - key: kayobe - path: src/kayobe-config/requirements.txt - repository: stackhpc/kayobe - search_regex: 'kayobe@stackhpc\/.*$' - prefix: 'kayobe@' + runs-on: ubuntu-24.04 permissions: contents: write pull-requests: write - name: ${{ matrix.key }} + name: Propose dependency updates + outputs: + kolla-tag: ${{ steps.latest_kolla_tag.outputs.latest_tag || steps.current_kolla_version.outputs.version }} + kolla-ansible-tag: ${{ steps.latest_kolla_ansible_tag.outputs.latest_tag || steps.current_kolla_ansible_version.outputs.version }} + kayobe-tag: ${{ steps.latest_kayobe_tag.outputs.latest_tag || steps.current_kayobe_version.outputs.version }} steps: - - name: Checkout + - name: Checkout Kayobe-config uses: actions/checkout@v4 with: - ref: ${{ inputs.openstack_version }} - path: ${{ github.workspace }}/src/kayobe-config + ref: ${{ inputs.branch }} + path: src/kayobe-config + + - name: Set sanitised branch name + id: branch_name + run: | + sanitised_name=$(echo "update-dependencies-${{ inputs.branch }}" | tr '/' '-') + echo "name=${sanitised_name}" >> $GITHUB_OUTPUT + + - name: Set up branch and Git config + run: | + git checkout -b ${{ steps.branch_name.outputs.name }} + git config user.name "stackhpc-ci" + git config user.email "22933334+stackhpc-ci@users.noreply.github.com" + working-directory: src/kayobe-config + + - name: Initialise PR Body + run: | + echo "This PR was created automatically to update dependencies for the ${{ inputs.branch }} release." > pr_body.md + echo "" >> pr_body.md + echo "### Changes" >> pr_body.md + + - name: Checkout Kolla repository + uses: actions/checkout@v4 + with: + repository: stackhpc/kolla + ref: ${{ inputs.branch }} + fetch-tags: true + path: src/kolla + + - name: Get latest Kolla tag + id: latest_kolla_tag + run: echo "latest_tag=$(git describe --tags --abbrev=0 --match stackhpc/\*)" >> $GITHUB_OUTPUT + working-directory: ${{ github.workspace }}/src/kolla + + - name: Get current Kolla version + id: current_kolla_version + run: | + VERSION=$(awk -F': ' '/stackhpc_kolla_source_version:/ {print $2}' src/kayobe-config/etc/kayobe/stackhpc.yml | xargs) + echo "version=${VERSION}" >> $GITHUB_OUTPUT - - name: Checkout the dependency repo + - name: Update and commit Kolla version if needed + if: steps.latest_kolla_tag.outputs.latest_tag != steps.current_kolla_version.outputs.version + run: | + sed -i "s/stackhpc_kolla_source_version\:.*$/stackhpc_kolla_source_version\: $(echo $TAG | sed 's/\//\\\//g')/g" etc/kayobe/stackhpc.yml + echo "- **Kolla** bumped from \`${{ steps.current_kolla_version.outputs.version }}\` to \`${{ steps.latest_kolla_tag.outputs.latest_tag }}\`" >> ../../pr_body.md + echo " - Changelog: https://github.com/stackhpc/kolla/releases/tag/${{ steps.latest_kolla_tag.outputs.latest_tag }}" >> ../../pr_body.md + git add etc/kayobe/stackhpc.yml + git commit -m "(automated) Bump kolla to ${{ steps.latest_kolla_tag.outputs.latest_tag }}" + env: + TAG: ${{ steps.latest_kolla_tag.outputs.latest_tag }} + working-directory: src/kayobe-config + + - name: Checkout Kolla Ansible repository uses: actions/checkout@v4 with: - repository: ${{ matrix.repository }} - ref: ${{ inputs.openstack_version }} + repository: stackhpc/kolla-ansible + ref: ${{ inputs.branch }} fetch-tags: true - path: ${{ github.workspace }}/src/${{ matrix.key }} + path: src/kolla-ansible - - name: Get latest tag - id: latest_tag + - name: Get latest Kolla Ansible tag + id: latest_kolla_ansible_tag + run: echo "latest_tag=$(git describe --tags --abbrev=0 --match stackhpc/\*)" >> $GITHUB_OUTPUT + working-directory: ${{ github.workspace }}/src/kolla-ansible + + - name: Get current Kolla Ansible version + id: current_kolla_ansible_version run: | - TAG=$(git describe --tags --abbrev=0 --match stackhpc/\*) - echo latest_tag=${TAG} >> $GITHUB_OUTPUT - working-directory: ${{ github.workspace }}/src/${{ matrix.key }} + VERSION=$(awk -F': ' '/stackhpc_kolla_ansible_source_version:/ {print $2}' src/kayobe-config/etc/kayobe/stackhpc.yml | xargs) + echo "version=${VERSION}" >> $GITHUB_OUTPUT - - name: Update dependency key + - name: Update and commit Kolla Ansible version if needed + if: steps.latest_kolla_ansible_tag.outputs.latest_tag != steps.current_kolla_ansible_version.outputs.version run: | - TAG_OVERRIDE=$(echo $TAG | sed 's/\//\\\//g') - sed -i "s/$SEARCH/$PREFIX$TAG_OVERRIDE/g" $REQUIREMENTS + sed -i "s/stackhpc_kolla_ansible_source_version\:.*$/stackhpc_kolla_ansible_source_version\: $(echo $TAG | sed 's/\//\\\//g')/g" etc/kayobe/stackhpc.yml + echo "- **Kolla-Ansible** bumped from \`${{ steps.current_kolla_ansible_version.outputs.version }}\` to \`${{ steps.latest_kolla_ansible_tag.outputs.latest_tag }}\`" >> ../../pr_body.md + echo " - Changelog: https://github.com/stackhpc/kolla-ansible/releases/tag/${{ steps.latest_kolla_ansible_tag.outputs.latest_tag }}" >> ../../pr_body.md + git add etc/kayobe/stackhpc.yml + git commit -m "(automated) Bump kolla-ansible to ${{ steps.latest_kolla_ansible_tag.outputs.latest_tag }}" env: - PREFIX: ${{ matrix.prefix }} - TAG: ${{ steps.latest_tag.outputs.latest_tag }} - REQUIREMENTS: ${{ github.workspace }}/${{ matrix.path }} - SEARCH: ${{ matrix.search_regex }} + TAG: ${{ steps.latest_kolla_ansible_tag.outputs.latest_tag }} + working-directory: src/kayobe-config - - name: Propose changes via PR if required - uses: peter-evans/create-pull-request@v7 + - name: Checkout Kayobe repository + uses: actions/checkout@v4 with: - path: ${{ github.workspace }}/src/kayobe-config - commit-message: >- - Bump ${{ matrix.key }} to ${{ steps.latest_tag.outputs.latest_tag }} - author: stackhpc-ci <22933334+stackhpc-ci@users.noreply.github.com> - branch: update-dependency/${{ matrix.key }}/${{ inputs.openstack_version }} - delete-branch: true - title: >- - Bump ${{ matrix.key }} to ${{ steps.latest_tag.outputs.latest_tag }} - body: > - This PR was created automatically to update ${{ inputs.openstack_version }} - ${{ matrix.key }} to ${{ steps.latest_tag.outputs.latest_tag }}. - - GitHub Release Changelog: - https://github.com/stackhpc/${{ matrix.key }}/releases/tag/${{ steps.latest_tag.outputs.latest_tag }} - labels: | - automated - ${{ inputs.openstack_codename }} + repository: stackhpc/kayobe + ref: ${{ inputs.branch }} + fetch-tags: true + path: src/kayobe + + - name: Get latest Kayobe tag + id: latest_kayobe_tag + run: echo "latest_tag=$(git describe --tags --abbrev=0 --match stackhpc/\*)" >> $GITHUB_OUTPUT + working-directory: ${{ github.workspace }}/src/kayobe + + - name: Get current Kayobe version + id: current_kayobe_version + run: | + VERSION=$(grep 'kayobe@stackhpc/' src/kayobe-config/requirements.txt | sed 's/.*@//' | xargs) + echo "version=${VERSION}" >> $GITHUB_OUTPUT + + - name: Update and commit Kayobe version if needed + if: steps.latest_kayobe_tag.outputs.latest_tag != steps.current_kayobe_version.outputs.version + run: | + sed -i "s|kayobe@stackhpc/.*$|kayobe@$(echo $TAG | sed 's|/|\\/|g')|g" requirements.txt + echo "- **Kayobe** bumped from \`${{ steps.current_kayobe_version.outputs.version }}\` to \`${{ steps.latest_kayobe_tag.outputs.latest_tag }}\`" >> ../../pr_body.md + echo " - Changelog: https://github.com/stackhpc/kayobe/releases/tag/${{ steps.latest_kayobe_tag.outputs.latest_tag }}" >> ../../pr_body.md + git add requirements.txt + git commit -m "(automated) Bump kayobe to ${{ steps.latest_kayobe_tag.outputs.latest_tag }}" + env: + TAG: ${{ steps.latest_kayobe_tag.outputs.latest_tag }} + working-directory: src/kayobe-config + + - name: Check for new commits + id: check_commits + run: | + count=$(git rev-list --count ${{ inputs.branch }}..HEAD) + if [ "$count" -gt 0 ]; then + echo "has_commits=true" >> $GITHUB_OUTPUT + else + echo "has_commits=false" >> $GITHUB_OUTPUT + fi + working-directory: src/kayobe-config + + - name: Push commits + if: steps.check_commits.outputs.has_commits == 'true' + run: git push --force origin ${{ steps.branch_name.outputs.name }} + working-directory: src/kayobe-config + + - name: Create or Update Pull Request + if: steps.check_commits.outputs.has_commits == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: src/kayobe-config + run: | + EXISTING_PR=$(gh pr list --head "${{ steps.branch_name.outputs.name }}" --json number -q '.[0].number') + if [ -n "$EXISTING_PR" ]; then + gh pr close $EXISTING_PR + fi + gh pr create \ + --base "${{ inputs.branch }}" \ + --head "${{ steps.branch_name.outputs.name }}" \ + --title "(automated) Bump dependencies for OpenStack ${{ inputs.branch }}" \ + --body-file ../../pr_body.md \ + --label "automated" \ + --label "${{ inputs.openstack_codename }}" + From 53f38d31593728646c3da3a001751ee709cbf40c Mon Sep 17 00:00:00 2001 From: Alex Welsh <112560678+Alex-Welsh@users.noreply.github.com> Date: Mon, 17 Nov 2025 11:28:02 +0000 Subject: [PATCH 02/17] Make update-dependencies.yml sed more readable Co-authored-by: Eric Le Lay (cherry picked from commit 12abbeb55f37e278ec52f5636c73eef06c53371b) --- .github/workflows/update-dependencies.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 3afacf5db9..50bee5ba2f 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -82,7 +82,7 @@ jobs: - name: Update and commit Kolla version if needed if: steps.latest_kolla_tag.outputs.latest_tag != steps.current_kolla_version.outputs.version run: | - sed -i "s/stackhpc_kolla_source_version\:.*$/stackhpc_kolla_source_version\: $(echo $TAG | sed 's/\//\\\//g')/g" etc/kayobe/stackhpc.yml + sed -i "s/stackhpc_kolla_source_version\:.*$/stackhpc_kolla_source_version\: $(echo $TAG | sed 's|/|\\/|g')/g" etc/kayobe/stackhpc.yml echo "- **Kolla** bumped from \`${{ steps.current_kolla_version.outputs.version }}\` to \`${{ steps.latest_kolla_tag.outputs.latest_tag }}\`" >> ../../pr_body.md echo " - Changelog: https://github.com/stackhpc/kolla/releases/tag/${{ steps.latest_kolla_tag.outputs.latest_tag }}" >> ../../pr_body.md git add etc/kayobe/stackhpc.yml @@ -113,7 +113,7 @@ jobs: - name: Update and commit Kolla Ansible version if needed if: steps.latest_kolla_ansible_tag.outputs.latest_tag != steps.current_kolla_ansible_version.outputs.version run: | - sed -i "s/stackhpc_kolla_ansible_source_version\:.*$/stackhpc_kolla_ansible_source_version\: $(echo $TAG | sed 's/\//\\\//g')/g" etc/kayobe/stackhpc.yml + sed -i "s/stackhpc_kolla_ansible_source_version\:.*$/stackhpc_kolla_ansible_source_version\: $(echo $TAG | sed 's|/|\\/|g')/g" etc/kayobe/stackhpc.yml echo "- **Kolla-Ansible** bumped from \`${{ steps.current_kolla_ansible_version.outputs.version }}\` to \`${{ steps.latest_kolla_ansible_tag.outputs.latest_tag }}\`" >> ../../pr_body.md echo " - Changelog: https://github.com/stackhpc/kolla-ansible/releases/tag/${{ steps.latest_kolla_ansible_tag.outputs.latest_tag }}" >> ../../pr_body.md git add etc/kayobe/stackhpc.yml From d15aa3b7a60e59c6f93f1440e96a1f485aeee545 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Fri, 6 Feb 2026 15:40:31 +0100 Subject: [PATCH 03/17] CI: Update to latest GitHub Actions workflows (cherry picked from commit 1cc2b93c9523d1e6d3288fe693282d126a4237b3) --- .github/workflows/amphora-image-build.yml | 6 +++--- .github/workflows/amphora-image-promote.yml | 2 +- .github/workflows/ipa-image-build.yml | 6 +++--- .github/workflows/ipa-image-promote.yml | 2 +- .github/workflows/overcloud-host-image-build.yml | 6 +++--- .github/workflows/overcloud-host-image-promote.yml | 2 +- .github/workflows/overcloud-host-image-upload.yml | 2 +- .github/workflows/package-build-ofed.yml | 4 ++-- .github/workflows/stackhpc-all-in-one.yml | 8 ++++---- .github/workflows/stackhpc-build-kayobe-image.yml | 4 ++-- .github/workflows/stackhpc-check-tags.yml | 2 +- .github/workflows/stackhpc-ci-cleanup.yml | 4 ++-- .github/workflows/stackhpc-container-image-build.yml | 12 ++++++------ .github/workflows/stackhpc-multinode-periodic.yml | 2 +- .github/workflows/stackhpc-pull-request.yml | 10 +++++----- .github/workflows/update-dependencies.yml | 8 ++++---- 16 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/amphora-image-build.yml b/.github/workflows/amphora-image-build.yml index bcc67e7e50..42d6e68c7f 100644 --- a/.github/workflows/amphora-image-build.yml +++ b/.github/workflows/amphora-image-build.yml @@ -49,7 +49,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config @@ -80,7 +80,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 - name: Initialise terraform run: terraform init @@ -255,7 +255,7 @@ jobs: if: steps.build_amphora.outcome == 'failure' - name: Upload logs & image artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: amphora-image-build-log path: ./artifact diff --git a/.github/workflows/amphora-image-promote.yml b/.github/workflows/amphora-image-promote.yml index c6efd2e60c..1e2d2bce22 100644 --- a/.github/workflows/amphora-image-promote.yml +++ b/.github/workflows/amphora-image-promote.yml @@ -15,7 +15,7 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: path: src/kayobe-config diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index cd770213d0..cf885029a7 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -61,7 +61,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config @@ -95,7 +95,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 - name: Initialise terraform run: terraform init @@ -401,7 +401,7 @@ jobs: if: always() - name: Upload logs artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: Build logs path: ./logs diff --git a/.github/workflows/ipa-image-promote.yml b/.github/workflows/ipa-image-promote.yml index 20158c4194..04a65a695c 100644 --- a/.github/workflows/ipa-image-promote.yml +++ b/.github/workflows/ipa-image-promote.yml @@ -34,7 +34,7 @@ jobs: exit 1 fi - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: path: src/kayobe-config diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 1425941d64..cae61a7738 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -67,7 +67,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config @@ -102,7 +102,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 - name: Initialise terraform run: terraform init @@ -450,7 +450,7 @@ jobs: steps.build_ubuntu_noble.outcome == 'failure' - name: Upload logs artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: Build logs path: ./logs diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index cbc733ee63..cf7c7e1d19 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -34,7 +34,7 @@ jobs: exit 1 fi - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: path: src/kayobe-config diff --git a/.github/workflows/overcloud-host-image-upload.yml b/.github/workflows/overcloud-host-image-upload.yml index ccb286183a..daef5c0a51 100644 --- a/.github/workflows/overcloud-host-image-upload.yml +++ b/.github/workflows/overcloud-host-image-upload.yml @@ -64,7 +64,7 @@ jobs: sudo apt update sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: path: src/kayobe-config diff --git a/.github/workflows/package-build-ofed.yml b/.github/workflows/package-build-ofed.yml index f151337ef7..591035d991 100644 --- a/.github/workflows/package-build-ofed.yml +++ b/.github/workflows/package-build-ofed.yml @@ -43,7 +43,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config @@ -57,7 +57,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 - name: Initialise terraform run: terraform init diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index f7dd653105..773d1b0f0c 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -103,7 +103,7 @@ jobs: # If testing upgrade, checkout previous release, otherwise checkout current branch - name: Checkout ${{ inputs.upgrade && 'previous release' || 'current' }} config - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ inputs.repository }} ref: ${{ inputs.upgrade && env.PREVIOUS_BRANCH || inputs.github_ref }} @@ -139,7 +139,7 @@ jobs: fi - name: Install terraform - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 - name: Initialise terraform run: terraform init @@ -394,7 +394,7 @@ jobs: if: inputs.upgrade - name: Checkout current release config - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: ${{ inputs.repository }} ref: ${{ inputs.github_ref }} @@ -500,7 +500,7 @@ jobs: if: ${{ !cancelled() && steps.tf_apply.outcome == 'success' }} - name: Upload test result artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: test-results-${{ inputs.os_distribution }}-${{ inputs.os_release }}-${{ inputs.neutron_plugin }}${{ inputs.upgrade && '-upgrade' || '' }} path: | diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 677be9ac89..42d3cb1588 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -51,7 +51,7 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout kayobe config - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: submodules: true @@ -85,7 +85,7 @@ jobs: # Setting KAYOBE_USER_UID and KAYOBE_USER_GID to 1001 to match docker's defaults # so that docker can run as a privileged user within the Kayobe image. - name: Build and push Docker image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: file: ./.automation/docker/kayobe/Dockerfile context: . diff --git a/.github/workflows/stackhpc-check-tags.yml b/.github/workflows/stackhpc-check-tags.yml index db2383e21d..973dd9a295 100644 --- a/.github/workflows/stackhpc-check-tags.yml +++ b/.github/workflows/stackhpc-check-tags.yml @@ -37,7 +37,7 @@ jobs: sudo apt install -y git unzip nodejs - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: submodules: true diff --git a/.github/workflows/stackhpc-ci-cleanup.yml b/.github/workflows/stackhpc-ci-cleanup.yml index e0977f2f56..3f2c563c56 100644 --- a/.github/workflows/stackhpc-ci-cleanup.yml +++ b/.github/workflows/stackhpc-ci-cleanup.yml @@ -17,12 +17,12 @@ jobs: environment: ${{ matrix.environment }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 - name: Generate clouds.yaml run: | diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 0d825a2e58..055323defb 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -81,7 +81,7 @@ jobs: fi - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Determine OpenStack release id: openstack_release @@ -153,7 +153,7 @@ jobs: sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv curl jq wget - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config @@ -318,7 +318,7 @@ jobs: if: inputs.push - name: Upload output artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: ${{ matrix.distro.name }}-${{ matrix.distro.release }}-${{ matrix.distro.arch }}-logs path: image-build-logs @@ -362,7 +362,7 @@ jobs: - runner-selection steps: - name: Download artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v7 - name: Combine pushed images lists run: | @@ -376,7 +376,7 @@ jobs: password: ${{ secrets.RLS_TRAIN_CI_ARK_REGISTRY_PASS }} - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: path: src/kayobe-config @@ -384,7 +384,7 @@ jobs: run: src/kayobe-config/tools/multiarch-manifests.sh - name: Upload manifest logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: manifest-logs path: | diff --git a/.github/workflows/stackhpc-multinode-periodic.yml b/.github/workflows/stackhpc-multinode-periodic.yml index ab79407a14..3aafe8189c 100644 --- a/.github/workflows/stackhpc-multinode-periodic.yml +++ b/.github/workflows/stackhpc-multinode-periodic.yml @@ -21,7 +21,7 @@ jobs: stackhpc_kayobe_config_previous_version: ${{ steps.generate-inputs.outputs.stackhpc_kayobe_config_previous_version }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Generate inputs for multinode workflow id: generate-inputs diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 681eb6fb3f..b8bb133534 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -28,7 +28,7 @@ jobs: check-tags: ${{ steps.changes.outputs.check-tags }} steps: - name: GitHub Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Check changed files uses: dorny/paths-filter@v3 @@ -53,11 +53,11 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' steps: - name: GitHub Checkout 🛎 - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Setup Python ${{ matrix.python-version }} 🐍 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Install Tox 📦 @@ -81,10 +81,10 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' steps: - name: GitHub Checkout 🛎 - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Python ${{ matrix.python-version }} 🐍 - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 50bee5ba2f..c92a948ae5 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -36,7 +36,7 @@ jobs: kayobe-tag: ${{ steps.latest_kayobe_tag.outputs.latest_tag || steps.current_kayobe_version.outputs.version }} steps: - name: Checkout Kayobe-config - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: ref: ${{ inputs.branch }} path: src/kayobe-config @@ -61,7 +61,7 @@ jobs: echo "### Changes" >> pr_body.md - name: Checkout Kolla repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stackhpc/kolla ref: ${{ inputs.branch }} @@ -92,7 +92,7 @@ jobs: working-directory: src/kayobe-config - name: Checkout Kolla Ansible repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stackhpc/kolla-ansible ref: ${{ inputs.branch }} @@ -123,7 +123,7 @@ jobs: working-directory: src/kayobe-config - name: Checkout Kayobe repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: stackhpc/kayobe ref: ${{ inputs.branch }} From 82102a18cbb1bd449ec454cc902339737ff6e706 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:05 +0100 Subject: [PATCH 04/17] Pins actions/checkout to de0fac2e4500dabe0009e67214ff5f5447ce83dd Pins actions/checkout to v6.0.2 commit hash instead of the tag. (cherry picked from commit 6c2d245b7591199cfc57fd9b6441a53235e5709a) --- .github/workflows/amphora-image-build.yml | 2 +- .github/workflows/amphora-image-promote.yml | 2 +- .github/workflows/ipa-image-build.yml | 2 +- .github/workflows/ipa-image-promote.yml | 2 +- .github/workflows/overcloud-host-image-build.yml | 2 +- .github/workflows/overcloud-host-image-promote.yml | 2 +- .github/workflows/overcloud-host-image-upload.yml | 2 +- .github/workflows/package-build-ofed.yml | 2 +- .github/workflows/stackhpc-all-in-one.yml | 4 ++-- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- .github/workflows/stackhpc-check-tags.yml | 2 +- .github/workflows/stackhpc-ci-cleanup.yml | 2 +- .github/workflows/stackhpc-container-image-build.yml | 6 +++--- .github/workflows/stackhpc-multinode-periodic.yml | 2 +- .github/workflows/stackhpc-pull-request.yml | 6 +++--- .github/workflows/update-dependencies.yml | 8 ++++---- 16 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/amphora-image-build.yml b/.github/workflows/amphora-image-build.yml index 42d6e68c7f..de95de7dd7 100644 --- a/.github/workflows/amphora-image-build.yml +++ b/.github/workflows/amphora-image-build.yml @@ -49,7 +49,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/amphora-image-promote.yml b/.github/workflows/amphora-image-promote.yml index 1e2d2bce22..ebdce743a6 100644 --- a/.github/workflows/amphora-image-promote.yml +++ b/.github/workflows/amphora-image-promote.yml @@ -15,7 +15,7 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index cf885029a7..0f2c9daf98 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -61,7 +61,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/ipa-image-promote.yml b/.github/workflows/ipa-image-promote.yml index 04a65a695c..cf533f777f 100644 --- a/.github/workflows/ipa-image-promote.yml +++ b/.github/workflows/ipa-image-promote.yml @@ -34,7 +34,7 @@ jobs: exit 1 fi - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index cae61a7738..1ff43e25e4 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -67,7 +67,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/overcloud-host-image-promote.yml b/.github/workflows/overcloud-host-image-promote.yml index cf7c7e1d19..2acf1fb481 100644 --- a/.github/workflows/overcloud-host-image-promote.yml +++ b/.github/workflows/overcloud-host-image-promote.yml @@ -34,7 +34,7 @@ jobs: exit 1 fi - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/overcloud-host-image-upload.yml b/.github/workflows/overcloud-host-image-upload.yml index daef5c0a51..65a12f0861 100644 --- a/.github/workflows/overcloud-host-image-upload.yml +++ b/.github/workflows/overcloud-host-image-upload.yml @@ -64,7 +64,7 @@ jobs: sudo apt update sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/package-build-ofed.yml b/.github/workflows/package-build-ofed.yml index 591035d991..b27e8deb7d 100644 --- a/.github/workflows/package-build-ofed.yml +++ b/.github/workflows/package-build-ofed.yml @@ -43,7 +43,7 @@ jobs: sudo /etc/init.d/ssh start - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 773d1b0f0c..c8a5291b2b 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -103,7 +103,7 @@ jobs: # If testing upgrade, checkout previous release, otherwise checkout current branch - name: Checkout ${{ inputs.upgrade && 'previous release' || 'current' }} config - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.upgrade && env.PREVIOUS_BRANCH || inputs.github_ref }} @@ -394,7 +394,7 @@ jobs: if: inputs.upgrade - name: Checkout current release config - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: ${{ inputs.repository }} ref: ${{ inputs.github_ref }} diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 42d3cb1588..83f0b8e4f9 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -51,7 +51,7 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout kayobe config - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true diff --git a/.github/workflows/stackhpc-check-tags.yml b/.github/workflows/stackhpc-check-tags.yml index 973dd9a295..7a5aecfd98 100644 --- a/.github/workflows/stackhpc-check-tags.yml +++ b/.github/workflows/stackhpc-check-tags.yml @@ -37,7 +37,7 @@ jobs: sudo apt install -y git unzip nodejs - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true diff --git a/.github/workflows/stackhpc-ci-cleanup.yml b/.github/workflows/stackhpc-ci-cleanup.yml index 3f2c563c56..ed6d68c2fc 100644 --- a/.github/workflows/stackhpc-ci-cleanup.yml +++ b/.github/workflows/stackhpc-ci-cleanup.yml @@ -17,7 +17,7 @@ jobs: environment: ${{ matrix.environment }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 055323defb..d2b76f2da9 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -81,7 +81,7 @@ jobs: fi - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine OpenStack release id: openstack_release @@ -153,7 +153,7 @@ jobs: sudo apt install -y build-essential git unzip nodejs python3-wheel python3-pip python3-venv curl jq wget - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config @@ -376,7 +376,7 @@ jobs: password: ${{ secrets.RLS_TRAIN_CI_ARK_REGISTRY_PASS }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: src/kayobe-config diff --git a/.github/workflows/stackhpc-multinode-periodic.yml b/.github/workflows/stackhpc-multinode-periodic.yml index 3aafe8189c..d307c72555 100644 --- a/.github/workflows/stackhpc-multinode-periodic.yml +++ b/.github/workflows/stackhpc-multinode-periodic.yml @@ -21,7 +21,7 @@ jobs: stackhpc_kayobe_config_previous_version: ${{ steps.generate-inputs.outputs.stackhpc_kayobe_config_previous_version }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Generate inputs for multinode workflow id: generate-inputs diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index b8bb133534..dffc2dee86 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -28,7 +28,7 @@ jobs: check-tags: ${{ steps.changes.outputs.check-tags }} steps: - name: GitHub Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check changed files uses: dorny/paths-filter@v3 @@ -53,7 +53,7 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' steps: - name: GitHub Checkout 🛎 - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Setup Python ${{ matrix.python-version }} 🐍 @@ -81,7 +81,7 @@ jobs: if: github.repository == 'stackhpc/stackhpc-kayobe-config' steps: - name: GitHub Checkout 🛎 - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ matrix.python-version }} 🐍 uses: actions/setup-python@v6 diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index c92a948ae5..097d8926cb 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -36,7 +36,7 @@ jobs: kayobe-tag: ${{ steps.latest_kayobe_tag.outputs.latest_tag || steps.current_kayobe_version.outputs.version }} steps: - name: Checkout Kayobe-config - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ inputs.branch }} path: src/kayobe-config @@ -61,7 +61,7 @@ jobs: echo "### Changes" >> pr_body.md - name: Checkout Kolla repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: stackhpc/kolla ref: ${{ inputs.branch }} @@ -92,7 +92,7 @@ jobs: working-directory: src/kayobe-config - name: Checkout Kolla Ansible repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: stackhpc/kolla-ansible ref: ${{ inputs.branch }} @@ -123,7 +123,7 @@ jobs: working-directory: src/kayobe-config - name: Checkout Kayobe repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: stackhpc/kayobe ref: ${{ inputs.branch }} From 7b1e24c6c4006b448f4cc353b31bdfb5db0d9e99 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:06 +0100 Subject: [PATCH 05/17] Updates actions/download-artifact and pins to 3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c Updates actions/download-artifact from v7 to v8.0.1 and pins to a specific commit hash instead of the tag. (cherry picked from commit e7b8733af41fdaf2980abfcb00582c60bb411eaf) --- .github/workflows/stackhpc-container-image-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index d2b76f2da9..ab7fda7cbd 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -362,7 +362,7 @@ jobs: - runner-selection steps: - name: Download artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 - name: Combine pushed images lists run: | From bd39866b108cda4ffd0370f93d0a4cfee7e819c0 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:07 +0100 Subject: [PATCH 06/17] Pins actions/setup-python to a309ff8b426b58ec0e2a45f0f869d46889d02405 Pins actions/setup-python to v6.2.0 commit hash instead of the tag. (cherry picked from commit 603415123f0ba52b0cc85942ba40933cb415d330) --- .github/workflows/stackhpc-ci-cleanup.yml | 2 +- .github/workflows/stackhpc-pull-request.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/stackhpc-ci-cleanup.yml b/.github/workflows/stackhpc-ci-cleanup.yml index ed6d68c2fc..65fa2b8841 100644 --- a/.github/workflows/stackhpc-ci-cleanup.yml +++ b/.github/workflows/stackhpc-ci-cleanup.yml @@ -22,7 +22,7 @@ jobs: path: src/kayobe-config - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - name: Generate clouds.yaml run: | diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index dffc2dee86..216d54c6fb 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -57,7 +57,7 @@ jobs: with: fetch-depth: 0 - name: Setup Python ${{ matrix.python-version }} 🐍 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: Install Tox 📦 @@ -84,7 +84,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Python ${{ matrix.python-version }} 🐍 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python }} From f2e78a3ed1a571c9b0d4f87c099e20d77ae6b88a Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:08 +0100 Subject: [PATCH 07/17] Updates actions/upload-artifact and pins to bbbca2ddaa5d8feaa63e36b76fdaad77386f024f Updates actions/upload-artifact from v6 to v7.0.0 and pins to a specific commit hash instead of the tag. (cherry picked from commit 0db5960a4785d1f4a4e50054b1fb17c14ef157cd) --- .github/workflows/amphora-image-build.yml | 2 +- .github/workflows/ipa-image-build.yml | 2 +- .github/workflows/overcloud-host-image-build.yml | 2 +- .github/workflows/stackhpc-all-in-one.yml | 2 +- .github/workflows/stackhpc-container-image-build.yml | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/amphora-image-build.yml b/.github/workflows/amphora-image-build.yml index de95de7dd7..8205033b34 100644 --- a/.github/workflows/amphora-image-build.yml +++ b/.github/workflows/amphora-image-build.yml @@ -255,7 +255,7 @@ jobs: if: steps.build_amphora.outcome == 'failure' - name: Upload logs & image artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: amphora-image-build-log path: ./artifact diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index 0f2c9daf98..b669c50d22 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -401,7 +401,7 @@ jobs: if: always() - name: Upload logs artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Build logs path: ./logs diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 1ff43e25e4..2aa6f5ead2 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -450,7 +450,7 @@ jobs: steps.build_ubuntu_noble.outcome == 'failure' - name: Upload logs artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: Build logs path: ./logs diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index c8a5291b2b..d39c5a69a1 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -500,7 +500,7 @@ jobs: if: ${{ !cancelled() && steps.tf_apply.outcome == 'success' }} - name: Upload test result artifacts - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: test-results-${{ inputs.os_distribution }}-${{ inputs.os_release }}-${{ inputs.neutron_plugin }}${{ inputs.upgrade && '-upgrade' || '' }} path: | diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index ab7fda7cbd..f31c579660 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -318,7 +318,7 @@ jobs: if: inputs.push - name: Upload output artifact - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ matrix.distro.name }}-${{ matrix.distro.release }}-${{ matrix.distro.arch }}-logs path: image-build-logs @@ -384,7 +384,7 @@ jobs: run: src/kayobe-config/tools/multiarch-manifests.sh - name: Upload manifest logs - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: manifest-logs path: | From 8d4585d967e9b48e53657092bd50d3f8d59679df Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:11 +0100 Subject: [PATCH 08/17] Updates docker/build-push-action and pins to d08e5c354a6adb9ed34480a06d141179aa583294 Updates docker/build-push-action from v6 to v7.0.0 and pins to a specific commit hash instead of the tag. (cherry picked from commit dd843e1a09069d74b807de342c7d9d77f59b50a1) --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 83f0b8e4f9..9237badd4b 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -85,7 +85,7 @@ jobs: # Setting KAYOBE_USER_UID and KAYOBE_USER_GID to 1001 to match docker's defaults # so that docker can run as a privileged user within the Kayobe image. - name: Build and push Docker image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 with: file: ./.automation/docker/kayobe/Dockerfile context: . From 673223359b80985beabf5452cc996d537d2bda5f Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:11 +0100 Subject: [PATCH 09/17] Updates docker/login-action and pins to b45d80f862d83dbcd57f89517bcf500b2ab88fb2 Updates docker/login-action from v3 to v4.0.0 and pins to a specific commit hash instead of the tag. (cherry picked from commit be3157941f147b61fe43dd93ebd9305c46872eb8) --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- .github/workflows/stackhpc-container-image-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 9237badd4b..290dea5927 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -56,7 +56,7 @@ jobs: submodules: true - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index f31c579660..909a6ad951 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -369,7 +369,7 @@ jobs: find . -name 'push-attempt-images.txt' -exec cat {} + > all-pushed-images.txt - name: Log in to container registry - uses: docker/login-action@v3 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: registry: ark.stackhpc.com username: ${{ secrets.RLS_TRAIN_CI_ARK_REGISTRY_USER }} From 87811d752cace5a66fe31c0543ee62ccf90b044b Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:13 +0100 Subject: [PATCH 10/17] Updates docker/metadata-action and pins to 030e881283bb7a6894de51c315a6bfe6a94e05cf Updates docker/metadata-action from v5 to v6.0.0 and pins to a specific commit hash instead of the tag. (cherry picked from commit fcdb6ebdaea742c70cfa955a34540c12cb54706f) --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 290dea5927..fdcda1b438 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -64,7 +64,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} From 1809d4dbd570c40c05a5ff87c1e3e72c22d32c8f Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:14 +0100 Subject: [PATCH 11/17] Updates docker/setup-buildx-action and pins to 4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd Updates docker/setup-buildx-action from v3 to v4.0.0 and pins to a specific commit hash instead of the tag. (cherry picked from commit dd54a798e7e0425126097ad66dc7bc60e5fe6755) --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index fdcda1b438..ba3d21a88d 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -69,7 +69,7 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 with: driver-opts: | image=moby/buildkit:master From 6c47d298190b9e7595d6f3b7e49b55448aa716f8 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:15 +0100 Subject: [PATCH 12/17] Updates dorny/paths-filter and pins to fbd0ab8f3e69293af611ebaee6363fc25e6d187d Updates dorny/paths-filter from v3 to v4.0.1 and pins to a specific commit hash instead of the tag. (cherry picked from commit a23272699772bef0533c3f70231a870b85f283ea) --- .github/workflows/stackhpc-pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 216d54c6fb..c330e6d1e4 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check changed files - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: changes with: # Filters are defined in this file. From 7c22c4f6a4e425d1fc62e50f43a2d841f7437f0b Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:16 +0100 Subject: [PATCH 13/17] Updates hashicorp/setup-terraform and pins to 5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 Updates hashicorp/setup-terraform from v3 to v4.0.0 and pins to a specific commit hash instead of the tag. (cherry picked from commit 1f3f2a770796fb075ef958bc9e07df69da7723c7) --- .github/workflows/amphora-image-build.yml | 2 +- .github/workflows/ipa-image-build.yml | 2 +- .github/workflows/overcloud-host-image-build.yml | 2 +- .github/workflows/package-build-ofed.yml | 2 +- .github/workflows/stackhpc-all-in-one.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/amphora-image-build.yml b/.github/workflows/amphora-image-build.yml index 8205033b34..1f62c885dd 100644 --- a/.github/workflows/amphora-image-build.yml +++ b/.github/workflows/amphora-image-build.yml @@ -80,7 +80,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Initialise terraform run: terraform init diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index b669c50d22..88a781b056 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -95,7 +95,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Initialise terraform run: terraform init diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 2aa6f5ead2..85afaeaa8e 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -102,7 +102,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Initialise terraform run: terraform init diff --git a/.github/workflows/package-build-ofed.yml b/.github/workflows/package-build-ofed.yml index b27e8deb7d..c84bf9661b 100644 --- a/.github/workflows/package-build-ofed.yml +++ b/.github/workflows/package-build-ofed.yml @@ -57,7 +57,7 @@ jobs: pip install -r ../src/kayobe-config/requirements.txt - name: Install terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Initialise terraform run: terraform init diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index d39c5a69a1..6d6f632453 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -139,7 +139,7 @@ jobs: fi - name: Install terraform - uses: hashicorp/setup-terraform@v3 + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Initialise terraform run: terraform init From 14dc8ceefc2b727852ea3799f8458d1acf49c7e4 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 15:50:18 +0100 Subject: [PATCH 14/17] Updates slackapi/slack-github-action and pins to af78098f536edbc4de71162a307590698245be95 Updates slackapi/slack-github-action from v1.26.0 to v3.0.1 and pins to a specific commit hash instead of the tag. (cherry picked from commit 0dd29b90358ebfbc9531f23d4150923f3ea61da2) --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- .github/workflows/stackhpc-ci-cleanup.yml | 2 +- .github/workflows/stackhpc-promote.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index ba3d21a88d..46a5e98d22 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -100,7 +100,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} - name: Send message to Slack via Workflow Builder - uses: slackapi/slack-github-action@v1.26.0 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: payload: | { diff --git a/.github/workflows/stackhpc-ci-cleanup.yml b/.github/workflows/stackhpc-ci-cleanup.yml index 65fa2b8841..107338035e 100644 --- a/.github/workflows/stackhpc-ci-cleanup.yml +++ b/.github/workflows/stackhpc-ci-cleanup.yml @@ -101,7 +101,7 @@ jobs: OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }} - name: Send message to Slack via Workflow Builder - uses: slackapi/slack-github-action@v1.26.0 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: payload: | { diff --git a/.github/workflows/stackhpc-promote.yml b/.github/workflows/stackhpc-promote.yml index 10c160021e..a25a21fe3c 100644 --- a/.github/workflows/stackhpc-promote.yml +++ b/.github/workflows/stackhpc-promote.yml @@ -45,7 +45,7 @@ jobs: echo "::notice Container image promote workflow: https://github.com/stackhpc/stackhpc-release-train/actions/workflows/container-promote.yml" - name: Send message to Slack via Workflow Builder - uses: slackapi/slack-github-action@v1.26.0 + uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: payload: | { From d2b7dbcb9abe4225826dba4887a002bed8be3cf1 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Tue, 31 Mar 2026 09:16:30 +0100 Subject: [PATCH 15/17] Remove ConorMacBride/install-package action Actions have been compromised a lot recently. All this action does is install packages, so it's not worth the risk. Just install the packages directly in the workflow. (cherry picked from commit a9f59f61912594631c9d1df145660ffdc04fd879) --- .github/workflows/amphora-image-build.yml | 8 ++++---- .github/workflows/ipa-image-build.yml | 8 ++++---- .github/workflows/overcloud-host-image-build.yml | 8 ++++---- .github/workflows/package-build-ofed.yml | 8 ++++---- .github/workflows/stackhpc-all-in-one.yml | 8 ++++---- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/amphora-image-build.yml b/.github/workflows/amphora-image-build.yml index 1f62c885dd..2347c688ab 100644 --- a/.github/workflows/amphora-image-build.yml +++ b/.github/workflows/amphora-image-build.yml @@ -39,10 +39,10 @@ jobs: permissions: {} steps: - - name: Install Package - uses: ConorMacBride/install-package@main - with: - apt: git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq + - name: Install Package dependencies + run: | + sudo apt update && + sudo apt install -y git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq - name: Start the SSH service run: | diff --git a/.github/workflows/ipa-image-build.yml b/.github/workflows/ipa-image-build.yml index 88a781b056..4b298bf127 100644 --- a/.github/workflows/ipa-image-build.yml +++ b/.github/workflows/ipa-image-build.yml @@ -51,10 +51,10 @@ jobs: - runner-selection permissions: {} steps: - - name: Install Package - uses: ConorMacBride/install-package@main - with: - apt: git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq + - name: Install Package dependencies + run: | + sudo apt update && + sudo apt install -y git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq - name: Start the SSH service run: | diff --git a/.github/workflows/overcloud-host-image-build.yml b/.github/workflows/overcloud-host-image-build.yml index 85afaeaa8e..7a9891cd74 100644 --- a/.github/workflows/overcloud-host-image-build.yml +++ b/.github/workflows/overcloud-host-image-build.yml @@ -57,10 +57,10 @@ jobs: exit 1 fi - - name: Install Package - uses: ConorMacBride/install-package@main - with: - apt: git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq + - name: Install Package dependencies + run: | + sudo apt update && + sudo apt install -y git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq gh - name: Start the SSH service run: | diff --git a/.github/workflows/package-build-ofed.yml b/.github/workflows/package-build-ofed.yml index c84bf9661b..dfb00d9df2 100644 --- a/.github/workflows/package-build-ofed.yml +++ b/.github/workflows/package-build-ofed.yml @@ -33,10 +33,10 @@ jobs: run: | echo "ofed_tag=$(date +%Y%m%dT%H%M%S)" >> $GITHUB_OUTPUT - - name: Install Package - uses: ConorMacBride/install-package@main - with: - apt: git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq + - name: Install Package dependencies + run: | + sudo apt update && + sudo apt install -y git unzip nodejs python3-pip python3-venv openssh-server openssh-client jq - name: Start the SSH service run: | diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index 6d6f632453..3e1332ba89 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -96,10 +96,10 @@ jobs: # NOTE(upgrade): Reference the PREVIOUS release branch here. PREVIOUS_BRANCH: stackhpc/2023.1 steps: - - name: Install Package - uses: ConorMacBride/install-package@main - with: - apt: git unzip nodejs openssh-client + - name: Install Package dependencies + run: | + sudo apt update && + sudo apt install -y git unzip nodejs openssh-client # If testing upgrade, checkout previous release, otherwise checkout current branch - name: Checkout ${{ inputs.upgrade && 'previous release' || 'current' }} config From 6e87c77acaaf5e355b6a84eb0f26b8056b0daa9b Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Wed, 1 Apr 2026 16:33:35 +0100 Subject: [PATCH 16/17] Update Slack action invocation for v3 spec (cherry picked from commit 3e745120d2f96b06864b2d0975ee588ad9c33f4f) --- .github/workflows/stackhpc-build-kayobe-image.yml | 1 + .github/workflows/stackhpc-ci-cleanup.yml | 1 + .github/workflows/stackhpc-promote.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index 46a5e98d22..b543f16bc0 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -102,6 +102,7 @@ jobs: - name: Send message to Slack via Workflow Builder uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: + webhook-type: "incoming-webhook" payload: | { "channel-id": "${{ env.SLACK_CHANNEL_ID }}", diff --git a/.github/workflows/stackhpc-ci-cleanup.yml b/.github/workflows/stackhpc-ci-cleanup.yml index 107338035e..4a09731276 100644 --- a/.github/workflows/stackhpc-ci-cleanup.yml +++ b/.github/workflows/stackhpc-ci-cleanup.yml @@ -103,6 +103,7 @@ jobs: - name: Send message to Slack via Workflow Builder uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: + webhook-type: "incoming-webhook" payload: | { "channel-id": "${{ env.SLACK_CHANNEL_ID }}", diff --git a/.github/workflows/stackhpc-promote.yml b/.github/workflows/stackhpc-promote.yml index a25a21fe3c..2c66454a5d 100644 --- a/.github/workflows/stackhpc-promote.yml +++ b/.github/workflows/stackhpc-promote.yml @@ -47,6 +47,7 @@ jobs: - name: Send message to Slack via Workflow Builder uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 with: + webhook-type: "incoming-webhook" payload: | { "channel-id": "${{ env.SLACK_CHANNEL_ID }}", From 972fb43349e54c72b0ecbd783fb7135bd2168761 Mon Sep 17 00:00:00 2001 From: Alex Welsh Date: Mon, 27 Apr 2026 09:18:00 +0100 Subject: [PATCH 17/17] Update actions to org-wide pins (cherry picked from commit 18446acfb58c8fad21b0533b36baecfc318a59e4) --- .github/workflows/stackhpc-build-kayobe-image.yml | 2 +- .github/workflows/stackhpc-container-image-build.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stackhpc-build-kayobe-image.yml b/.github/workflows/stackhpc-build-kayobe-image.yml index b543f16bc0..4704a3febc 100644 --- a/.github/workflows/stackhpc-build-kayobe-image.yml +++ b/.github/workflows/stackhpc-build-kayobe-image.yml @@ -56,7 +56,7 @@ jobs: submodules: true - name: Log in to the Container registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 909a6ad951..ce2b0063e6 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -369,7 +369,7 @@ jobs: find . -name 'push-attempt-images.txt' -exec cat {} + > all-pushed-images.txt - name: Log in to container registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 with: registry: ark.stackhpc.com username: ${{ secrets.RLS_TRAIN_CI_ARK_REGISTRY_USER }}