From 3990ae77482826d11708bec9941663dcdd543325 Mon Sep 17 00:00:00 2001
From: Charlie McBride <33269602+charliedmcb@users.noreply.github.com>
Date: Wed, 13 Nov 2024 23:51:54 -0800
Subject: [PATCH 1/8] docs(workshop): final fixes (#574)
* git cleanups
* typos/fixes
* fix namespace
---
...aks_cluster_creation_and_install_karpenter.md | 16 +++++++++-------
docs/workshops/kubecon_azure_track.md | 14 +++++++-------
2 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md b/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md
index 3232924bb..fd7804e92 100644
--- a/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md
+++ b/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md
@@ -6,11 +6,11 @@ Table of contents:
- [Install Karpenter](#install-karpenter)
- [Create our workshop namespace](#create-our-workshop-namespace)
-## Envrionment Setup
+## Environment Setup
### Pre-requisite
-You must have an Azure account, and personal Azure subscription.
+You must have an Azure account, and personal Azure subscription.
> Note: this will use your chosen subscription for any pricing/costs associated with the workshop. At the end of the workshop, see step [Cleanup](https://github.com/Azure/karpenter-provider-azure/blob/main/docs/workshops/kubecon_azure_track.md#cleanup) to ensure all the resources are properly cleaned up to eliminate any additional costs.
@@ -19,9 +19,9 @@ You must have an Azure account, and personal Azure subscription.
Open [https://shell.azure.com/](https://shell.azure.com/) in a new tab.
> Note:
-> \- If you do get disconnected from the Cloud Shell, and find your setup is not working, you can use the following document's quick and easy steps to reestablish it: [reestablish_env.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/reestablish_env.md). (this will only work if you have already completed all the steps of installtion in this current doc)
+> \- If you do get disconnected from the Cloud Shell, and find your setup is not working, you can use the following document's quick and easy steps to reestablish it: [reestablish_env.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/reestablish_env.md). (this will only work if you have already completed all the steps of installation in this current doc)
-### Create a Directory for the Workshop
+### Create a Directory for the Workshop
Create the workshop's directory hierarchy, and add it's tooling bin to the path.
@@ -101,7 +101,7 @@ az aks get-credentials --name "${CLUSTER_NAME}" --resource-group "${RG}" --overw
```
> Note:
-> \- If you see a warning for "CryptographyDeprecationWarning", "WARNING: SSH key files", and/or "WARNING: docker_bridge_cidr" these are not a concern, and can be disregarded.
+> \- If you see a warning for "CryptographyDeprecationWarning", "WARNING: SSH key files", and/or "WARNING: docker_bridge_cidr" these are not a concern, and can be disregarded.
Create federated credential linked to the karpenter service account for auth usage:
@@ -149,6 +149,8 @@ Check the `karpenter-values.yaml` file was created:
ls
```
+You should see the file within the output:
+
```
bin configure-values.sh karpenter-values-template.yaml karpenter-values.yaml
```
@@ -209,10 +211,10 @@ kubectl create namespace workshop
### K9s
-You can also try using k9s to inspect the cluster. We'll be using it throughout certain chapers of the workshop to check on the status of the pods deployed to the AKS cluster. To do so, use the command below:
+You can also try using k9s to inspect the cluster. We'll be using it throughout certain chapters of the workshop to check on the status of the pods deployed to the AKS cluster. To do so, use the command below:
```bash
k9s -n all
```
-You can press `?` to learn more about the options and press `:q` to exit from `k9s`.
\ No newline at end of file
+You can press `?` to learn more about the options and press `:q` to exit from `k9s`.
diff --git a/docs/workshops/kubecon_azure_track.md b/docs/workshops/kubecon_azure_track.md
index df679bd52..04cb1991b 100644
--- a/docs/workshops/kubecon_azure_track.md
+++ b/docs/workshops/kubecon_azure_track.md
@@ -29,7 +29,7 @@ When you see `eks-node-viewer` use `aks-node-viewer` instead.
> Note: if you ever end up needing to use the extended log command to look back over a longer period of time, make sure its using the `kube-system` namespace like follows:
> ```bash
-> kubectl -n karpenter logs -f deployment/karpenter --all-containers=true --since=20m
+> kubectl -n kube-system logs -f deployment/karpenter --all-containers=true --since=20m
> ```
## Main Topics
@@ -44,7 +44,7 @@ When you see `eks-node-viewer` use `aks-node-viewer` instead.
- AKSNodeClass is Azure’s equivalence to EC2NodeClass for Azure specific settings. Each Karpenter NodePool must contain a reference to an AKSNodeClass via the spec.template.spec.nodeClassRef.
- Adjustments:
- - The same concepts within the workshop generally translate to AKS. However, for the actual deployment step, we need a `AKSNodeClass`, and a few additional Azure specific adjustments. So, instead of the given deployment command follow [2_basic_noodpool.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/2_basic_noodpool.md)
+ - The same concepts within the workshop generally translate to AKS. However, for the actual deployment step, we need a `AKSNodeClass`, and a few additional Azure specific adjustments. So, instead of the given deployment command follow [2_basic_noodpool.md](https://github.com/Azure/karpenter-provider-azure/blob/main/docs/workshops/2_basic_nodepool.md)
### Step: [Scaling Application](https://catalog.workshops.aws/karpenter/en-US/basic-nodepool/scaling)
@@ -102,7 +102,7 @@ When you see `eks-node-viewer` use `aks-node-viewer` instead.
```bash
kubectl delete aksnodeclass default
```
- - The same concepts within the workshop generally translate to AKS. However, for the deployment step of the NodePool, use a new deployment command with consolidation enabled. Found in [9_single_node_consolidation.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/9_single_node_consolidation.md)
+ - The same concepts within the workshop generally translate to AKS. However, for the deployment step of the NodePool, use a new deployment command with consolidation enabled. Found in [9_single_node_consolidation.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/9_single_node_consolidation.md)
### Step: [Multi Node Consolidation](https://catalog.workshops.aws/karpenter/en-US/cost-optimization/consolidation/multi-node)
@@ -144,9 +144,9 @@ Everything beyond this point is optional. Although, if skipping these steps, you
kubectl delete aksnodeclass default
```
- The same concepts within the workshop generally translate to AKS. However, for the deployment step of the NodePool, use the deployment command found in [13_disruption_controls.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/13_disruption_controls.md)
- - > Note: don't be surprised if after the `expireAfter` of `2m` has occured that there are new instances being created, and removed. This is expected.
+ - > Note: don't be surprised if after the `expireAfter` of `2m` has occurred that there are new instances being created, and removed. This is expected.
- > Note: you may see a log for selecting the instance type and resolving the image after nodeclaim creation.
- - > Note: `triggering termination for expired node after TTL`, and `deprovisioning via expiration` are not actually expected to show up within the logs.
+ - > Note: `triggering termination for expired node after TTL`, and `deprovisioning via expiration` are not actually expected to show up within the logs.
## Cleanup
@@ -157,7 +157,7 @@ Once you've completed the workshop, ensure you cleanup all the resources to prev
> env | grep AZURE_SUBSCRIPTION_ID
> ```
> If you see no output from the above command, than re-select your subscription to use (replace `` with your azure subscription guid):
->
+>
> ```bash
> export AZURE_SUBSCRIPTION_ID=
> az account set --subscription ${AZURE_SUBSCRIPTION_ID}
@@ -178,4 +178,4 @@ The Cloud Shell should automatically clean itself up. However, if you want to pr
```bash
cd ~/
rm -rf ~/environment
-```
\ No newline at end of file
+```
From 636ca333e52e153eb854d69d07d2b8eb3c7bbd05 Mon Sep 17 00:00:00 2001
From: Charlie McBride <33269602+charliedmcb@users.noreply.github.com>
Date: Thu, 14 Nov 2024 09:10:37 -0800
Subject: [PATCH 2/8] docs(workshop): add re-establish command (#575)
* add re-establish command
* minor adjustments
* update command
* typo
---
.../1_aks_cluster_creation_and_install_karpenter.md | 6 ++++++
docs/workshops/kubecon_azure_track.md | 1 +
2 files changed, 7 insertions(+)
diff --git a/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md b/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md
index fd7804e92..583b98927 100644
--- a/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md
+++ b/docs/workshops/1_aks_cluster_creation_and_install_karpenter.md
@@ -103,6 +103,12 @@ az aks get-credentials --name "${CLUSTER_NAME}" --resource-group "${RG}" --overw
> Note:
> \- If you see a warning for "CryptographyDeprecationWarning", "WARNING: SSH key files", and/or "WARNING: docker_bridge_cidr" these are not a concern, and can be disregarded.
+> Note: If you've been disconnected from Cloud Shell, the env vars may have been removed. If you experience this issue follow [reestablish_env.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/reestablish_env.md), along with restoring AKS_JSON, and KMSI_JSON using the command below. AKS_JSON, and KMSI_JSON are only required for the next two bash scripts, and not required for any future env recovery.
+> ```bash
+> AKS_JSON=$(az aks show --name "${CLUSTER_NAME}" --resource-group "${RG}")
+> KMSI_JSON=$(az identity show --name karpentermsi --resource-group "${RG}")
+> ```
+
Create federated credential linked to the karpenter service account for auth usage:
```bash
diff --git a/docs/workshops/kubecon_azure_track.md b/docs/workshops/kubecon_azure_track.md
index 04cb1991b..2f8d1a9c6 100644
--- a/docs/workshops/kubecon_azure_track.md
+++ b/docs/workshops/kubecon_azure_track.md
@@ -143,6 +143,7 @@ Everything beyond this point is optional. Although, if skipping these steps, you
```bash
kubectl delete aksnodeclass default
```
+ > Note: it's expected to see an error for the inflate-pdb cleanup, and this can be ignored.
- The same concepts within the workshop generally translate to AKS. However, for the deployment step of the NodePool, use the deployment command found in [13_disruption_controls.md](https://github.com/Azure/karpenter-provider-azure/tree/main/docs/workshops/13_disruption_controls.md)
- > Note: don't be surprised if after the `expireAfter` of `2m` has occurred that there are new instances being created, and removed. This is expected.
- > Note: you may see a log for selecting the instance type and resolving the image after nodeclaim creation.
From a521e30be3b685bfaa0941deadc2a03ba0564cf0 Mon Sep 17 00:00:00 2001
From: Charlie McBride <33269602+charliedmcb@users.noreply.github.com>
Date: Tue, 19 Nov 2024 17:13:04 -0800
Subject: [PATCH 3/8] add pretty print command for klogs (#580)
---
Makefile-az.mk | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/Makefile-az.mk b/Makefile-az.mk
index 9feaed157..324ac665c 100755
--- a/Makefile-az.mk
+++ b/Makefile-az.mk
@@ -18,7 +18,7 @@ KARPENTER_FEDERATED_IDENTITY_CREDENTIAL_NAME ?= KARPENTER_FID
CUSTOM_VNET_NAME ?= $(AZURE_CLUSTER_NAME)-vnet
CUSTOM_SUBNET_NAME ?= nodesubnet
-az-all: az-login az-create-workload-msi az-mkaks-cilium az-create-federated-cred az-perm az-perm-acr az-configure-values az-build az-run az-run-sample ## Provision the infra (ACR,AKS); build and deploy Karpenter; deploy sample Provisioner and workload
+az-all: az-login az-create-workload-msi az-mkaks-cilium az-create-federated-cred az-perm az-perm-acr az-configure-values az-build az-run az-run-sample ## Provision the infra (ACR,AKS); build and deploy Karpenter; deploy sample Provisioner and workload
az-all-cniv1: az-login az-create-workload-msi az-mkaks-cniv1 az-create-federated-cred az-perm az-perm-acr az-configure-values az-build az-run az-run-sample ## Provision the infra (ACR,AKS); build and deploy Karpenter; deploy sample Provisioner and workload
@@ -46,9 +46,9 @@ az-mkacr: az-mkrg ## Create test ACR
az-acrimport: ## Imports an image to an acr registry
az acr import --name $(AZURE_ACR_NAME) --source "mcr.microsoft.com/oss/kubernetes/pause:3.6" --image "pause:3.6"
-az-cleanenv: az-rmnodeclaims-fin ## Deletes a few common karpenter testing resources(pods, nodepools, nodeclaims, aksnodeclasses)
+az-cleanenv: az-rmnodeclaims-fin ## Deletes a few common karpenter testing resources(pods, nodepools, nodeclaims, aksnodeclasses)
kubectl delete pods -n default --all
- kubectl delete nodeclaims --all
+ kubectl delete nodeclaims --all
kubectl delete nodepools --all
kubectl delete aksnodeclasses --all
@@ -319,10 +319,14 @@ az-kdebug: ## Inject ephemeral debug container (kubectl debug) into Karpenter po
$(eval POD=$(shell kubectl get pods -l app.kubernetes.io/name=karpenter -n "${KARPENTER_NAMESPACE}" -o name))
kubectl debug -n "${KARPENTER_NAMESPACE}" $(POD) --image wbitt/network-multitool -it -- sh
-az-klogs: ## Karpenter logs
+az-klogs-watch: ## Watch Karpenter logs
$(eval POD=$(shell kubectl get pods -l app.kubernetes.io/name=karpenter -n "${KARPENTER_NAMESPACE}" -o name))
kubectl logs -f -n "${KARPENTER_NAMESPACE}" $(POD)
+az-klogs-pretty: ## Pretty Print Karpenter logs
+ $(eval POD=$(shell kubectl get pods -l app.kubernetes.io/name=karpenter -n "${KARPENTER_NAMESPACE}" -o name))
+ kubectl logs -n "${KARPENTER_NAMESPACE}" $(POD) | jq "."
+
az-kevents: ## Karpenter events
kubectl get events -A --field-selector source=karpenter
From df5a0d1fe0a286def6d89dcba0fdce093b2b98cf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Nov 2024 12:51:19 -0800
Subject: [PATCH 4/8] chore(deps): bump the actions-deps group across 1
directory with 5 updates (#583)
Bumps the actions-deps group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.1` | `2.10.2` |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.1` | `4.2.2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.26.13` | `3.27.5` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.4` | `4.5.0` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.0.4` | `4.1.0` |
Updates `step-security/harden-runner` from 2.10.1 to 2.10.2
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f)
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683)
Updates `github/codeql-action` from 3.26.13 to 3.27.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...f09c1c0a94de965c15400f5634aa42fac8fb8f88)
Updates `actions/dependency-review-action` from 4.3.4 to 4.5.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/5a2ce3f5b92ee19cbb1541a4984c76d921601d7c...3b139cfc5fae8b618d3eae3675e383bb1769c019)
Updates `actions/setup-node` from 4.0.4 to 4.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/0a44ba7841725637a19e28fa30b79a866c81b0a6...39370e3970a6d050c480ffad4ff0ed4d3fdee5af)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-deps
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: actions-deps
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-deps
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-deps
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: actions-deps
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/approval-comment.yaml | 4 ++--
.github/workflows/build-publish-mcr.yml | 4 ++--
.github/workflows/ci-test.yml | 4 ++--
.github/workflows/ci.yml | 4 ++--
.github/workflows/codeql-analysis.yml | 10 +++++-----
.github/workflows/deflake.yml | 4 ++--
.github/workflows/dependency-review.yml | 6 +++---
.github/workflows/e2e-matrix.yaml | 2 +-
.github/workflows/e2e.yaml | 4 ++--
.github/workflows/release-trigger.yaml | 6 +++---
.github/workflows/resolve-args.yaml | 4 ++--
.github/workflows/scorecards.yml | 6 +++---
12 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/.github/workflows/approval-comment.yaml b/.github/workflows/approval-comment.yaml
index bfcf7e678..1de04c76f 100644
--- a/.github/workflows/approval-comment.yaml
+++ b/.github/workflows/approval-comment.yaml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
disable-sudo: true
@@ -20,7 +20,7 @@ jobs:
allowed-endpoints: >
github.com:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Save info about the review comment as an artifact for other workflows that run on workflow_run to download them
diff --git a/.github/workflows/build-publish-mcr.yml b/.github/workflows/build-publish-mcr.yml
index c23ceb64c..61d29a087 100644
--- a/.github/workflows/build-publish-mcr.yml
+++ b/.github/workflows/build-publish-mcr.yml
@@ -23,11 +23,11 @@ jobs:
labels: [self-hosted, "1ES.Pool=${{ vars.RELEASE_1ES_POOL }}"]
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml
index ce0627e5a..b63ae1b5f 100644
--- a/.github/workflows/ci-test.yml
+++ b/.github/workflows/ci-test.yml
@@ -19,7 +19,7 @@ jobs:
K8S_VERSION: ${{ matrix.k8sVersion }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
egress-policy: block
@@ -35,7 +35,7 @@ jobs:
storage.googleapis.com:443
sum.golang.org:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-deps
with:
k8sVersion: ${{ matrix.k8sVersion }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2cf81a450..63326b666 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
egress-policy: block
@@ -27,6 +27,6 @@ jobs:
sum.golang.org:443
vuln.go.dev:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-deps
- run: make ci-non-test
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ffcc35c91..7340c0e7c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,7 +26,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
egress-policy: block
@@ -43,11 +43,11 @@ jobs:
uploads.github.com:443
vuln.go.dev:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-deps
- run: make vulncheck
- - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+ - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
languages: ${{ matrix.language }}
- - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
- - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+ - uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
+ - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
diff --git a/.github/workflows/deflake.yml b/.github/workflows/deflake.yml
index 7200a0b0c..f97928dba 100644
--- a/.github/workflows/deflake.yml
+++ b/.github/workflows/deflake.yml
@@ -14,7 +14,7 @@ jobs:
statuses: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
egress-policy: block
@@ -26,7 +26,7 @@ jobs:
storage.googleapis.com:443
sum.golang.org:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/install-deps
- name: Running tests 5 times to find flaky tests
id: run-deflake
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 4a66fd830..e97e8c207 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
disable-sudo: true
@@ -29,6 +29,6 @@ jobs:
github.com:443
- name: 'Checkout Repository'
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: 'Dependency Review'
- uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+ uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
diff --git a/.github/workflows/e2e-matrix.yaml b/.github/workflows/e2e-matrix.yaml
index 96e4b4aa9..a854583e9 100644
--- a/.github/workflows/e2e-matrix.yaml
+++ b/.github/workflows/e2e-matrix.yaml
@@ -29,7 +29,7 @@ jobs:
E2E_HASH: ${{ steps.generate-e2e-run-hash.outputs.E2E_HASH }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
disable-sudo: true
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index a0a264252..0cfdac413 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -45,7 +45,7 @@ jobs:
AZURE_SUBSCRIPTION_ID: ${{ secrets.E2E_SUBSCRIPTION_ID }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
egress-policy: block
@@ -78,7 +78,7 @@ jobs:
storage.googleapis.com:443
sum.golang.org:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.git_ref }}
- if: always() && github.event_name == 'workflow_run'
diff --git a/.github/workflows/release-trigger.yaml b/.github/workflows/release-trigger.yaml
index fbd6fef53..6b227b4f5 100644
--- a/.github/workflows/release-trigger.yaml
+++ b/.github/workflows/release-trigger.yaml
@@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-telemetry: true
disable-sudo: true
@@ -26,10 +26,10 @@ jobs:
github.com:443
registry.npmjs.org:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+ - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: '20.x' # semantic-release requires Node version 20.8.1 or higher
- name: semantic-release
diff --git a/.github/workflows/resolve-args.yaml b/.github/workflows/resolve-args.yaml
index d24b00827..8588f8e32 100644
--- a/.github/workflows/resolve-args.yaml
+++ b/.github/workflows/resolve-args.yaml
@@ -16,7 +16,7 @@ jobs:
steps:
# Download the artifact and resolve the GIT_REF
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
disable-telemetry: true
@@ -25,7 +25,7 @@ jobs:
api.github.com:443
github.com:443
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- if: github.event_name == 'workflow_run'
uses: ./.github/actions/download-artifact
- id: resolve-step
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 0ceb6565a..62c4fcb49 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -31,7 +31,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
disable-telemetry: true
@@ -55,7 +55,7 @@ jobs:
www.bestpractices.dev:443
- name: "Checkout code"
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
@@ -90,6 +90,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+ uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
with:
sarif_file: results.sarif
From 96d02179456ff796b9b273c3e7539235f81ddf96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Nov 2024 12:53:11 -0800
Subject: [PATCH 5/8] chore(deps): bump actions/checkout (#550)
Bumps the action-deps group in /.github/actions/e2e/create-acr with 1 update: [actions/checkout](https://github.com/actions/checkout).
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-deps
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com>
---
.github/actions/e2e/create-acr/action.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/e2e/create-acr/action.yaml b/.github/actions/e2e/create-acr/action.yaml
index ce39866f3..7fddd4754 100644
--- a/.github/actions/e2e/create-acr/action.yaml
+++ b/.github/actions/e2e/create-acr/action.yaml
@@ -25,7 +25,7 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.git_ref }}
- name: az login
From 57a77625a2d3f818bf0043ccd1f04a44d938be2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Nov 2024 12:53:47 -0800
Subject: [PATCH 6/8] chore(deps): bump actions/checkout (#549)
Bumps the action-deps group in /.github/actions/e2e/install-karpenter with 1 update: [actions/checkout](https://github.com/actions/checkout).
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-deps
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com>
---
.github/actions/e2e/install-karpenter/action.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/e2e/install-karpenter/action.yaml b/.github/actions/e2e/install-karpenter/action.yaml
index 52e752a41..f70e245cc 100644
--- a/.github/actions/e2e/install-karpenter/action.yaml
+++ b/.github/actions/e2e/install-karpenter/action.yaml
@@ -31,7 +31,7 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.git_ref }}
- name: az login
From 7d0c136f9c5e65d530c1a3ca37d250347597f3bf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Nov 2024 12:54:16 -0800
Subject: [PATCH 7/8] chore(deps): bump actions/checkout (#548)
Bumps the action-deps group in /.github/actions/e2e/dump-logs with 1 update: [actions/checkout](https://github.com/actions/checkout).
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-deps
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com>
---
.github/actions/e2e/dump-logs/action.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/e2e/dump-logs/action.yaml b/.github/actions/e2e/dump-logs/action.yaml
index 12e8fa2f0..125232e37 100644
--- a/.github/actions/e2e/dump-logs/action.yaml
+++ b/.github/actions/e2e/dump-logs/action.yaml
@@ -22,7 +22,7 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.git_ref }}
- name: az login
From bca857c1851145ae5c1ef63ffd8e8443a7fc022e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 26 Nov 2024 12:54:53 -0800
Subject: [PATCH 8/8] chore(deps): bump actions/checkout (#545)
Bumps the action-deps group in /.github/actions/e2e/cleanup with 1 update: [actions/checkout](https://github.com/actions/checkout).
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-deps
...
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alex Leites <18728999+tallaxes@users.noreply.github.com>
---
.github/actions/e2e/cleanup/action.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/actions/e2e/cleanup/action.yaml b/.github/actions/e2e/cleanup/action.yaml
index 1d53ad6fa..ca76b5e03 100644
--- a/.github/actions/e2e/cleanup/action.yaml
+++ b/.github/actions/e2e/cleanup/action.yaml
@@ -28,7 +28,7 @@ inputs:
runs:
using: "composite"
steps:
- - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.git_ref }}
- name: az login