Skip to content

Commit b672d76

Browse files
authored
Merge branch 'main' into kacpersaw/cancel-pending-provisioner-jobs
2 parents acffda6 + 59c8b56 commit b672d76

File tree

113 files changed

+5386
-1053
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

113 files changed

+5386
-1053
lines changed

.github/workflows/ci.yaml

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
3535
steps:
3636
- name: Harden Runner
37-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
37+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
3838
with:
3939
egress-policy: audit
4040

@@ -154,7 +154,7 @@ jobs:
154154
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
155155
steps:
156156
- name: Harden Runner
157-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
157+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
158158
with:
159159
egress-policy: audit
160160

@@ -226,7 +226,7 @@ jobs:
226226
if: ${{ !cancelled() }}
227227
steps:
228228
- name: Harden Runner
229-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
229+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
230230
with:
231231
egress-policy: audit
232232

@@ -281,7 +281,7 @@ jobs:
281281
timeout-minutes: 7
282282
steps:
283283
- name: Harden Runner
284-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
284+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
285285
with:
286286
egress-policy: audit
287287

@@ -327,7 +327,7 @@ jobs:
327327
- name: Harden Runner
328328
# Harden Runner is only supported on Ubuntu runners.
329329
if: runner.os == 'Linux'
330-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
330+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
331331
with:
332332
egress-policy: audit
333333

@@ -418,7 +418,7 @@ jobs:
418418
- windows-2022
419419
steps:
420420
- name: Harden Runner
421-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
421+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
422422
with:
423423
egress-policy: audit
424424

@@ -613,7 +613,7 @@ jobs:
613613
timeout-minutes: 25
614614
steps:
615615
- name: Harden Runner
616-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
616+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
617617
with:
618618
egress-policy: audit
619619

@@ -662,7 +662,7 @@ jobs:
662662
timeout-minutes: 25
663663
steps:
664664
- name: Harden Runner
665-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
665+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
666666
with:
667667
egress-policy: audit
668668

@@ -711,7 +711,7 @@ jobs:
711711
timeout-minutes: 25
712712
steps:
713713
- name: Harden Runner
714-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
714+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
715715
with:
716716
egress-policy: audit
717717

@@ -770,7 +770,7 @@ jobs:
770770
timeout-minutes: 20
771771
steps:
772772
- name: Harden Runner
773-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
773+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
774774
with:
775775
egress-policy: audit
776776

@@ -796,7 +796,7 @@ jobs:
796796
timeout-minutes: 20
797797
steps:
798798
- name: Harden Runner
799-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
799+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
800800
with:
801801
egress-policy: audit
802802

@@ -828,7 +828,7 @@ jobs:
828828
name: ${{ matrix.variant.name }}
829829
steps:
830830
- name: Harden Runner
831-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
831+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
832832
with:
833833
egress-policy: audit
834834

@@ -901,7 +901,7 @@ jobs:
901901
if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
902902
steps:
903903
- name: Harden Runner
904-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
904+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
905905
with:
906906
egress-policy: audit
907907

@@ -981,7 +981,7 @@ jobs:
981981

982982
steps:
983983
- name: Harden Runner
984-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
984+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
985985
with:
986986
egress-policy: audit
987987

@@ -1050,7 +1050,7 @@ jobs:
10501050
if: always()
10511051
steps:
10521052
- name: Harden Runner
1053-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
1053+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
10541054
with:
10551055
egress-policy: audit
10561056

@@ -1180,7 +1180,7 @@ jobs:
11801180
IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
11811181
steps:
11821182
- name: Harden Runner
1183-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
1183+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
11841184
with:
11851185
egress-policy: audit
11861186

@@ -1526,7 +1526,7 @@ jobs:
15261526
id-token: write
15271527
steps:
15281528
- name: Harden Runner
1529-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
1529+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
15301530
with:
15311531
egress-policy: audit
15321532

@@ -1545,7 +1545,7 @@ jobs:
15451545
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
15461546

15471547
- name: Set up Flux CLI
1548-
uses: fluxcd/flux2/action@a48f81a66c4ca9fbd993233ab99dd03a7cfbe09a # v2.6.2
1548+
uses: fluxcd/flux2/action@bda4c8187e436462be0d072e728b67afa215c593 # v2.6.3
15491549
with:
15501550
# Keep this and the github action up to date with the version of flux installed in dogfood cluster
15511551
version: "2.5.1"
@@ -1590,7 +1590,7 @@ jobs:
15901590
if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
15911591
steps:
15921592
- name: Harden Runner
1593-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
1593+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
15941594
with:
15951595
egress-policy: audit
15961596

@@ -1625,7 +1625,7 @@ jobs:
16251625
if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
16261626
steps:
16271627
- name: Harden Runner
1628-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
1628+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
16291629
with:
16301630
egress-policy: audit
16311631

.github/workflows/docker-base.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
if: github.repository_owner == 'coder'
3939
steps:
4040
- name: Harden Runner
41-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
41+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
4242
with:
4343
egress-policy: audit
4444

.github/workflows/dogfood.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }}
2828
steps:
2929
- name: Harden Runner
30-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
30+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
3131
with:
3232
egress-policy: audit
3333

@@ -118,7 +118,7 @@ jobs:
118118
runs-on: ubuntu-latest
119119
steps:
120120
- name: Harden Runner
121-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
121+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
122122
with:
123123
egress-policy: audit
124124

.github/workflows/pr-auto-assign.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
runs-on: ubuntu-latest
1515
steps:
1616
- name: Harden Runner
17-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
17+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
1818
with:
1919
egress-policy: audit
2020

.github/workflows/pr-cleanup.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
packages: write
2020
steps:
2121
- name: Harden Runner
22-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
22+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
2323
with:
2424
egress-policy: audit
2525

.github/workflows/pr-deploy.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ jobs:
3939
PR_OPEN: ${{ steps.check_pr.outputs.pr_open }}
4040
steps:
4141
- name: Harden Runner
42-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
42+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
4343
with:
4444
egress-policy: audit
4545

@@ -74,7 +74,7 @@ jobs:
7474
runs-on: "ubuntu-latest"
7575
steps:
7676
- name: Harden Runner
77-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
77+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
7878
with:
7979
egress-policy: audit
8080

@@ -174,7 +174,7 @@ jobs:
174174
pull-requests: write # needed for commenting on PRs
175175
steps:
176176
- name: Harden Runner
177-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
177+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
178178
with:
179179
egress-policy: audit
180180

@@ -218,7 +218,7 @@ jobs:
218218
CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }}
219219
steps:
220220
- name: Harden Runner
221-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
221+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
222222
with:
223223
egress-policy: audit
224224

@@ -276,7 +276,7 @@ jobs:
276276
PR_HOSTNAME: "pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
277277
steps:
278278
- name: Harden Runner
279-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
279+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
280280
with:
281281
egress-policy: audit
282282

.github/workflows/release-validation.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414

1515
steps:
1616
- name: Harden Runner
17-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
17+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
1818
with:
1919
egress-policy: audit
2020

.github/workflows/release.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ jobs:
134134
version: ${{ steps.version.outputs.version }}
135135
steps:
136136
- name: Harden Runner
137-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
137+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
138138
with:
139139
egress-policy: audit
140140

@@ -737,7 +737,7 @@ jobs:
737737
# TODO: skip this if it's not a new release (i.e. a backport). This is
738738
# fine right now because it just makes a PR that we can close.
739739
- name: Harden Runner
740-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
740+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
741741
with:
742742
egress-policy: audit
743743

@@ -813,7 +813,7 @@ jobs:
813813

814814
steps:
815815
- name: Harden Runner
816-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
816+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
817817
with:
818818
egress-policy: audit
819819

@@ -903,7 +903,7 @@ jobs:
903903
if: ${{ !inputs.dry_run }}
904904
steps:
905905
- name: Harden Runner
906-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
906+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
907907
with:
908908
egress-policy: audit
909909

.github/workflows/scorecard.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020

2121
steps:
2222
- name: Harden Runner
23-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
23+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
2424
with:
2525
egress-policy: audit
2626

@@ -47,6 +47,6 @@ jobs:
4747

4848
# Upload the results to GitHub's code scanning dashboard.
4949
- name: "Upload to code-scanning"
50-
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
50+
uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1
5151
with:
5252
sarif_file: results.sarif

.github/workflows/security.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
2828
steps:
2929
- name: Harden Runner
30-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
30+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
3131
with:
3232
egress-policy: audit
3333

@@ -38,7 +38,7 @@ jobs:
3838
uses: ./.github/actions/setup-go
3939

4040
- name: Initialize CodeQL
41-
uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
41+
uses: github/codeql-action/init@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1
4242
with:
4343
languages: go, javascript
4444

@@ -48,7 +48,7 @@ jobs:
4848
rm Makefile
4949
5050
- name: Perform CodeQL Analysis
51-
uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
51+
uses: github/codeql-action/analyze@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1
5252

5353
- name: Send Slack notification on failure
5454
if: ${{ failure() }}
@@ -67,7 +67,7 @@ jobs:
6767
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
6868
steps:
6969
- name: Harden Runner
70-
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
70+
uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
7171
with:
7272
egress-policy: audit
7373

@@ -150,7 +150,7 @@ jobs:
150150
severity: "CRITICAL,HIGH"
151151

152152
- name: Upload Trivy scan results to GitHub Security tab
153-
uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
153+
uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3.29.1
154154
with:
155155
sarif_file: trivy-results.sarif
156156
category: "Trivy"

0 commit comments

Comments
 (0)