diff --git a/.github/actions/image-tag-and-push/action.yml b/.github/actions/image-tag-and-push/action.yml index fa733dffa..c531c4138 100644 --- a/.github/actions/image-tag-and-push/action.yml +++ b/.github/actions/image-tag-and-push/action.yml @@ -34,7 +34,7 @@ runs: steps: - name: Login to Docker Hub if: ${{ github.ref == 'refs/heads/main' && inputs.last_commit_tag_exists == '0' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ inputs.docker_username }} password: ${{ inputs.docker_password }} @@ -65,7 +65,7 @@ runs: docker save ${{ inputs.image_name }}:${{ inputs.commit_tag }} | gzip > ${{ steps.split.outputs.image_name_suffix }}-docker-image.tar.gz - name: Upload Docker image artifact for later use in e2e test if: ${{ github.ref == 'refs/heads/main' && inputs.last_commit_tag_exists == '0' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: ${{ steps.split.outputs.image_name_suffix }} path: ${{ steps.split.outputs.image_name_suffix }}-docker-image.tar.gz diff --git a/.github/workflows/all-tools.yml b/.github/workflows/all-tools.yml index 380bcdf69..48e4cf5b9 100644 --- a/.github/workflows/all-tools.yml +++ b/.github/workflows/all-tools.yml @@ -16,15 +16,15 @@ on: jobs: changes: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Filter commit changes outputs: all-tools: ${{ steps.filter.outputs['all-tools'] }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Filter commit changes - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 #v3.0.2 id: filter with: base: ${{ github.ref }} @@ -39,13 +39,13 @@ jobs: uses: ./.github/workflows/reuse-store-image-name-and-tags.yml check_image_tags_exist: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Check image tags exist needs: [ changes, store_image_name_and_tags ] if: ${{ needs.changes.outputs['all-tools'] == 'false' }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Check image tags exist uses: ./.github/actions/check-image-tags-exist with: @@ -53,7 +53,7 @@ jobs: image_name: consensys/linea-alltools all-tools-tag-only: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: All tools tag only needs: [ changes, store_image_name_and_tags, check_image_tags_exist ] if: ${{ github.event_name != 'pull_request' && needs.changes.outputs['all-tools'] == 'false' }} @@ -61,7 +61,7 @@ jobs: image_tagged: ${{ steps.image_tag_push.outputs.image_tagged }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Tag and push image id: image_tag_push uses: ./.github/actions/image-tag-and-push @@ -77,7 +77,7 @@ jobs: build-and-publish: needs: [ changes, store_image_name_and_tags, all-tools-tag-only ] if: ${{ always() && (needs.changes.outputs['all-tools'] == 'true' || needs.all-tools-tag-only.result != 'success' || needs.all-tools-tag-only.outputs.image_tagged != 'true') }} - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small env: COMMIT_TAG: ${{ needs.store_image_name_and_tags.outputs.commit_tag }} DEVELOP_TAG: ${{ needs.store_image_name_and_tags.outputs.develop_tag }} @@ -85,13 +85,13 @@ jobs: name: All tools build and push steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ssh-key: ${{ secrets.SELF_GITHUB_SSH_KEY }} submodules: true persist-credentials: false - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -101,17 +101,17 @@ jobs: # cases. We can later set up self-hosted arm64 github runners if we # want arm* based images back. # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 + # uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a #v3.3.0 # with: # platforms: 'arm64,arm' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Show the "version" build argument run: | echo "We inject the commit tag in the docker image ${{ env.COMMIT_TAG }}" echo COMMIT_TAG=${{ env.COMMIT_TAG }} >> GITHUB_ENV - name: Build and push all tools image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 with: context: . file: ./operations/Dockerfile diff --git a/.github/workflows/bridge-ui-e2e-tests.yml b/.github/workflows/bridge-ui-e2e-tests.yml index d860682b3..b0bde87f5 100644 --- a/.github/workflows/bridge-ui-e2e-tests.yml +++ b/.github/workflows/bridge-ui-e2e-tests.yml @@ -16,10 +16,10 @@ on: jobs: run-e2e-tests: - runs-on: [self-hosted, ubuntu-20.04, X64, medium] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-med steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Setup nodejs environment uses: ./.github/actions/setup-nodejs @@ -58,7 +58,7 @@ jobs: NEXT_PUBLIC_INFURA_ID: ${{ secrets.PUBLIC_BRIDGE_UI_INFURA_ID }} - name: Archive Playwright report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 if: failure() with: name: playwright-report-headful diff --git a/.github/workflows/bridge-ui-publish.yml b/.github/workflows/bridge-ui-publish.yml index e129c4b2e..34e88308f 100644 --- a/.github/workflows/bridge-ui-publish.yml +++ b/.github/workflows/bridge-ui-publish.yml @@ -16,10 +16,10 @@ on: jobs: publish: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Get version from package.json id: package-version @@ -32,17 +32,17 @@ jobs: run: echo "DOCKER_TAG=${GITHUB_SHA:0:7}-$(date +%s)-bridge-ui-${{ steps.package-version.outputs.current-version }}" | tee $GITHUB_ENV - name: Login to Docker Repository - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Docker Image Build and Publish id: docker-build-publish - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 with: context: . file: ./bridge-ui/Dockerfile diff --git a/.github/workflows/cache-docker-images.yml b/.github/workflows/cache-docker-images.yml index 4118e2643..3492e7900 100644 --- a/.github/workflows/cache-docker-images.yml +++ b/.github/workflows/cache-docker-images.yml @@ -9,7 +9,7 @@ on: jobs: check-dockerhub-secrets-present: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small env: DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} @@ -24,15 +24,15 @@ jobs: changes: needs: [ check-dockerhub-secrets-present ] if: ${{ always() && needs.check-dockerhub-secrets-present.outputs.secrets_present == 'true' }} - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Filter commit changes outputs: cache_images: ${{ steps.filter.outputs.cache_images }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Filter commit changes - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 #v3.0.2 id: filter with: base: ${{ github.ref }} @@ -46,12 +46,12 @@ jobs: pull-and-cache-images: needs: [ check-dockerhub-secrets-present, changes ] if: ${{ always() && needs.check-dockerhub-secrets-present.outputs.secrets_present == 'true' && needs.changes.outputs.cache_images == 'true' }} - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 00fb4cd36..d88798e0f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,7 @@ on: jobs: analyze: name: Analyze - runs-on: [self-hosted, ubuntu-20.04, X64, medium] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-med permissions: actions: read contents: read @@ -42,11 +42,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c #v3.28.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # queries: security-extended,security-and-quality - - uses: actions/setup-java@v4 + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: distribution: temurin java-version: 21 @@ -85,7 +85,7 @@ jobs: output: sarif-results sarif-file: ${{ matrix.language }}-results.sarif - name: Upload CodeQL Results - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: codeql-results-${{ matrix.language }} path: sarif-results diff --git a/.github/workflows/coordinator-build-and-publish.yml b/.github/workflows/coordinator-build-and-publish.yml index 33a718f0d..83cb7c9c3 100644 --- a/.github/workflows/coordinator-build-and-publish.yml +++ b/.github/workflows/coordinator-build-and-publish.yml @@ -67,7 +67,7 @@ jobs: run: | echo "TAGS=${{ env.IMAGE_NAME }}:${{ env.COMMIT_TAG }},${{ env.IMAGE_NAME }}:${{ env.DEVELOP_TAG }}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b #v4.5.0 with: distribution: temurin @@ -81,22 +81,22 @@ jobs: ./gradlew coordinator:app:installDist - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a #v3.3.0 - name: Set up Docker Buildx - local id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Docker meta id: coordinator - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 #v5.6.1 with: images: ${{ env.IMAGE_NAME }} - name: Build for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'false' }} with: context: . @@ -113,12 +113,12 @@ jobs: shell: bash - name: Upload Docker image artifact if: ${{ env.PUSH_IMAGE == 'false' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linea-coordinator path: linea-coordinator-docker-image.tar.gz - name: Build & push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'true' || github.event_name == 'workflow_dispatch' }} with: context: . diff --git a/.github/workflows/coordinator-testing.yml b/.github/workflows/coordinator-testing.yml index edaf2e582..101fe38d2 100644 --- a/.github/workflows/coordinator-testing.yml +++ b/.github/workflows/coordinator-testing.yml @@ -30,7 +30,7 @@ jobs: name: Coordinator tests steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b #v4.5.0 with: distribution: temurin @@ -41,7 +41,7 @@ jobs: uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 #v4.2.1 - name: Restore cached images id: restore-cached-images - uses: actions/cache/restore@v4.0.2 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 with: path: ~/docker-images key: cached-images @@ -57,7 +57,7 @@ jobs: ./gradlew -V coordinator:app:buildNeeded - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -69,14 +69,14 @@ jobs: run: | ./gradlew jacocoRootReport - name: Upload Jacoco test coverage report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: jacocoRootReport-${{ env.COMMIT_TAG }}.xml if-no-files-found: error path: | ${{ github.workspace }}/build/reports/jacoco/jacocoRootReport/jacocoRootReport.xml - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v5.1.2 #1e68e06f1dbfde0e4cefc87efeba9e4643565303 with: fail_ci_if_error: true files: ${{ github.workspace }}/build/reports/jacoco/jacocoRootReport/jacocoRootReport.xml diff --git a/.github/workflows/finalized-tag-updater-github-release.yml b/.github/workflows/finalized-tag-updater-github-release.yml index f208ab32e..3a37f3718 100644 --- a/.github/workflows/finalized-tag-updater-github-release.yml +++ b/.github/workflows/finalized-tag-updater-github-release.yml @@ -9,15 +9,15 @@ on: jobs: release: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: fetch-depth: 1 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: java-version: '21' distribution: 'temurin' @@ -25,7 +25,7 @@ jobs: # Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies. # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Clean # ./gradlew clean is necessary because the build is cached @@ -51,7 +51,7 @@ jobs: # Persist logs - name: JReleaser release output if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: jreleaser-release path: | diff --git a/.github/workflows/load-test.yml b/.github/workflows/load-test.yml index de8f23754..166088227 100644 --- a/.github/workflows/load-test.yml +++ b/.github/workflows/load-test.yml @@ -27,22 +27,22 @@ concurrency: jobs: run-load-test: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Run Load Test steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: distribution: temurin java-version: 17 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Hide sensitive inputs - uses: levibostian/action-hide-sensitive-inputs@1.0.0 + uses: levibostian/action-hide-sensitive-inputs@80877460a95aa5e56cba23314096ef0e0a3c10c1 #1.1.1 with: exclude_inputs: network, file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ebc8e990b..0fcdc6f7c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,7 +11,7 @@ jobs: uses: ./.github/workflows/reuse-store-image-name-and-tags.yml filter-commit-changes: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Filter commit changes outputs: coordinator: ${{ steps.filter.outputs.coordinator }} @@ -22,9 +22,9 @@ jobs: has-changes-requiring-build: ${{ steps.filter-out.outputs.has-changes-requiring-build }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Filter commit changes - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 #v3.0.2 id: filter with: base: ${{ github.ref }} @@ -105,7 +105,7 @@ jobs: - 'gradle.properties' - 'settings.gradle' - name: Filter out commit changes - uses: dorny/paths-filter@v3 + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 #v3.0.2 id: filter-out with: base: ${{ github.ref }} @@ -135,7 +135,7 @@ jobs: secrets: inherit manual-docker-build-and-e2e-tests: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small needs: [ store-image-name-and-tags, filter-commit-changes, check-and-tag-images ] if: ${{ needs.filter-commit-changes.outputs.has-changes-requiring-build == 'true' }} environment: ${{ github.ref != 'refs/heads/main' && 'docker-build-and-e2e' || '' }} @@ -231,9 +231,9 @@ jobs: cleanup-deployments: needs: [ run-e2e-tests, run-e2e-tests-geth-tracing ] if: ${{ always() }} - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - - uses: strumwolf/delete-deployment-environment@v3 + - uses: strumwolf/delete-deployment-environment@a4825dd9648c57da8437a4885c3fcad58beac69c #v3.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} environment: docker-build-and-e2e diff --git a/.github/workflows/maven-release.yml b/.github/workflows/maven-release.yml index 719c6af66..a30edfe9d 100644 --- a/.github/workflows/maven-release.yml +++ b/.github/workflows/maven-release.yml @@ -16,12 +16,12 @@ jobs: runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-med steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: fetch-depth: 1 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: java-version: '21' distribution: 'temurin' @@ -29,7 +29,7 @@ jobs: # Configure Gradle for optimal use in GiHub Actions, including caching of downloaded dependencies. # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Clean # ./gradlew clean is necessary because the build is cached @@ -67,7 +67,7 @@ jobs: # Persist logs - name: JReleaser release output if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: jreleaser-release path: | diff --git a/.github/workflows/postman-build-and-publish.yml b/.github/workflows/postman-build-and-publish.yml index 698aec842..c4b8a1d05 100644 --- a/.github/workflows/postman-build-and-publish.yml +++ b/.github/workflows/postman-build-and-publish.yml @@ -51,7 +51,7 @@ concurrency: jobs: build-and-publish: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Postman build env: COMMIT_TAG: ${{ inputs.commit_tag }} @@ -67,29 +67,29 @@ jobs: run: | echo "TAGS=${{ env.IMAGE_NAME }}:${{ env.COMMIT_TAG }},${{ env.IMAGE_NAME }}:${{ env.DEVELOP_TAG }}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ssh-key: ${{ secrets.SELF_GITHUB_SSH_KEY }} submodules: true persist-credentials: false - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a #v3.3.0 with: platforms: 'arm64,arm' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Show the "version" build argument run: | echo "We inject the commit tag in the docker image ${{ env.COMMIT_TAG }}" echo COMMIT_TAG=${{ env.COMMIT_TAG }} >> $GITHUB_ENV - name: Build postman image for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'false' }} with: context: ./ @@ -107,12 +107,12 @@ jobs: shell: bash - name: Upload Docker image artifact if: ${{ env.PUSH_IMAGE == 'false' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linea-postman path: linea-postman-docker-image.tar.gz - name: Build and push postman image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'true' || github.event_name == 'workflow_dispatch' }} with: context: ./ diff --git a/.github/workflows/postman-testing.yml b/.github/workflows/postman-testing.yml index a00aa9db8..03e41335a 100644 --- a/.github/workflows/postman-testing.yml +++ b/.github/workflows/postman-testing.yml @@ -9,11 +9,11 @@ concurrency: jobs: run-tests: - runs-on: [self-hosted, ubuntu-22.04, X64, large] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-large name: Postman & SDK tests steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Setup nodejs environment uses: ./.github/actions/setup-nodejs diff --git a/.github/workflows/prover-build-and-publish.yml b/.github/workflows/prover-build-and-publish.yml index fd8ad2029..dc81c2052 100644 --- a/.github/workflows/prover-build-and-publish.yml +++ b/.github/workflows/prover-build-and-publish.yml @@ -54,7 +54,7 @@ env: jobs: build-and-publish: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Prover build env: COMMIT_TAG: ${{ inputs.commit_tag }} @@ -70,25 +70,25 @@ jobs: run: | echo "TAGS=${{ env.IMAGE_NAME }}:${{ env.COMMIT_TAG }},${{ env.IMAGE_NAME }}:${{ env.DEVELOP_TAG }}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: ssh-key: ${{ secrets.SELF_GITHUB_SSH_KEY }} submodules: true persist-credentials: false - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Show the "version" build argument run: | echo "We inject the commit tag in the docker image ${{ env.COMMIT_TAG }}" echo COMMIT_TAG=${{ env.COMMIT_TAG }} >> $GITHUB_ENV - name: Build and push prover image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'false' }} with: context: . @@ -110,12 +110,12 @@ jobs: shell: bash - name: Upload Docker image artifact if: ${{ env.PUSH_IMAGE == 'false' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linea-prover path: linea-prover-docker-image.tar.gz - name: Build and push prover image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'true' || github.event_name == 'workflow_dispatch' }} with: context: . diff --git a/.github/workflows/prover-native-lib-blob-compressor-release.yml b/.github/workflows/prover-native-lib-blob-compressor-release.yml index 2d87a26b0..8ed2154e0 100644 --- a/.github/workflows/prover-native-lib-blob-compressor-release.yml +++ b/.github/workflows/prover-native-lib-blob-compressor-release.yml @@ -25,9 +25,9 @@ jobs: runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0 with: go-version: 1.22.x @@ -50,7 +50,7 @@ jobs: GOARCH="amd64" go build -tags=nocorset -buildmode=c-shared -o ./target/${TARGET_DECOMPRESSOR}_${VERSION}_linux_x86_64.so ${SRC_DECOMPRESSOR} - name: Cache built binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linux-artefacts path: ./prover/target @@ -59,9 +59,9 @@ jobs: runs-on: gha-runner-scale-set-ubuntu-22.04-arm64-small steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0 with: go-version: 1.22.x architecture: arm64 @@ -84,7 +84,7 @@ jobs: GOARCH="arm64" go build -tags=nocorset -buildmode=c-shared -o ./target/${TARGET_COMPRESSOR}_${VERSION}_linux_arm64.so ${SRC_COMPRESSOR} GOARCH="arm64" go build -tags=nocorset -buildmode=c-shared -o ./target/${TARGET_DECOMPRESSOR}_${VERSION}_linux_arm64.so ${SRC_DECOMPRESSOR} - name: Cache built binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linux-arm64-artefacts path: ./prover/target @@ -93,9 +93,9 @@ jobs: runs-on: macos-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0 with: go-version: 1.22.x - name: Build the MacOS artefacts @@ -120,7 +120,7 @@ jobs: GOARCH="arm64" go build -tags=nocorset -buildmode=c-shared -o ./target/${TARGET_DECOMPRESSOR}_${VERSION}_darwin_arm64.dylib ${SRC_DECOMPRESSOR} - name: Cache built binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: darwin-artefacts path: ./prover/target @@ -131,7 +131,7 @@ jobs: runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Load cached binaries - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4.1.8 with: merge-multiple: true - name: List artifacts @@ -146,7 +146,7 @@ jobs: shell: bash - name: Create Release id: create_release - uses: actions/create-release@v1 + uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e #v1.1.4 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -159,7 +159,7 @@ jobs: commit: ${{ github.sha }} date: ${{ steps.current_date.outputs.date }} - name: Upload Release Asset - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 #v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/prover-testing.yml b/.github/workflows/prover-testing.yml index 29780c57e..51bc10682 100644 --- a/.github/workflows/prover-testing.yml +++ b/.github/workflows/prover-testing.yml @@ -17,18 +17,18 @@ concurrency: jobs: staticcheck: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Prover static check steps: - name: install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0 with: go-version: 1.23.x - name: checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: fetch-depth: 0 - - uses: actions/cache@v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 with: path: | ~/go/pkg/mod @@ -42,7 +42,7 @@ jobs: working-directory: prover run: if [[ -n $(gofmt -l .) ]]; then echo "please run gofmt"; exit 1; fi - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 #v6.1.1 with: version: v1.61.0 working-directory: prover @@ -59,18 +59,18 @@ jobs: strategy: matrix: go-version: [1.23.x] - runs-on: [self-hosted, ubuntu-22.04, X64, large] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-large name: Prover testing needs: - staticcheck steps: - name: install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0 with: go-version: ${{ matrix.go-version }} - name: checkout code - uses: actions/checkout@v4 - - uses: actions/cache@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 with: path: | ~/go/pkg/mod @@ -100,11 +100,11 @@ jobs: needs: - staticcheck - test - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Notify slack -- workflow failed id: slack - uses: slackapi/slack-github-action@v1.23.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 #v1.27.1 with: payload: | { @@ -123,11 +123,11 @@ jobs: needs: - staticcheck - test - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Notify slack -- workflow succeeded id: slack - uses: slackapi/slack-github-action@v1.23.0 + uses: slackapi/slack-github-action@fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3 #v1.27.1 with: payload: | { diff --git a/.github/workflows/reuse-check-images-tags-and-push.yml b/.github/workflows/reuse-check-images-tags-and-push.yml index e0e5b70d5..1cbe948f8 100644 --- a/.github/workflows/reuse-check-images-tags-and-push.yml +++ b/.github/workflows/reuse-check-images-tags-and-push.yml @@ -49,7 +49,7 @@ concurrency: jobs: check_image_tags_exist: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Check image tags exist outputs: last_commit_tag_exists_coordinator: ${{ steps.check_image_tags_exist_coordinator.outputs.last_commit_tag_exists }} @@ -64,7 +64,7 @@ jobs: common_ancestor_commit_tag_exists_transaction_exclusion_api: ${{ steps.check_image_tags_exist_transaction_exclusion_api.outputs.common_ancestor_commit_tag_exists }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Check image tags exist for coordinator uses: ./.github/actions/check-image-tags-exist @@ -97,7 +97,7 @@ jobs: with: last_commit_tag: ${{ inputs.last_commit_tag }} image_name: consensys/linea-traces-api-facade - + - name: Check image tags exist for transaction-exclusion-api uses: ./.github/actions/check-image-tags-exist if: ${{ inputs.transaction_exclusion_api_changed == 'false' }} @@ -107,7 +107,7 @@ jobs: image_name: consensys/linea-transaction-exclusion-api image_tag_push: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small if: ${{ github.ref == 'refs/heads/main' }} name: Tag and push images needs: [ check_image_tags_exist ] @@ -119,7 +119,7 @@ jobs: image_tagged_transaction_exclusion_api: ${{ steps.image_tag_push_transaction_exclusion_api.outputs.image_tagged }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Tag and push coordinator image id: image_tag_push_coordinator diff --git a/.github/workflows/reuse-run-e2e-tests.yml b/.github/workflows/reuse-run-e2e-tests.yml index 44cd6e1da..ea44e4879 100644 --- a/.github/workflows/reuse-run-e2e-tests.yml +++ b/.github/workflows/reuse-run-e2e-tests.yml @@ -80,16 +80,16 @@ jobs: steps: - name: Setup upterm session if: ${{ inputs.e2e-tests-with-ssh }} - uses: lhotari/action-upterm@v1 + uses: lhotari/action-upterm@b0357f23233f5ea6d58947c0c402e0631bab7334 #v1 - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Setup nodejs environment uses: ./.github/actions/setup-nodejs with: pnpm-install-options: '-F contracts -F e2e --frozen-lockfile --prefer-offline' - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -99,14 +99,14 @@ jobs: chmod -R a+w tmp/local/traces/v2/conflated - name: Restore cached images id: restore-cached-images - uses: actions/cache/restore@v4.0.2 + uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 with: path: ~/docker-images key: cached-images restore-keys: | cached- - name: Pull all images with retry - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e #v3.0.0 with: max_attempts: 10 retry_on: error @@ -115,7 +115,7 @@ jobs: command: | make pull-images-external-to-monorepo - name: Download local docker image artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 #v4.1.8 with: pattern: linea-* - name: Load Docker images @@ -129,7 +129,7 @@ jobs: shell: bash - name: Spin up fresh environment with geth tracing with retry if: ${{ inputs.tracing-engine == 'geth' }} - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e #v3.0.0 with: max_attempts: 10 retry_on: error @@ -141,7 +141,7 @@ jobs: make clean-environment - name: Spin up fresh environment with besu tracing with retry if: ${{ inputs.tracing-engine == 'besu' }} - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e #v3.0.0 with: max_attempts: 10 retry_on: error @@ -184,7 +184,7 @@ jobs: docker logs transaction-exclusion-api --since 1h &>> docker_logs/transaction-exclusion-api.txt docker logs sequencer --since 1h &>> docker_logs/sequencer.txt - name: Archive debug logs - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 if: ${{ failure() && inputs.e2e-tests-logs-dump }} with: name: end-2-end-debug-logs diff --git a/.github/workflows/reuse-store-image-name-and-tags.yml b/.github/workflows/reuse-store-image-name-and-tags.yml index e7cf31551..74c920895 100644 --- a/.github/workflows/reuse-store-image-name-and-tags.yml +++ b/.github/workflows/reuse-store-image-name-and-tags.yml @@ -15,7 +15,7 @@ concurrency: jobs: store_image_name_and_tags: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Compute version tags env: # REF_NAME: ${{ github.ref_name }} @@ -26,7 +26,7 @@ jobs: develop_tag: ${{ steps.step1.outputs.DEVELOP_TAG }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Compute version tags id: step1 run: | diff --git a/.github/workflows/run-smc-tests.yml b/.github/workflows/run-smc-tests.yml index af94f3311..e1507d214 100644 --- a/.github/workflows/run-smc-tests.yml +++ b/.github/workflows/run-smc-tests.yml @@ -29,19 +29,19 @@ env: jobs: run-contract-tests: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Run smart contracts tests steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #v5.2.0 with: go-version: 1.23.x cache: false - - uses: actions/cache@v4 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0 with: path: | ~/go/pkg/mod @@ -60,7 +60,7 @@ jobs: # Required for hardhat commands due to @nomicfoundation/hardhat-foundry package - name: Install Foundry - uses: foundry-rs/foundry-toolchain@v1 + uses: foundry-rs/foundry-toolchain@de808b1eea699e761c404bda44ba8f21aba30b2c #v1.3.1 - name: Compile kzg.node run: npx node-gyp --directory=contracts/node_modules/c-kzg rebuild # explicitly running rebuild to get the .node file @@ -69,7 +69,7 @@ jobs: run: pnpm -F contracts run coverage - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v5.1.2 #1e68e06f1dbfde0e4cefc87efeba9e4643565303 with: fail_ci_if_error: true files: ./contracts/coverage/coverage-final.json @@ -80,11 +80,11 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} solidity-format-check: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Solidity format check steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 - name: Setup nodejs environment uses: ./.github/actions/setup-nodejs diff --git a/.github/workflows/security-report-to-csv.yml b/.github/workflows/security-report-to-csv.yml index 6f95c8101..e141eccee 100644 --- a/.github/workflows/security-report-to-csv.yml +++ b/.github/workflows/security-report-to-csv.yml @@ -2,12 +2,12 @@ name: Export Security Report to CSV on: workflow_dispatch jobs: data_gathering: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: CSV export - uses: advanced-security/ghas-to-csv@v2 + uses: advanced-security/ghas-to-csv@3dc93f177ef97ce1623129977dc568589529a318 #v2.1.0 - name: Upload CSV - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: ghas-data path: ${{ github.workspace }}/*.csv diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6222a6f82..fa899fc2b 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -11,9 +11,9 @@ permissions: jobs: stale: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - - uses: actions/stale@v8 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 #v8.0.0 with: # Issues days-before-issue-stale: -1 # Deactivate stale issues diff --git a/.github/workflows/traces-api-facade-build-and-publish.yml b/.github/workflows/traces-api-facade-build-and-publish.yml index 47985aab2..8af026dbe 100644 --- a/.github/workflows/traces-api-facade-build-and-publish.yml +++ b/.github/workflows/traces-api-facade-build-and-publish.yml @@ -67,35 +67,35 @@ jobs: run: | echo "TAGS=${{ env.IMAGE_NAME }}:${{ env.COMMIT_TAG }},${{ env.IMAGE_NAME }}:${{ env.DEVELOP_TAG }}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: distribution: temurin java-version: 21 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Build dist run: | ./gradlew traces-api-facade:app:shadowJar echo ${{ github.workspace }} - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a #v3.3.0 - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Docker meta id: traces-api-facade - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 #v5.6.1 with: images: consensys/linea-traces-api-facade - name: Build for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'false' }} with: context: . @@ -112,12 +112,12 @@ jobs: shell: bash - name: Upload Docker image artifact if: ${{ env.PUSH_IMAGE == 'false' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linea-traces-api-facade path: linea-traces-api-facade-docker-image.tar.gz - name: Build & push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'true' || github.event_name == 'workflow_dispatch' }} with: context: . diff --git a/.github/workflows/traces-api-facade-testing.yml b/.github/workflows/traces-api-facade-testing.yml index 4a75198ec..4d14f29bc 100644 --- a/.github/workflows/traces-api-facade-testing.yml +++ b/.github/workflows/traces-api-facade-testing.yml @@ -17,19 +17,19 @@ concurrency: jobs: run-tests: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Traces api facade tests steps: - name: Checkout - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: distribution: temurin java-version: 21 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Run tests with coverage - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e #v3.0.0 if: ${{ inputs.coverage }} with: max_attempts: 2 @@ -38,7 +38,7 @@ jobs: command: | ./gradlew -V traces-api-facade:app:buildNeeded jacocoRootReport - name: Run tests without coverage - uses: nick-fields/retry@v3 + uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e #v3.0.0 if: ${{ !inputs.coverage }} with: max_attempts: 2 diff --git a/.github/workflows/transaction-exclusion-api-build-and-publish.yml b/.github/workflows/transaction-exclusion-api-build-and-publish.yml index fb09686b1..13f90ee03 100644 --- a/.github/workflows/transaction-exclusion-api-build-and-publish.yml +++ b/.github/workflows/transaction-exclusion-api-build-and-publish.yml @@ -67,34 +67,34 @@ jobs: run: | echo "TAGS=${{ env.IMAGE_NAME }}:${{ env.COMMIT_TAG }},${{ env.IMAGE_NAME }}:${{ env.DEVELOP_TAG }}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: distribution: temurin java-version: 21 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Build dist run: | ./gradlew transaction-exclusion-api:app:installDist --no-daemon - name: Login to Docker Hub if: ${{ env.DOCKERHUB_USERNAME != '' && env.DOCKERHUB_TOKEN != '' }} - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a #v3.3.0 - name: Set up Docker Buildx - local id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 #v3.8.0 - name: Docker meta id: transaction-exclusion-api - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 #v5.6.1 with: images: ${{ env.IMAGE_NAME }} - name: Build for testing - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'false' }} with: context: . @@ -111,12 +111,12 @@ jobs: shell: bash - name: Upload Docker image artifact if: ${{ env.PUSH_IMAGE == 'false' }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0 with: name: linea-transaction-exclusion-api path: linea-transaction-exclusion-api-docker-image.tar.gz - name: Build & push - uses: docker/build-push-action@v6 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc #v6.11.0 if: ${{ env.PUSH_IMAGE == 'true' || github.event_name == 'workflow_dispatch' }} with: context: . diff --git a/.github/workflows/transaction-exclusion-api-testing.yml b/.github/workflows/transaction-exclusion-api-testing.yml index e4a9d6a8d..119a246f2 100644 --- a/.github/workflows/transaction-exclusion-api-testing.yml +++ b/.github/workflows/transaction-exclusion-api-testing.yml @@ -16,17 +16,17 @@ concurrency: jobs: run-tests: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small name: Transaction exclusion api tests steps: - name: Checkout - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 + - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b #v4.6.0 with: distribution: temurin java-version: 21 - name: Setup Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 #v4.2.2 - name: Run tests with coverage if: ${{ inputs.coverage }} run: | diff --git a/.github/workflows/valid-audit-pr-has-tags.yml b/.github/workflows/valid-audit-pr-has-tags.yml index a37e1fcc5..87aec250c 100644 --- a/.github/workflows/valid-audit-pr-has-tags.yml +++ b/.github/workflows/valid-audit-pr-has-tags.yml @@ -9,11 +9,11 @@ on: jobs: check: - runs-on: [self-hosted, ubuntu-20.04, X64, small] + runs-on: gha-runner-scale-set-ubuntu-22.04-amd64-small steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2 with: fetch-depth: 0