From 5b7b8c1b6436b9ae00a650841645807740f58314 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 9 Jul 2025 11:02:23 +0200 Subject: [PATCH 1/2] chore: Bump Rust and action versions --- .github/workflows/generate_prs.yml | 2 +- .github/workflows/pr_pre-commit.yml | 4 +- config/versions.yaml | 6 +-- template/.github/workflows/build.yml.j2 | 46 +++++++++---------- .../.github/workflows/integration-test.yml | 17 ++++++- template/nix/sources.json | 6 +-- 6 files changed, 48 insertions(+), 33 deletions(-) diff --git a/.github/workflows/generate_prs.yml b/.github/workflows/generate_prs.yml index 60b7aee9..d2a3a9c4 100644 --- a/.github/workflows/generate_prs.yml +++ b/.github/workflows/generate_prs.yml @@ -51,7 +51,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31.4.0 + - uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31.4.1 - name: Install Ansible env: DEBIAN_FRONTEND: noninteractive diff --git a/.github/workflows/pr_pre-commit.yml b/.github/workflows/pr_pre-commit.yml index fe2a50a8..f45531a3 100644 --- a/.github/workflows/pr_pre-commit.yml +++ b/.github/workflows/pr_pre-commit.yml @@ -6,7 +6,7 @@ on: env: HADOLINT_VERSION: "v2.12.0" - PYTHON_VERSION: "3.12" + PYTHON_VERSION: "3.13" permissions: {} @@ -18,7 +18,7 @@ jobs: with: persist-credentials: false fetch-depth: 0 - - uses: stackabletech/actions/run-pre-commit@9aae2d1c14239021bfa33c041010f6fb7adec815 # v0.8.2 + - uses: stackabletech/actions/run-pre-commit@@4483641a7e24057bd2ba51cb4c3f2f0010ad21b7 # v0.8.4 with: python-version: ${{ env.PYTHON_VERSION }} hadolint: ${{ env.HADOLINT_VERSION }} diff --git a/config/versions.yaml b/config/versions.yaml index 3f6e2471..872ffd0a 100644 --- a/config/versions.yaml +++ b/config/versions.yaml @@ -2,7 +2,7 @@ # IMPORTANT # If you change the Rust toolchain version here, make sure to also change # docker-images/ubi8-rust-builder/Dockerfile & docker-images/ubi9-rust-builder/Dockerfile -rust_version: 1.85.0 +rust_version: 1.87.0 # This nightly version is only used for cargo fmt invocations, because we use nightly-only # rustfmt config options in rustfmt.toml. The version should be kept in line with the version @@ -22,11 +22,11 @@ hadolint_version: v2.12.0 # IMPORTANT # If you change the Python version here, make sure to also change it in # .github/workflows/pr_pre-commit.yml -python_version: 3.12 +python_version: 3.13 # This Nix version is used in the operators pre-commit workflow as they require # Nix to run some checks. Check for new versions here: # https://github.com/NixOS/nix/tags # Usually the latest version should just work and as such the version here can # be bumped without any constraints. -nix_pkg_manager_version: 2.28.3 +nix_pkg_manager_version: 2.30.0 diff --git a/template/.github/workflows/build.yml.j2 b/template/.github/workflows/build.yml.j2 index 56944157..8a6efefa 100644 --- a/template/.github/workflows/build.yml.j2 +++ b/template/.github/workflows/build.yml.j2 @@ -42,7 +42,7 @@ jobs: RUSTC_BOOTSTRAP: 1 steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3 + uses: awalsh128/cache-apt-pkgs-action@4c82c3ccdc1344ee11e9775dbdbdf43aa8a5614e # v1.5.1 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -50,10 +50,10 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 with: key: udeps cache-all-crates: "true" @@ -114,7 +114,7 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: EmbarkStudios/cargo-deny-action@34899fc7ba81ca6268d5947a7a16b4649013fea1 # v2.0.11 + - uses: EmbarkStudios/cargo-deny-action@30f817c6f72275c6d54dc744fbca09ebc958599f # v2.0.12 with: command: check ${{ matrix.checks }} @@ -126,7 +126,7 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN_VERSION }} components: rustfmt @@ -139,7 +139,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3 + uses: awalsh128/cache-apt-pkgs-action@4c82c3ccdc1344ee11e9775dbdbdf43aa8a5614e # v1.5.1 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -147,11 +147,11 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: clippy - - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 with: key: clippy cache-all-crates: "true" @@ -178,18 +178,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3 + uses: awalsh128/cache-apt-pkgs-action@4c82c3ccdc1344ee11e9775dbdbdf43aa8a5614e # v1.5.1 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive - - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt - - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 with: key: doc cache-all-crates: "true" @@ -201,7 +201,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3 + uses: awalsh128/cache-apt-pkgs-action@4c82c3ccdc1344ee11e9775dbdbdf43aa8a5614e # v1.5.1 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -209,10 +209,10 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 with: key: test cache-all-crates: "true" @@ -261,7 +261,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3 + uses: awalsh128/cache-apt-pkgs-action@4c82c3ccdc1344ee11e9775dbdbdf43aa8a5614e # v1.5.1 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ubuntu-latest @@ -274,10 +274,10 @@ jobs: with: version: v3.16.1 - name: Set up cargo - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} - - uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8 + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2.8.0 with: key: charts cache-all-crates: "true" @@ -332,7 +332,7 @@ jobs: IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }} steps: - name: Install host dependencies - uses: awalsh128/cache-apt-pkgs-action@5902b33ae29014e6ca012c5d8025d4346556bd40 # v1.4.3 + uses: awalsh128/cache-apt-pkgs-action@4c82c3ccdc1344ee11e9775dbdbdf43aa8a5614e # v1.5.1 with: packages: protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config apt-transport-https version: ${{ matrix.runner }} @@ -340,8 +340,8 @@ jobs: with: persist-credentials: false submodules: recursive - - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31.4.0 - - uses: dtolnay/rust-toolchain@56f84321dbccf38fb67ce29ab63e4754056677e0 + - uses: cachix/install-nix-action@f0fe604f8a612776892427721526b4c7cfb23aba # v31.4.1 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }} components: rustfmt @@ -376,9 +376,9 @@ jobs: # Recreate charts and publish charts and docker image. - name: Install cosign - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 + uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 - name: Install syft - uses: anchore/sbom-action/download-syft@e11c554f704a0b820cbf8c51673f6945e0731532 # v0.20.0 + uses: anchore/sbom-action/download-syft@cee1b8e05ae5b2593a75e197229729eabaa9f8ec # v0.20.2 - name: Build Docker image and Helm chart run: | # Installing helm and yq on ubicloud-standard-8-arm only @@ -421,7 +421,7 @@ jobs: OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build" steps: - name: Install cosign - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 + uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: diff --git a/template/.github/workflows/integration-test.yml b/template/.github/workflows/integration-test.yml index 321a0387..a57036b8 100644 --- a/template/.github/workflows/integration-test.yml +++ b/template/.github/workflows/integration-test.yml @@ -86,7 +86,7 @@ jobs: - name: Run Integration Test id: test - uses: stackabletech/actions/run-integration-test@5901c3b1455488820c4be367531e07c3c3e82538 # v0.4.0 + uses: stackabletech/actions/run-integration-test@4483641a7e24057bd2ba51cb4c3f2f0010ad21b7 # v0.8.4 with: test-platform: ${{ env.TEST_PLATFORM }}-${{ env.TEST_ARCHITECTURE }} test-run: ${{ env.TEST_RUN }} @@ -117,3 +117,18 @@ jobs: } ] } + # TODO: Update to version 2.1.0. This could look something like. + # uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 + # with: + # method: chat.postMessage + # token: ${{ secrets.SLACK_INTEGRATION_TEST_TOKEN }} + # payload: | + # channel: "C07UYJYSMSN" # notifications-integration-tests + # text: "Integration Test *${{ github.repository }}* failed" + # attachments: + # - pretext: "Started at ${{ steps.test.outputs.start-time }}, failed at ${{ steps.test.outputs.end-time }}" + # color: "#aa0000" + # actions: + # - type: button + # text: Go to integration test run + # url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" diff --git a/template/nix/sources.json b/template/nix/sources.json index 0483f25b..1b5af204 100644 --- a/template/nix/sources.json +++ b/template/nix/sources.json @@ -29,10 +29,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b1bebd0fe266bbd1820019612ead889e96a8fa2d", - "sha256": "0fl2dji5whjydbxby9b7kqyqx9m4k44p72x1q28kfnx5m67nyqij", + "rev": "9b008d60392981ad674e04016d25619281550a9d", + "sha256": "1pxnwzrwcgasascapd6f0l8ricv6dgads3rgz2m45hyny80720cs", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/b1bebd0fe266bbd1820019612ead889e96a8fa2d.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/9b008d60392981ad674e04016d25619281550a9d.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } From 2445a913fcc75505d2fbc8b15d72435d4509eed8 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Wed, 9 Jul 2025 12:56:06 +0200 Subject: [PATCH 2/2] Add comment on future work --- template/.github/workflows/integration-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/template/.github/workflows/integration-test.yml b/template/.github/workflows/integration-test.yml index a57036b8..767f57e9 100644 --- a/template/.github/workflows/integration-test.yml +++ b/template/.github/workflows/integration-test.yml @@ -117,7 +117,10 @@ jobs: } ] } - # TODO: Update to version 2.1.0. This could look something like. + # TODO: Update to version 2.1.0. This could look something like the following. + # The workflow is currently not in use, testing that the new version still works imposes effort. + # So I left it as a future exercise, but saved the current state. + # # uses: slackapi/slack-github-action@b0fa283ad8fea605de13dc3f449259339835fc52 # v2.1.0 # with: # method: chat.postMessage