diff --git a/.github/workflows/admin.yml b/.github/workflows/admin.yml index 5720120856..64a3e9756a 100644 --- a/.github/workflows/admin.yml +++ b/.github/workflows/admin.yml @@ -18,6 +18,9 @@ on: - "update/**" - "vmproxy/**" +permissions: + contents: read + jobs: test: name: Tests @@ -31,16 +34,16 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go release - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: ${{ github.workspace }}/go.mod cache: false - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -49,7 +52,7 @@ jobs: ${{ runner.os }}-go-build- - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} @@ -65,7 +68,7 @@ jobs: run: make test-cover - name: Upload coverage results - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: file: cover.out flags: admin @@ -94,16 +97,16 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go release - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: ${{ github.workspace }}/go.mod cache: false - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -112,7 +115,7 @@ jobs: ${{ runner.os }}-go-build- - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} @@ -152,7 +155,7 @@ jobs: - name: Attach the report on failure if: failure() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "report-${{ matrix.go-version }}-${{ matrix.test-type }}" path: ${{ github.workspace }}/cli-tests/playwright-report/ diff --git a/.github/workflows/agent.yml b/.github/workflows/agent.yml index a1b6ec790f..86c6c9b537 100644 --- a/.github/workflows/agent.yml +++ b/.github/workflows/agent.yml @@ -19,6 +19,9 @@ on: - "update/**" - "vmproxy/**" +permissions: + contents: read + jobs: test: name: Tests @@ -63,16 +66,16 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go release - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: ${{ github.workspace }}/go.mod cache: false - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -81,7 +84,7 @@ jobs: ${{ runner.os }}-go-build- - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} @@ -102,7 +105,7 @@ jobs: run: make test-cover - name: Upload coverage results - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: file: cover.out flags: agent diff --git a/.github/workflows/api-tests.yml b/.github/workflows/api-tests.yml index 7737a890ef..fa6c539231 100644 --- a/.github/workflows/api-tests.yml +++ b/.github/workflows/api-tests.yml @@ -60,6 +60,9 @@ on: required: true type: string +permissions: + contents: read + jobs: test: name: Tests @@ -74,12 +77,12 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.BRANCH }} - name: Login to docker.io registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: docker.io username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -144,7 +147,7 @@ jobs: - name: Upload the logs on failure if: ${{ failure() }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "logs.zip" path: ${{ github.workspace }}/logs.zip diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml index 0f7cf8fb07..b7f0198985 100644 --- a/.github/workflows/clean.yml +++ b/.github/workflows/clean.yml @@ -4,6 +4,9 @@ on: # run every Saturday - cron: "0 12 * * 6" +permissions: + contents: read + jobs: clean: name: Clean caches @@ -36,7 +39,7 @@ jobs: env: # to avoid error due to `go version` accepting -v flag with an argument since 1.15 GOFLAGS: "" - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ matrix.go.version }} @@ -52,19 +55,19 @@ jobs: echo "GOROOT=$HOME/gotip" >> $GITHUB_ENV echo "$HOME/gotip/bin" >> $GITHUB_PATH - name: Check out code into the Go module directory - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: lfs: true - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ matrix.os }}-go-${{ matrix.go.version }}-modules-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ matrix.os }}-go-${{ matrix.go.version }}-modules- - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ matrix.os }}-go-${{ matrix.go.version }}-build-${{ github.ref }}-${{ hashFiles('**') }} diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml index fd70397013..2104d7b2a3 100644 --- a/.github/workflows/dependabot.yml +++ b/.github/workflows/dependabot.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml index c4c105aaba..70046a8c42 100644 --- a/.github/workflows/devcontainer.yml +++ b/.github/workflows/devcontainer.yml @@ -15,6 +15,9 @@ on: required: true type: string +permissions: + contents: read + jobs: devcontainer: name: Build @@ -31,29 +34,29 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.inputs.branch }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Login to ghcr.io registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to docker.io registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: docker.io username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Build and push to registries - uses: docker/build-push-action@v6 + uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: file: ./devcontainer.Dockerfile push: true diff --git a/.github/workflows/doc.yml b/.github/workflows/doc.yml index 4aefa14550..b3c0dbfdd8 100644 --- a/.github/workflows/doc.yml +++ b/.github/workflows/doc.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Detect PMM version and API ID run: | @@ -33,11 +33,11 @@ jobs: echo "ID=$ID" >> $GITHUB_ENV - name: API - uses: readmeio/rdme@v8 + uses: readmeio/rdme@51a80867c45de15e2b41af0c4bd5bbc61b932804 # v8.6.6 with: rdme: openapi ./api/swagger/swagger.json --id=${{ env.ID }} --key=${{ secrets.README_TOKEN }} - name: Markdown docs - uses: readmeio/rdme@v8 + uses: readmeio/rdme@51a80867c45de15e2b41af0c4bd5bbc61b932804 # v8.6.6 with: rdme: docs docs/api --version=${{ env.VERSION }} --key=${{ secrets.README_TOKEN }} diff --git a/.github/workflows/dockerhub-readme.yml b/.github/workflows/dockerhub-readme.yml index 83ee9454d6..ca840cdf89 100644 --- a/.github/workflows/dockerhub-readme.yml +++ b/.github/workflows/dockerhub-readme.yml @@ -12,10 +12,10 @@ jobs: runs-on: ubuntu-latest environment: Production steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Update Docker Hub Readme for perconalab/pmm-server - uses: peter-evans/dockerhub-description@v4 + uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -23,7 +23,7 @@ jobs: readme-filepath: ./build/docker/server/README.md - name: Update Docker Hub Readme for percona/pmm-server - uses: peter-evans/dockerhub-description@v4 + uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a1a7a163d1..aacc1bda2e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,16 +19,16 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go release - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: ${{ github.workspace }}/go.mod cache: false - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -37,7 +37,7 @@ jobs: ${{ runner.os }}-go-build- - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} @@ -81,7 +81,7 @@ jobs: run: bin/go-sumtype ./... - name: Run linters - uses: reviewdog/action-golangci-lint@v2 + uses: reviewdog/action-golangci-lint@7708105983c614f7a2725e2172908b7709d1c3e4 # v2.6.2 with: github_token: ${{ secrets.ROBOT_TOKEN || secrets.GITHUB_TOKEN }} go_version_file: ${{ github.workspace }}/go.mod @@ -127,7 +127,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Run Merge Gatekeeper - uses: upsidr/merge-gatekeeper@v1.2.1 + uses: upsidr/merge-gatekeeper@09af7a82c1666d0e64d2bd8c01797a0bcfd3bb5d # v1.2.1 with: self: Merge Gatekeeper token: ${{ secrets.GITHUB_TOKEN }} @@ -151,7 +151,7 @@ jobs: steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@v2.3.2 + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # v2.3.2 workflow_failure: if: ${{ failure() }} @@ -169,4 +169,4 @@ jobs: steps: - name: Slack Notification - uses: rtCamp/action-slack-notify@v2.3.2 + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 # v2.3.2 diff --git a/.github/workflows/managed.yml b/.github/workflows/managed.yml index 75a487264c..2adc61d054 100644 --- a/.github/workflows/managed.yml +++ b/.github/workflows/managed.yml @@ -18,6 +18,9 @@ on: - 'update/**' - 'vmproxy/**' +permissions: + contents: read + jobs: test: name: Tests @@ -36,11 +39,11 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Enable Go build cache if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -50,7 +53,7 @@ jobs: - name: Enable Go modules cache if: ${{ fromJSON(env.DEVCONTAINER_CACHE_ENABLED) }} - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} @@ -91,7 +94,7 @@ jobs: run: docker exec -i pmm-server make -C managed test-update - name: Upload coverage results - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: file: managed/cover.out flags: managed diff --git a/.github/workflows/qan-api2.yml b/.github/workflows/qan-api2.yml index 7a0a8f9eeb..791bd4bb05 100644 --- a/.github/workflows/qan-api2.yml +++ b/.github/workflows/qan-api2.yml @@ -19,6 +19,9 @@ on: - "update/**" - "vmproxy/**" +permissions: + contents: read + jobs: test: name: Tests @@ -32,16 +35,16 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go release - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: ${{ github.workspace }}/go.mod cache: false - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -50,7 +53,7 @@ jobs: ${{ runner.os }}-go-build- - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/release-doc.yml b/.github/workflows/release-doc.yml index b60835675d..56c3cf48b5 100644 --- a/.github/workflows/release-doc.yml +++ b/.github/workflows/release-doc.yml @@ -3,8 +3,13 @@ on: push: tags: - v[0-9]+.[0-9]+.[0-9]+* +permissions: + contents: read + jobs: release: + permissions: + contents: write # for softprops/action-gh-release to create GitHub release if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-22.04 steps: @@ -25,7 +30,7 @@ jobs: grep -rl '!!! note alert alert-primary' ${{ github.workspace }}-CHANGELOG.txt | xargs --no-run-if-empty sed -i 's/\!\!\! note alert alert-primary "\(.*\)"/\> \:memo\: **\1**/g' grep -rl '!!! note alert alert-primary' ${{ github.workspace }}-CHANGELOG.txt | xargs --no-run-if-empty sed -i 's/\!\!\! note alert alert-primary/\> \:memo\: **Note**/g' - name: Create Release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: body_path: ${{ github.workspace }}-CHANGELOG.txt draft: true diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 2acc444c22..13a3a0caff 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -10,16 +10,16 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create SBOM for PMM - uses: anchore/sbom-action@v0 + uses: anchore/sbom-action@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7 with: file: go.mod artifact-name: pmm.spdx.json - name: Publish SBOM for PMM - uses: anchore/sbom-action/publish-sbom@v0 + uses: anchore/sbom-action/publish-sbom@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7 with: sbom-artifact-match: ".*\\.spdx\\.json$" @@ -27,15 +27,15 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Create SBOM for vmproxy - uses: anchore/sbom-action@v0 + uses: anchore/sbom-action@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7 with: path: ./vmproxy artifact-name: vmproxy.spdx.json - name: Publish SBOM for vmproxy - uses: anchore/sbom-action/publish-sbom@v0 + uses: anchore/sbom-action/publish-sbom@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7 with: sbom-artifact-match: ".*\\.spdx\\.json$" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ff4523f6e5..273ae863d6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -43,6 +43,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 with: sarif_file: results.sarif diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 0403edcd19..7601e7da84 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -18,6 +18,9 @@ on: - "qan-api2/**" - "vmproxy/**" +permissions: + contents: read + jobs: build: name: Build @@ -42,7 +45,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker Up run: docker compose up -d @@ -63,7 +66,7 @@ jobs: run: docker exec pmm-update-server make -C /root/go/src/github.com/percona/pmm/update run-race-cover RUN_FLAGS='-debug -check' - name: Upload coverage results - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: file: cover.out flags: update diff --git a/.github/workflows/vmproxy.yml b/.github/workflows/vmproxy.yml index 9ad4605176..f6730017f2 100644 --- a/.github/workflows/vmproxy.yml +++ b/.github/workflows/vmproxy.yml @@ -19,6 +19,9 @@ on: - "qan-api2/**" - "update/**" +permissions: + contents: read + jobs: test: name: Tests @@ -32,16 +35,16 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go release - uses: actions/setup-go@v5 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: ${{ github.workspace }}/go.mod cache: false - name: Enable Go build cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }} @@ -50,7 +53,7 @@ jobs: ${{ runner.os }}-go-build- - name: Enable Go modules cache - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }} @@ -67,7 +70,7 @@ jobs: run: make test-cover - name: Upload coverage results - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 with: file: cover.out flags: vmproxy