ci: Bump action versions (#772)

Techassi · web-flow · commit 462c03188c80 · 2024-04-29T09:08:42.000Z
* ci: Bump action versions * Add and adjust changelogs * Revert zeroize bump Revert the bump to 1.8.0 because that version was yanked. Use 1.7.0 again. See RustCrypto/utils#1067 * Update changelogs * Update PR link
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -30,7 +30,7 @@ jobs:
     env:
       RUSTC_BOOTSTRAP: 1
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
@@ -53,16 +53,16 @@ jobs:
     continue-on-error: ${{ matrix.checks == 'advisories' }}
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
-      - uses: EmbarkStudios/cargo-deny-action@b01e7a8cfb1f496c52d77361e84c1840d8246393 # v1.6.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3
         with:
           command: check ${{ matrix.checks }}
 
   run_rustfmt:
     name: Run Rustfmt
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
@@ -80,7 +80,7 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install protobuf-compiler krb5-user libkrb5-dev libclang-dev liblzma-dev libssl-dev pkg-config
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           submodules: recursive
       - uses: dtolnay/rust-toolchain@master
@@ -91,6 +91,9 @@ jobs:
         with:
           key: clippy
       - name: Run clippy action to produce annotations
+        # NOTE (@Techassi): This action might get a new release sonn, because it
+        # currently uses Node 16, which is deprecated in the next few months by
+        # GitHub. See https://github.com/giraffate/clippy-action/pull/87
         uses: giraffate/clippy-action@13b9d32482f25d29ead141b79e7e04e7900281e0 # v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -109,7 +112,7 @@ jobs:
     name: Run RustDoc
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
@@ -128,7 +131,7 @@ jobs:
       - run_rustdoc
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ env.RUST_TOOLCHAIN_VERSION }}
diff --git a/.github/workflows/daily_security.yml b/.github/workflows/daily_security.yml
@@ -10,7 +10,7 @@ jobs:
   audit:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - uses: rustsec/audit-check@dd51754d4e59da7395a4cd9b593f0ff2d61a9b95 # v1.4.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/reviewdog.yaml b/.github/workflows/reviewdog.yaml
@@ -13,31 +13,31 @@ jobs:
   actionlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
-      - uses: reviewdog/action-actionlint@c6ee1eb0a5d47b2af53a203652b5dac0b6c4016e # v1.43.0
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: reviewdog/action-actionlint@9d8b58041eed1373f173e91b9a3db5a844197236 # v1.44.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
   detect-secrets:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
-      - uses: reviewdog/action-detect-secrets@0e73b2b1a12077c3c29a99fc633e87032eb3dc82 # v0.19.0
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: reviewdog/action-detect-secrets@94733b0db23052b787e9cc4b7542a8ddb36758da # v0.20.0
         with:
           github_token: ${{ secrets.github_token }}
 
   markdownlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
-      - uses: reviewdog/action-markdownlint@6e02140816b5fcc7295ea7ae2a664af18190ff29 # v0.14.0
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: reviewdog/action-markdownlint@7c945172feb13e44779783ebae77cdd185607a7f # v0.17.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
   yamllint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
-      - uses: reviewdog/action-yamllint@81750f17598452d2e2656b7281a55788abafc205 # v1.17.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: reviewdog/action-yamllint@04e023c110e088170fb3dea6ab7bea64f04d0db0 # v1.13.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 Please see the relevant crate changelogs:
 
 - [stackable-certs](./crates/stackable-certs/CHANGELOG.md)
-- [stackable-operator-derive](./crates/stackable-operator-derive/CHANGELOG.md)
 - [stackable-operator](./crates/stackable-operator/CHANGELOG.md)
+- [stackable-operator-derive](./crates/stackable-operator-derive/CHANGELOG.md)
+- [stackable-telemetry](./crates/stackable-telemetry/CHANGELOG.md)
 - [stackable-webhook](./crates/stackable-webhook/CHANGELOG.md)
diff --git a/Cargo.toml b/Cargo.toml
@@ -69,7 +69,11 @@ tracing-opentelemetry = "0.23.0"
 tracing-subscriber = { version = "0.3.18", features = ["env-filter"] }
 url = { version = "2.5.0", features = ["serde"] }
 x509-cert = { version = "0.2.5", features = ["builder"] }
-zeroize = "1.8.0"
+# NOTE (@Techassi): This was previously bumped to 1.8.0 in 6d6615b, but that
+# version was since yanked from crates.io. This can be bumped again once 1.8.0
+# is re-released.
+# See https://github.com/RustCrypto/utils/issues/1067
+zeroize = "1.7.0"
 
 # Use O3 in tests to improve the RSA key generation speed in the stackable-certs crate
 [profile.test.package.stackable-certs]
diff --git a/crates/stackable-certs/CHANGELOG.md b/crates/stackable-certs/CHANGELOG.md
@@ -10,9 +10,12 @@ All notable changes to this project will be documented in this file.
 - BREAKING: Bump k8s compilation version to `1.29`. Also bump all dependencies.
   There are some breaking changes in k8s-openapi, e.g. PVCs now have `VolumeResourceRequirements` instead of `ResourceRequirements`,
   and `PodAffinityTerm` has two new fields `match_label_keys` and `mismatch_label_keys` ([#769]).
+- Bump GitHub workflow actions ([#772]).
+- Revert `zeroize` version bump ([#772]).
 
 [#762]: https://github.com/stackabletech/operator-rs/pull/762
 [#769]: https://github.com/stackabletech/operator-rs/pull/769
+[#772]: https://github.com/stackabletech/operator-rs/pull/772
 
 ## [0.2.0] - 2024-03-26
 
diff --git a/crates/stackable-operator-derive/CHANGELOG.md b/crates/stackable-operator-derive/CHANGELOG.md
@@ -9,5 +9,8 @@ All notable changes to this project will be documented in this file.
 ### Changed
 
 - Update Rust to 1.77 ([#759])
+- Bump GitHub workflow actions ([#772]).
+- Revert `zeroize` version bump ([#772]).
 
 [#759]: https://github.com/stackabletech/operator-rs/pull/759
+[#772]: https://github.com/stackabletech/operator-rs/pull/772
diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Changed
+
+- Bump GitHub workflow actions ([#772]).
+- Revert `zeroize` version bump ([#772]).
+
+[#772]: https://github.com/stackabletech/operator-rs/pull/772
+
 ## [0.67.0] - 2024-04-25
 
 ### Changed
diff --git a/crates/stackable-telemetry/CHANGELOG.md b/crates/stackable-telemetry/CHANGELOG.md
@@ -0,0 +1,12 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [Unreleased]
+
+### Changed
+
+- Bump GitHub workflow actions ([#772]).
+- Revert `zeroize` version bump ([#772]).
+
+[#772]: https://github.com/stackabletech/operator-rs/pull/772
diff --git a/crates/stackable-webhook/CHANGELOG.md b/crates/stackable-webhook/CHANGELOG.md
@@ -15,11 +15,14 @@ All notable changes to this project will be documented in this file.
 - BREAKING: Bump k8s compilation version to `1.29`. Also bump all dependencies.
   There are some breaking changes in k8s-openapi, e.g. PVCs now have `VolumeResourceRequirements` instead of `ResourceRequirements`,
   and `PodAffinityTerm` has two new fields `match_label_keys` and `mismatch_label_keys` ([#769]).
+- Bump GitHub workflow actions ([#772]).
+- Revert `zeroize` version bump ([#772]).
 
 [#758]: https://github.com/stackabletech/operator-rs/pull/758
 [#762]: https://github.com/stackabletech/operator-rs/pull/762
 [#767]: https://github.com/stackabletech/operator-rs/pull/767
 [#769]: https://github.com/stackabletech/operator-rs/pull/769
+[#772]: https://github.com/stackabletech/operator-rs/pull/772
 
 ## [0.2.0] - 2024-03-26
 
