From 2400718d816d17e9eb908a6d4580311bbe733e90 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Sat, 26 Nov 2022 14:05:57 +0100
Subject: [PATCH 1/2] ci: update github actions

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/build.yml           | 16 +++---
 .github/workflows/codeql-analysis.yml | 83 +++++++++++----------------
 .github/workflows/conformance.yml     |  6 +-
 .github/workflows/e2e.yml             |  9 ++-
 .github/workflows/fossa.yml           |  2 +-
 5 files changed, 47 insertions(+), 69 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2de6c33ce..1bfd12358 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,8 +8,6 @@ on:
     tags:
       - 'v*'
   pull_request:
-    branches:
-      - '*'
 
 env:
   DOCKERHUB_SLUG: distribution/distribution
@@ -49,13 +47,13 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
         name: Docker meta
         id: meta
-        uses: docker/metadata-action@v3
+        uses: docker/metadata-action@v4
         with:
           images: |
             ${{ env.DOCKERHUB_SLUG }}
@@ -80,17 +78,17 @@ jobs:
             org.opencontainers.image.description=The toolkit to pack, ship, store, and deliver container content
       -
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
       -
         name: Login to DockerHub
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build artifacts
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: artifact-all
       -
@@ -99,14 +97,14 @@ jobs:
           mv ./bin/**/* ./bin/
       -
         name: Upload artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: registry
           path: ./bin/*
           if-no-files-found: error
       -
         name: Build image
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           files: |
             ./docker-bake.hcl
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 6155a3fe6..811d943c9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,63 +1,44 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
+name: CodeQL
 
 on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
   schedule:
-    - cron: '41 13 * * 1'
+    - cron: '0 12 * * 6'
+  push:
+    branches:
+      - 'main'
+      - 'release/*'
+    tags:
+      - 'v*'
+  pull_request:
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
+        language:
+          - go
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+      -
+        name: Checkout HEAD on PR
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          git checkout HEAD^2
+      -
+        name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+      -
+        name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+      -
+        name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 904a5bd7d..1ec7d8ec8 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -10,12 +10,12 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
         name: Build image
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: image-local
       -
@@ -42,7 +42,7 @@ jobs:
         run: mkdir -p .out/ && mv {report.html,junit.xml} .out/
       -
         name: Upload test results
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: oci-test-results-${{ github.sha }}
           path: .out/
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 0b3c67fea..aabe45905 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -3,10 +3,9 @@ name: e2e
 on:
   push:
     branches:
-      - main
+      - 'main'
+      - 'release/*'
   pull_request:
-    branches:
-      - main
 
 jobs:
   run-e2e-test:
@@ -14,12 +13,12 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       -
         name: Build image
-        uses: docker/bake-action@v1
+        uses: docker/bake-action@v2
         with:
           targets: image-local
       -
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 56cb3faa7..06d7a8e7f 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -10,7 +10,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Run FOSSA scan and upload build data
         uses: fossa-contrib/fossa-action@v1

From b91c9a22f490bf4296a9fac1dcf9d0d257043574 Mon Sep 17 00:00:00 2001
From: CrazyMax <crazy-max@users.noreply.github.com>
Date: Sat, 26 Nov 2022 14:09:19 +0100
Subject: [PATCH 2/2] ci: add concurrency check

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
---
 .github/workflows/build.yml           | 4 ++++
 .github/workflows/codeql-analysis.yml | 4 ++++
 .github/workflows/conformance.yml     | 4 ++++
 .github/workflows/e2e.yml             | 4 ++++
 .github/workflows/fossa.yml           | 4 ++++
 .github/workflows/validate.yml        | 4 ++++
 6 files changed, 24 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 1bfd12358..5f9163fb9 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,5 +1,9 @@
 name: build
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 811d943c9..97780796d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,5 +1,9 @@
 name: CodeQL
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   schedule:
     - cron: '0 12 * * 6'
diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml
index 1ec7d8ec8..5eadc897d 100644
--- a/.github/workflows/conformance.yml
+++ b/.github/workflows/conformance.yml
@@ -1,5 +1,9 @@
 name: conformance
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   pull_request:
   push:
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index aabe45905..dc4495083 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -1,5 +1,9 @@
 name: e2e
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches:
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index 06d7a8e7f..025260896 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -1,5 +1,9 @@
 name: FOSSA License Scanning
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   - pull_request
   - push
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 73e953afa..98035af24 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,5 +1,9 @@
 name: validate
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 on:
   push:
     branches: