From 9c6d5a857f2260356bc6313232296896dcbaca6b Mon Sep 17 00:00:00 2001
From: Robin Hahling <robin.hahling@gw-computing.net>
Date: Wed, 11 Oct 2023 13:10:06 +0200
Subject: [PATCH 1/4] ci: use checksum to pin actions versions

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
---
 .github/workflows/codeql-analysis.yml | 6 +++---
 .github/workflows/tests.yml           | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 71a05b2ec..9c6a21547 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@fdcae64e1484d349b3366718cdfef3d404390e85
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +56,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@fdcae64e1484d349b3366718cdfef3d404390e85
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,4 +69,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@fdcae64e1484d349b3366718cdfef3d404390e85
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 7b6c0af02..1c7cce6bc 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -15,7 +15,7 @@ jobs:
         with:
           submodules: true
       - name: Use Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
         with:
           node-version: '18.x'
       - name: Install dependencies
@@ -28,7 +28,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
       - name: Setup Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
         with:
           go-version: '1.20'
       - name: Check Go module vendoring
@@ -39,14 +39,14 @@ jobs:
           go mod verify
           test -z "$(git status --porcelain)" || (echo "please run 'go mod tidy && go mod vendor', and submit your changes"; exit 1)
       - name: Run Go static checks
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc
         with:
           working-directory: ./backend
           version: v1.53.3
           args: --config=.golangci.yml --verbose --out-${NO_FUTURE}format colored-line-number
           skip-cache: true
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
         with:
           node-version: '18.x'
       - name: Install NPM dependencies

From 9a3785cf5084d33896b2a48a014866ea4c9affd0 Mon Sep 17 00:00:00 2001
From: Robin Hahling <robin.hahling@gw-computing.net>
Date: Wed, 11 Oct 2023 13:11:57 +0200
Subject: [PATCH 2/4] ci: update golangci-lint to v1.54.2

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 1c7cce6bc..79b85c407 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -42,7 +42,7 @@ jobs:
         uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc
         with:
           working-directory: ./backend
-          version: v1.53.3
+          version: v1.54.2
           args: --config=.golangci.yml --verbose --out-${NO_FUTURE}format colored-line-number
           skip-cache: true
       - name: Setup Node.js

From 3cd32a4de87abcef9504fdbfa3f4c5b71a105b9c Mon Sep 17 00:00:00 2001
From: Robin Hahling <robin.hahling@gw-computing.net>
Date: Wed, 11 Oct 2023 13:14:13 +0200
Subject: [PATCH 3/4] ci: consistently run on Ubuntu 22.04

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
---
 .github/workflows/codeql-analysis.yml  | 2 +-
 .github/workflows/images-releases.yaml | 4 ++--
 .github/workflows/images.yaml          | 4 ++--
 .github/workflows/tests.yml            | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9c6a21547..b19ae5272 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -23,7 +23,7 @@ on:
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       actions: read
       contents: read
diff --git a/.github/workflows/images-releases.yaml b/.github/workflows/images-releases.yaml
index 17aa3d22f..f67a4708e 100644
--- a/.github/workflows/images-releases.yaml
+++ b/.github/workflows/images-releases.yaml
@@ -10,7 +10,7 @@ jobs:
   build-and-push:
     if: ${{ github.repository == 'cilium/hubble-ui' }}
     environment: release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         include:
@@ -86,7 +86,7 @@ jobs:
   image-digests:
     if: ${{ github.repository == 'cilium/hubble-ui' }}
     name: Display Digests
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: build-and-push
     steps:
       - name: Getting image tag
diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml
index d5d476e66..dfa01c4b9 100644
--- a/.github/workflows/images.yaml
+++ b/.github/workflows/images.yaml
@@ -13,7 +13,7 @@ on:
 jobs:
   build-and-push-prs:
     if: ${{ github.repository == 'cilium/hubble-ui' }}
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         include:
@@ -113,7 +113,7 @@ jobs:
   image-digests:
     if: ${{ github.repository == 'cilium/hubble-ui' }}
     name: Display Digests
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: build-and-push-prs
     steps:
       - name: Downloading Image Digests
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 79b85c407..5dfba539e 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -9,7 +9,7 @@ on:
 
 jobs:
   frontend:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
         with:
@@ -23,7 +23,7 @@ jobs:
       - name: Run tests
         run: npm test
   backend:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608

From 4193028c7091ed7d2df484a579634e0d1527a4d8 Mon Sep 17 00:00:00 2001
From: Renat Tuktarov <yandzeek@gmail.com>
Date: Wed, 11 Oct 2023 14:11:25 +0400
Subject: [PATCH 4/4] ci: update Go to v1.20.10

Signed-off-by: Robin Hahling <robin.hahling@gw-computing.net>
---
 .github/workflows/tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 5dfba539e..08a0b1142 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
         with:
-          go-version: '1.20'
+          go-version: '1.20.10'
       - name: Check Go module vendoring
         working-directory: ./backend
         run: |