Merge pull request #13995 from hakman/update_github_workflows

Update GitHub workflows

.github/dependabot.yml

@@ -0,0 +1,9 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+    day: "sunday"
+  labels:
+  - "ok-to-test"

.github/workflows/dependabot.yml

@@ -1,43 +0,0 @@
-name: Dependabot
-on:
-  pull_request:
-    paths:
-      - 'go.mod'
-
-env:
-  GOPROXY: https://proxy.golang.org
-  GOPATH: ${{ github.workspace }}/go
-
-permissions:
-  contents: write
-
-jobs:
-  update-go-modules:
-    if:  startsWith(github.head_ref, 'dependabot/')
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Set up go
-        uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
-        with:
-          go-version: 1.18.1
-
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-          path: ${{ env.GOPATH }}/src/k8s.io/kops
-
-      - name: Update go modules
-        working-directory: ${{ env.GOPATH }}/src/k8s.io/kops
-        run: |
-          make gomod
-
-      - name: Commit files
-        working-directory: ${{ env.GOPATH }}/src/k8s.io/kops
-        run: |
-          git diff --exit-code && exit 0
-          git config --local user.email actions@github.com
-          git config --local user.name "GitHub Actions Dependabot Update"
-          git add .
-          git commit -m "Update go modules"
-          git push origin "HEAD:$GITHUB_HEAD_REF"

.github/workflows/depsreview.yaml

@@ -1,14 +1,19 @@
-name: 'Dependency Review'
-on: [pull_request]
+name: 'Review Dependencies'
+
+on:
+  pull_request:
+    paths:
+      - 'go.mod'
 
 permissions:
   contents: read
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-latest
+    if: ${{ github.repository == 'kubernetes/kops' }}
+    runs-on: ubuntu-20.04
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v2
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+      - name: 'Review Dependencies'
+        uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744

.github/workflows/main.yml

@@ -21,7 +21,7 @@ jobs:
         with:
           go-version: 1.18.4
 
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           path: ${{ env.GOPATH }}/src/k8s.io/kops
 
@@ -38,7 +38,7 @@ jobs:
       with:
         go-version: 1.18.4
 
-    - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       with:
         path: ${{ env.GOPATH }}/src/k8s.io/kops
 
@@ -55,7 +55,7 @@ jobs:
       with:
         go-version: 1.18.4
 
-    - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       with:
         path: ${{ env.GOPATH }}/src/k8s.io/kops
 
@@ -72,7 +72,7 @@ jobs:
         with:
           go-version: 1.18.4
 
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           path: ${{ env.GOPATH }}/src/k8s.io/kops
 

.github/workflows/tag-release.yml

@@ -1,4 +1,4 @@
-name: tag-release
+name: 'Tag Release'
 
 on:
   push:
@@ -17,7 +17,7 @@ jobs:
       contents: write
 
     steps:
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - run: /usr/bin/git config --global user.email actions@github.com
       - run: /usr/bin/git config --global user.name 'GitHub Actions Release Tagger'
       - run: hack/tag-release.sh

.github/workflows/update-deps.yml

@@ -1,8 +1,9 @@
-name: "update-deps"
+name: 'Update Dependencies'
+
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 6 * * 5"
+    - cron: '0 6 * * 5'
 
 env:
   GOPROXY: https://proxy.golang.org
@@ -13,12 +14,13 @@ permissions:
 
 jobs:
   update-deps:
+    if: ${{ github.repository == 'kubernetes/kops' }}
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5
       - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
         with:
           go-version: '1.18'
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - name: Update Dependencies
         id: update_deps
         run: |