From 40096b668460a7853e845a3feaa1bb4429214d0c Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 18 Jul 2022 07:56:33 +0300
Subject: [PATCH 1/6] Remove unused Dependabot related workflow

---
 .github/workflows/dependabot.yml | 43 --------------------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 .github/workflows/dependabot.yml

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
deleted file mode 100644
index 4ef42a82e6..0000000000
--- a/.github/workflows/dependabot.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-name: Dependabot
-on:
-  pull_request:
-    paths:
-      - 'go.mod'
-
-env:
-  GOPROXY: https://proxy.golang.org
-  GOPATH: ${{ github.workspace }}/go
-
-permissions:
-  contents: write
-
-jobs:
-  update-go-modules:
-    if:  startsWith(github.head_ref, 'dependabot/')
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Set up go
-        uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
-        with:
-          go-version: 1.18.1
-
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          fetch-depth: 0
-          path: ${{ env.GOPATH }}/src/k8s.io/kops
-
-      - name: Update go modules
-        working-directory: ${{ env.GOPATH }}/src/k8s.io/kops
-        run: |
-          make gomod
-
-      - name: Commit files
-        working-directory: ${{ env.GOPATH }}/src/k8s.io/kops
-        run: |
-          git diff --exit-code && exit 0
-          git config --local user.email actions@github.com
-          git config --local user.name "GitHub Actions Dependabot Update"
-          git add .
-          git commit -m "Update go modules"
-          git push origin "HEAD:$GITHUB_HEAD_REF"

From 50ca8b3f4d98e757f70d12d23779a8253c6e1f87 Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 18 Jul 2022 07:58:10 +0300
Subject: [PATCH 2/6] Run dependency review only on go.mod changes

---
 .github/workflows/depsreview.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index a25de591ba..3861ab7815 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -1,5 +1,9 @@
 name: 'Dependency Review'
-on: [pull_request]
+
+on:
+  pull_request:
+    paths:
+      - 'go.mod'
 
 permissions:
   contents: read

From 1ed829e0cf8a2609637d7cc8dd368bf5541a29fa Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 18 Jul 2022 08:01:40 +0300
Subject: [PATCH 3/6] Update workflow names and quoting style

---
 .github/workflows/depsreview.yaml | 4 ++--
 .github/workflows/tag-release.yml | 2 +-
 .github/workflows/update-deps.yml | 5 +++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index 3861ab7815..7022f64b05 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -1,4 +1,4 @@
-name: 'Dependency Review'
+name: 'Review Dependencies'
 
 on:
   pull_request:
@@ -14,5 +14,5 @@ jobs:
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@v3
-      - name: 'Dependency Review'
+      - name: 'Review Dependencies'
         uses: actions/dependency-review-action@v2
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index e1c494bf8d..2056d4fea5 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -1,4 +1,4 @@
-name: tag-release
+name: 'Tag Release'
 
 on:
   push:
diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml
index 15fd7f45ff..9c4aa12c25 100644
--- a/.github/workflows/update-deps.yml
+++ b/.github/workflows/update-deps.yml
@@ -1,8 +1,9 @@
-name: "update-deps"
+name: 'Update Dependencies'
+
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 6 * * 5"
+    - cron: '0 6 * * 5'
 
 env:
   GOPROXY: https://proxy.golang.org

From 42078c2b4fb0dec42ea4d4d92096171777f6fa2b Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 18 Jul 2022 08:05:50 +0300
Subject: [PATCH 4/6] Re-add Dependabot for action updates

---
 .github/dependabot.yml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..a914d5f87c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+    day: "sunday"
+  labels:
+  - "ok-to-test"

From 451256f966cb05ec3aa2427587b94ac96f0327ec Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 18 Jul 2022 08:09:54 +0300
Subject: [PATCH 5/6] Use hashes for actions versions

---
 .github/workflows/depsreview.yaml | 4 ++--
 .github/workflows/main.yml        | 8 ++++----
 .github/workflows/tag-release.yml | 2 +-
 .github/workflows/update-deps.yml | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index 7022f64b05..c49df67e6b 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -13,6 +13,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@v3
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - name: 'Review Dependencies'
-        uses: actions/dependency-review-action@v2
+        uses: actions/dependency-review-action@94145f3150bfabdc97540cbd5f7e926306ea7744
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 482cc54f26..c3b0a96633 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -21,7 +21,7 @@ jobs:
         with:
           go-version: 1.18.1
 
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           path: ${{ env.GOPATH }}/src/k8s.io/kops
 
@@ -38,7 +38,7 @@ jobs:
       with:
         go-version: 1.18.1
 
-    - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       with:
         path: ${{ env.GOPATH }}/src/k8s.io/kops
 
@@ -55,7 +55,7 @@ jobs:
       with:
         go-version: 1.18.1
 
-    - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+    - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       with:
         path: ${{ env.GOPATH }}/src/k8s.io/kops
 
@@ -72,7 +72,7 @@ jobs:
         with:
           go-version: 1.18.1
 
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
         with:
           path: ${{ env.GOPATH }}/src/k8s.io/kops
 
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
index 2056d4fea5..3d22297722 100644
--- a/.github/workflows/tag-release.yml
+++ b/.github/workflows/tag-release.yml
@@ -17,7 +17,7 @@ jobs:
       contents: write
 
     steps:
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2 https://api.github.com/repos/actions/checkout/git/tags/629c2de402a417ea7690ca6ce3f33229e27606a5
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - run: /usr/bin/git config --global user.email actions@github.com
       - run: /usr/bin/git config --global user.name 'GitHub Actions Release Tagger'
       - run: hack/tag-release.sh
diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml
index 9c4aa12c25..4ee29e105c 100644
--- a/.github/workflows/update-deps.yml
+++ b/.github/workflows/update-deps.yml
@@ -16,10 +16,10 @@ jobs:
   update-deps:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5
       - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923
         with:
           go-version: '1.18'
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - name: Update Dependencies
         id: update_deps
         run: |

From 982f584ed3578d51b58e2a7e2923ee9ce100fc3f Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Mon, 18 Jul 2022 08:12:15 +0300
Subject: [PATCH 6/6] Run dependency related workflows only for the official
 kOps repo

---
 .github/workflows/depsreview.yaml | 3 ++-
 .github/workflows/update-deps.yml | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/depsreview.yaml b/.github/workflows/depsreview.yaml
index c49df67e6b..3abf437522 100644
--- a/.github/workflows/depsreview.yaml
+++ b/.github/workflows/depsreview.yaml
@@ -10,7 +10,8 @@ permissions:
 
 jobs:
   dependency-review:
-    runs-on: ubuntu-latest
+    if: ${{ github.repository == 'kubernetes/kops' }}
+    runs-on: ubuntu-20.04
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml
index 4ee29e105c..b944cc3d66 100644
--- a/.github/workflows/update-deps.yml
+++ b/.github/workflows/update-deps.yml
@@ -14,6 +14,7 @@ permissions:
 
 jobs:
   update-deps:
+    if: ${{ github.repository == 'kubernetes/kops' }}
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/setup-go@b22fbbc2921299758641fab08929b4ac52b32923