all: children: controllers: hosts: controller: null zuul_unreachable: hosts: {} hosts: controller: ansible_connection: ssh ansible_host: 199.204.45.229 ansible_port: 22 ansible_python_interpreter: auto ansible_user: zuul cilium_helm_values: operator: replicas: 1 cilium_ipv4_cidr: 172.24.0.0/16 kube_vip_address: 172.17.0.100 kube_vip_interface: '{{ ansible_facts[''default_ipv4''].interface }}' kubernetes_hostname: '{{ ansible_facts[''default_ipv4''].address }}' kubernetes_version: 1.34.0 molecule_scenario: helm nodepool: az: nova cloud: public external_id: 0fb743ed-d624-4518-a753-c7e1a8a44679 host_id: dc47ae3b6bd7105f226a81ddfc9102f715bac5cc73984e91b5981caa interface_ip: 199.204.45.229 label: debian-trixie node_properties: {} private_ipv4: 199.204.45.229 private_ipv6: null provider: yul1 public_ipv4: 199.204.45.229 public_ipv6: 2604:e100:1:0:f816:3eff:fea3:c8b9 region: ca-ymq-1 slot: null zuul_node: az: nova cloud: public external_id: 0fb743ed-d624-4518-a753-c7e1a8a44679 host_id: dc47ae3b6bd7105f226a81ddfc9102f715bac5cc73984e91b5981caa interface_ip: 199.204.45.229 label: debian-trixie node_properties: {} private_ipv4: 199.204.45.229 private_ipv6: null provider: yul1 public_ipv4: 199.204.45.229 public_ipv6: 2604:e100:1:0:f816:3eff:fea3:c8b9 region: ca-ymq-1 slot: null uuid: null vars: cilium_helm_values: operator: replicas: 1 kubernetes_version: 1.34.0 molecule_scenario: helm zuul: _inheritance_path: - '' - '' - '' - '' - '' ansible_version: '9' attempts: 1 branch: main build: dde6797fc5864058a97383d39da7b5dd build_refs: - branch: main change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes topic: null buildset: 90aa7809dafc409dbe964cbfa1020cdf buildset_refs: - branch: main change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes topic: null change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 child_jobs: [] commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 event_id: f483c040-18ad-11f1-82de-983357ded420 executor: hostname: 0a8996d2b663 inventory_file: /var/lib/zuul/builds/dde6797fc5864058a97383d39da7b5dd/ansible/inventory.yaml log_root: /var/lib/zuul/builds/dde6797fc5864058a97383d39da7b5dd/work/logs result_data_file: /var/lib/zuul/builds/dde6797fc5864058a97383d39da7b5dd/work/results.json src_root: /var/lib/zuul/builds/dde6797fc5864058a97383d39da7b5dd/work/src work_root: /var/lib/zuul/builds/dde6797fc5864058a97383d39da7b5dd/work include_vars: [] items: - branch: main change: '234' change_message: '[StepSecurity] Apply security best practices ## Summary This pull request has been generated by [StepSecurity](https://app.stepsecurity.io/github/vexxhost/actions/dashboard) as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements. ## Security Fixes ### Harden Runner Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#dangerous-workflow) ### Pinned Dependencies Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure. Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates. - [GitHub Security Guide](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-third-party-actions) - [The Open Source Security Foundation (OpenSSF) Security Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies) ### StepSecurity Maintained Actions Risky GitHub Actions can expose your project to potential security risks. Risky actions have been replaced with StepSecurity maintained actions, that are secure drop-in replacements. - [StepSecurity Maintained Actions](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) ## Feedback For bug reports, feature requests, and general feedback; please create an issue in [step-security/secure-repo](https://github.com/step-security/secure-repo) or contact us via [our website](https://www.stepsecurity.io/). ' change_url: https://github.com/vexxhost/ansible-collection-kubernetes/pull/234 commit_id: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes topic: null job: ansible-collection-kubernetes-molecule-helm jobtags: [] max_attempts: 3 message: W1N0ZXBTZWN1cml0eV0gQXBwbHkgc2VjdXJpdHkgYmVzdCBwcmFjdGljZXMKCiMjIFN1bW1hcnkKClRoaXMgcHVsbCByZXF1ZXN0IGhhcyBiZWVuIGdlbmVyYXRlZCBieSBbU3RlcFNlY3VyaXR5XShodHRwczovL2FwcC5zdGVwc2VjdXJpdHkuaW8vZ2l0aHViL3ZleHhob3N0L2FjdGlvbnMvZGFzaGJvYXJkKSBhcyBwYXJ0IG9mIHlvdXIgZW50ZXJwcmlzZSBzdWJzY3JpcHRpb24gdG8gZW5zdXJlIGNvbXBsaWFuY2Ugd2l0aCByZWNvbW1lbmRlZCBzZWN1cml0eSBiZXN0IHByYWN0aWNlcy4gUGxlYXNlIHJldmlldyBhbmQgbWVyZ2UgdGhlIHB1bGwgcmVxdWVzdCB0byBhcHBseSB0aGVzZSBzZWN1cml0eSBlbmhhbmNlbWVudHMuCgojIyBTZWN1cml0eSBGaXhlcwoKIyMjIEhhcmRlbiBSdW5uZXIKCkhhcmRlbi1SdW5uZXIgaXMgYW4gb3Blbi1zb3VyY2Ugc2VjdXJpdHkgYWdlbnQgZm9yIHRoZSBHaXRIdWItaG9zdGVkIHJ1bm5lciB0byBwcmV2ZW50IHNvZnR3YXJlIHN1cHBseSBjaGFpbiBhdHRhY2tzLiBJdCBwcmV2ZW50cyBleGZpbHRyYXRpb24gb2YgY3JlZGVudGlhbHMsIGRldGVjdHMgdGFtcGVyaW5nIG9mIHNvdXJjZSBjb2RlIGR1cmluZyBidWlsZCwgYW5kIGVuYWJsZXMgcnVubmluZyBqb2JzIHdpdGhvdXQgc3VkbyBhY2Nlc3MuCgotIFtHaXRIdWIgU2VjdXJpdHkgR3VpZGVdKGh0dHBzOi8vZG9jcy5naXRodWIuY29tL2VuL2FjdGlvbnMvc2VjdXJpdHktZm9yLWdpdGh1Yi1hY3Rpb25zL3NlY3VyaXR5LWd1aWRlcy9zZWN1cml0eS1oYXJkZW5pbmctZm9yLWdpdGh1Yi1hY3Rpb25zKQotIFtUaGUgT3BlbiBTb3VyY2UgU2VjdXJpdHkgRm91bmRhdGlvbiAoT3BlblNTRikgU2VjdXJpdHkgR3VpZGVdKGh0dHBzOi8vZ2l0aHViLmNvbS9vc3NmL3Njb3JlY2FyZC9ibG9iL21haW4vZG9jcy9jaGVja3MubWQjZGFuZ2Vyb3VzLXdvcmtmbG93KQoKIyMjIFBpbm5lZCBEZXBlbmRlbmNpZXMKClBpbm5pbmcgR2l0SHViIEFjdGlvbnMgdG8gc3BlY2lmaWMgdmVyc2lvbnMgb3IgY29tbWl0IFNIQXMgZW5zdXJlcyB0aGF0IHlvdXIgd29ya2Zsb3dzIHJlbWFpbiBjb25zaXN0ZW50IGFuZCBzZWN1cmUuClVucGlubmVkIGFjdGlvbnMgY2FuIGxlYWQgdG8gdW5leHBlY3RlZCBjaGFuZ2VzIG9yIHZ1bG5lcmFiaWxpdGllcyBjYXVzZWQgYnkgdXBzdHJlYW0gdXBkYXRlcy4KCi0gW0dpdEh1YiBTZWN1cml0eSBHdWlkZV0oaHR0cHM6Ly9kb2NzLmdpdGh1Yi5jb20vZW4vYWN0aW9ucy9zZWN1cml0eS1mb3ItZ2l0aHViLWFjdGlvbnMvc2VjdXJpdHktZ3VpZGVzL3NlY3VyaXR5LWhhcmRlbmluZy1mb3ItZ2l0aHViLWFjdGlvbnMjdXNpbmctdGhpcmQtcGFydHktYWN0aW9ucykKLSBbVGhlIE9wZW4gU291cmNlIFNlY3VyaXR5IEZvdW5kYXRpb24gKE9wZW5TU0YpIFNlY3VyaXR5IEd1aWRlXShodHRwczovL2dpdGh1Yi5jb20vb3NzZi9zY29yZWNhcmQvYmxvYi9tYWluL2RvY3MvY2hlY2tzLm1kI3Bpbm5lZC1kZXBlbmRlbmNpZXMpCiMjIyBTdGVwU2VjdXJpdHkgTWFpbnRhaW5lZCBBY3Rpb25zCgpSaXNreSBHaXRIdWIgQWN0aW9ucyBjYW4gZXhwb3NlIHlvdXIgcHJvamVjdCB0byBwb3RlbnRpYWwgc2VjdXJpdHkgcmlza3MuIFJpc2t5IGFjdGlvbnMgaGF2ZSBiZWVuIHJlcGxhY2VkIHdpdGggU3RlcFNlY3VyaXR5IG1haW50YWluZWQgYWN0aW9ucywgdGhhdCBhcmUgc2VjdXJlIGRyb3AtaW4gcmVwbGFjZW1lbnRzLgoKLSBbU3RlcFNlY3VyaXR5IE1haW50YWluZWQgQWN0aW9uc10oaHR0cHM6Ly9kb2NzLnN0ZXBzZWN1cml0eS5pby9hY3Rpb25zL3N0ZXBzZWN1cml0eS1tYWludGFpbmVkLWFjdGlvbnMpCgoKIyMgRmVlZGJhY2sKRm9yIGJ1ZyByZXBvcnRzLCBmZWF0dXJlIHJlcXVlc3RzLCBhbmQgZ2VuZXJhbCBmZWVkYmFjazsgcGxlYXNlIGNyZWF0ZSBhbiBpc3N1ZSBpbiBbc3RlcC1zZWN1cml0eS9zZWN1cmUtcmVwb10oaHR0cHM6Ly9naXRodWIuY29tL3N0ZXAtc2VjdXJpdHkvc2VjdXJlLXJlcG8pIG9yIGNvbnRhY3QgdXMgdmlhIFtvdXIgd2Vic2l0ZV0oaHR0cHM6Ly93d3cuc3RlcHNlY3VyaXR5LmlvLykuCgoK patchset: d0cf68e1b00f66b4c39de7f80a7bd88fd18b35f3 pipeline: check playbook_context: playbook_projects: trusted/project_0/github.com/vexxhost/zuul-config: canonical_name: github.com/vexxhost/zuul-config checkout: main commit: 9052b5a7781b3346e4cffd452a54448cbff54d8b trusted/project_1/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 571c0efa3491d12ecb8fc1169c510716d55c0fc2 trusted/project_2/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_0/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_1/github.com/vexxhost/zuul-config: canonical_name: github.com/vexxhost/zuul-config checkout: main commit: 9052b5a7781b3346e4cffd452a54448cbff54d8b untrusted/project_2/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 571c0efa3491d12ecb8fc1169c510716d55c0fc2 playbooks: - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/run.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/playbook_0/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/playbook_0/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/playbook_0/role_2/zuul-jobs/roles post_playbooks: - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/post.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_0/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_0/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_0/role_2/zuul-jobs/roles - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/post-logs.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_1/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_1/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_1/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_1/role_2/zuul-jobs/roles pre_playbooks: - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/pre.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_0/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/pre_playbook_0/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_0/role_2/zuul-jobs/roles - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/pre.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_1/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_1/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/pre_playbook_1/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_1/role_2/zuul-jobs/roles post_review: false post_timeout: null pre_timeout: null project: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes name: vexxhost/ansible-collection-kubernetes short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes projects: github.com/vexxhost/ansible-collection-kubernetes: canonical_hostname: github.com canonical_name: github.com/vexxhost/ansible-collection-kubernetes checkout: main checkout_description: zuul branch commit: ec7f117ef109de8a54da4928eeb804a44a37d848 name: vexxhost/ansible-collection-kubernetes required: false short_name: ansible-collection-kubernetes src_dir: src/github.com/vexxhost/ansible-collection-kubernetes ref: refs/pull/234/head resources: {} tenant: oss timeout: 1800 topic: null voting: true