From 5551a1a406ee8c0b0c4df4b74a29076a78845e85 Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Fri, 20 Feb 2026 18:59:22 +0100 Subject: [PATCH 1/3] Add mise version+sha256 pinning to CI workflows Pin mise version and sha256 in all workflow files for reproducibility and supply-chain security. Signed-off-by: Gregor Zeitlinger --- .github/workflows/acceptance-tests.yml | 3 +++ .github/workflows/lint.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index ee9a5bc9..2877c465 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -16,6 +16,9 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + with: + version: v2026.2.11 + sha256: 3e1baedb9284124b770d2d561a04a98c343d05967c83deb8b35c7c941f8d9c9a - name: Run acceptance tests run: mise run acceptance-tests ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 01238573..ea3e2bc8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -22,6 +22,9 @@ jobs: - name: Setup mise uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 + with: + version: v2026.2.11 + sha256: 3e1baedb9284124b770d2d561a04a98c343d05967c83deb8b35c7c941f8d9c9a - name: Lint env: From f5c608bde94afdecc7f76f2240ceb472c68b471e Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Fri, 20 Feb 2026 20:32:41 +0100 Subject: [PATCH 2/3] Add config:best-practices to renovate extends Signed-off-by: Gregor Zeitlinger --- .github/renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index d15fe67c..5ef65367 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,6 +1,6 @@ { $schema: "https://docs.renovatebot.com/renovate-schema.json", - extends: ["config:recommended", "customManagers:dockerfileVersions", "customManagers:githubActionsVersions", "github>grafana/flint"], + extends: ["config:best-practices", "config:recommended", "customManagers:dockerfileVersions", "customManagers:githubActionsVersions", "github>grafana/flint"], branchPrefix: "grafanarenovatebot/", dependencyDashboard: true, platformCommit: "enabled", From e305b040abf1f395cbebb6d427838f02112313f0 Mon Sep 17 00:00:00 2001 From: Gregor Zeitlinger Date: Fri, 20 Feb 2026 20:40:07 +0100 Subject: [PATCH 3/3] Add mise entries to renovate-tracked-deps.json Signed-off-by: Gregor Zeitlinger --- .github/renovate-tracked-deps.json | 33 ++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/.github/renovate-tracked-deps.json b/.github/renovate-tracked-deps.json index 74190f30..a4b3df83 100644 --- a/.github/renovate-tracked-deps.json +++ b/.github/renovate-tracked-deps.json @@ -4,11 +4,21 @@ "grafana/flint" ] }, + ".github/workflows/acceptance-tests.yml": { + "regex": [ + "mise" + ] + }, ".github/workflows/ghcr-image-build-and-publish.yml": { "regex": [ "cosign" ] }, + ".github/workflows/lint.yml": { + "regex": [ + "mise" + ] + }, ".github/workflows/release.yml": { "regex": [ "cosign" @@ -37,6 +47,11 @@ "mcr.microsoft.com/dotnet/sdk" ] }, + "examples/dotnet/docker-compose.yml": { + "docker-compose": [ + "grafana/otel-lgtm" + ] + }, "examples/dotnet/rolldice.csproj": { "nuget": [ "OpenTelemetry.Exporter.Console", @@ -55,6 +70,11 @@ "opentelemetry-ebpf-profiler" ] }, + "examples/ebpf-profiler/docker-compose.yml": { + "docker-compose": [ + "grafana/otel-lgtm" + ] + }, "examples/ebpf-profiler/generate-traffic.Dockerfile": { "dockerfile": [ "ubuntu" @@ -179,6 +199,11 @@ "express" ] }, + "examples/obi/docker-compose.yaml": { + "docker-compose": [ + "grafana/otel-lgtm" + ] + }, "examples/obi/dotnet/Dockerfile": { "dockerfile": [ "mcr.microsoft.com/dotnet/aspnet", @@ -215,7 +240,15 @@ "express" ] }, + "examples/obi/python.Dockerfile": { + "dockerfile": [ + "python" + ] + }, "examples/python/Dockerfile": { + "dockerfile": [ + "python" + ], "regex": [ "opentelemetry-distro" ]