From d9072c0932e952d53a2a2f43ea698b8b969651cf Mon Sep 17 00:00:00 2001
From: Benjamin Bannier <benjamin.bannier@corelight.com>
Date: Tue, 15 Oct 2024 10:25:18 +0200
Subject: [PATCH 1/4] Pin distribution for pre-commit CI job

The GH action `pre-commit/action` installs `pre-commit` into the system
with `pip`.[^1] On newer distributions this is discouraged as it might break
system packages and would require a dedicated flag
`--break-system-packages` in order to pass.

Since the action does not work in such environments yet, instead pin the
distribution we use for the workflow to a fixed, older and working version.

[^1]: https://github.com/pre-commit/action/blob/576ff52938d158a24ac7e009dfa94b1455e7df99/action.yml#L11
---
 .github/workflows/pre-commit.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 3592568b86..188b7d4891 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   pre-commit:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-python@v4

From 7747182dbd55b9551a920871c469bbc321ec74a1 Mon Sep 17 00:00:00 2001
From: Benjamin Bannier <benjamin.bannier@corelight.com>
Date: Tue, 15 Oct 2024 09:30:22 +0200
Subject: [PATCH 2/4] Bump GH actions for pre-commit job

---
 .github/workflows/pre-commit.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 188b7d4891..5ca6081db6 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -9,6 +9,6 @@ jobs:
   pre-commit:
     runs-on: ubuntu-22.04
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-python@v4
-    - uses: pre-commit/action@v3.0.0
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    - uses: pre-commit/action@v3.0.1

From 34490edae0a31cf2b672250e1fdf18b534bcf0b9 Mon Sep 17 00:00:00 2001
From: Benjamin Bannier <benjamin.bannier@corelight.com>
Date: Tue, 15 Oct 2024 10:39:59 +0200
Subject: [PATCH 3/4] Fix installation of Python packages in generate docs CI
 job

This job uses `ubuntu-latest`, i.e., it will automatically use the
newest version of Ubuntu available. On current versions `pip install`
refuses to install packages into the system since this might break
system packages. Users are expected to explicitly opt into this
potential breakage by passing the `--break-system-packages` flag. This
is an acceptable workaround here since we do not distribute this setup,
and currently things appear to not break.
---
 .github/workflows/generate-docs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/generate-docs.yml b/.github/workflows/generate-docs.yml
index be60b0cc9f..3a4ceb9442 100644
--- a/.github/workflows/generate-docs.yml
+++ b/.github/workflows/generate-docs.yml
@@ -71,7 +71,7 @@ jobs:
           # `python2` so this is a simple workaround until we drop Python 2
           # support and explicitly use `python3` for all invocations.
           sudo ln -sf /usr/bin/python3 /usr/local/bin/python
-          sudo pip3 install -r doc/requirements.txt
+          sudo pip3 install --break-system-packages -r doc/requirements.txt
 
       - name: ccache
         uses: hendrikmuhs/ccache-action@v1.2

From 5110af3c1363cba4794a42c46177aa65834ff27f Mon Sep 17 00:00:00 2001
From: Benjamin Bannier <benjamin.bannier@corelight.com>
Date: Tue, 15 Oct 2024 10:45:18 +0200
Subject: [PATCH 4/4] Bump GH actions for generate-docs job

---
 .github/workflows/generate-docs.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/generate-docs.yml b/.github/workflows/generate-docs.yml
index 3a4ceb9442..e991317071 100644
--- a/.github/workflows/generate-docs.yml
+++ b/.github/workflows/generate-docs.yml
@@ -24,12 +24,12 @@ jobs:
       # event, so we only need to authenticate in that case. Use
       # unauthenticated access otherwise so this action can e.g., also run from
       # clones.
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         if: github.event_name == 'schedule'
         with:
           submodules: "recursive"
           token: ${{ secrets.ZEEK_BOT_TOKEN }}
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         if: github.event_name != 'schedule'
         with:
           submodules: "recursive"
@@ -131,7 +131,7 @@ jobs:
         # Only send notifications for scheduled runs. Runs from pull requests
         # show failures in the GitHub UI.
         if: failure() && github.event_name == 'schedule'
-        uses: dawidd6/action-send-mail@v3.7.0
+        uses: dawidd6/action-send-mail@v3.12.0
         with:
           server_address: ${{secrets.SMTP_HOST}}
           server_port: ${{secrets.SMTP_PORT}}