From 0549971ecda7c7415b7e885117576981b4b54ed2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 18:48:37 +0100 Subject: [PATCH] chore(deps): update github-actions (#90) * chore(deps): update github-actions * actionlint * quotes --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: chgl --- .github/workflows/ci.yaml | 2 +- .github/workflows/scorecard.yaml | 6 ++--- .github/workflows/standard-build.yaml | 20 ++++++++--------- .github/workflows/standard-lint.yaml | 28 ++++++++++++------------ .github/workflows/standard-release.yaml | 4 ++-- .github/workflows/standard-schedule.yaml | 8 +++---- 6 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6b3f941..cd3bce4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -97,7 +97,7 @@ jobs: docker info -f '{{ .DriverStatus }}' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8026d2bc3645ea78b0d2544766a1225eb5691f89 # v3.7.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Download build image uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 0d18401..7bad645 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -33,7 +33,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif diff --git a/.github/workflows/standard-build.yaml b/.github/workflows/standard-build.yaml index 023f673..96fe34b 100644 --- a/.github/workflows/standard-build.yaml +++ b/.github/workflows/standard-build.yaml @@ -123,7 +123,7 @@ jobs: egress-policy: audit # change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # # via @@ -139,7 +139,7 @@ jobs: docker info -f '{{ .DriverStatus }}' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8026d2bc3645ea78b0d2544766a1225eb5691f89 # v3.7.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -196,7 +196,7 @@ jobs: - name: Upload test image if: ${{ (inputs.enable-build-test-layer == true) && (inputs.enable-upload-test-image == true) }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ steps.slugify-image.outputs.slug }}-test path: | @@ -224,7 +224,7 @@ jobs: - name: Upload container image if: ${{ github.event_name == 'pull_request' && inputs.enable-upload-image == true }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ steps.slugify-image.outputs.slug }} path: | @@ -237,8 +237,8 @@ jobs: - name: install trivy run: | - wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb - sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.deb + wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb" + sudo dpkg -i "trivy_${TRIVY_VERSION}_Linux-64bit.deb" - name: Create Trivy vulnerability attestation if: ${{ inputs.enable-trivy-scan }} @@ -253,7 +253,7 @@ jobs: "${{ fromJson(steps.image_meta.outputs.json).tags[0] }}" - name: Upload image vulnerability attestation - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if: ${{ inputs.enable-trivy-scan }} with: name: ${{ steps.slugify-image.outputs.slug }}-trivy-attestation @@ -337,7 +337,7 @@ jobs: password: ${{ secrets.github-token }} - name: Install Cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Sign image env: @@ -376,7 +376,7 @@ jobs: path: /tmp - name: Install Cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Attest image vulnerability report env: @@ -397,7 +397,7 @@ jobs: contents: write steps: - name: Install Cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: download attestation from image env: diff --git a/.github/workflows/standard-lint.yaml b/.github/workflows/standard-lint.yaml index c5c3905..07bc965 100644 --- a/.github/workflows/standard-lint.yaml +++ b/.github/workflows/standard-lint.yaml @@ -69,14 +69,14 @@ jobs: pull-requests: write steps: - name: Checkout Code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # MegaLinter - name: MegaLinter id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://megalinter.io/latest/flavors/ - uses: oxsecurity/megalinter@c217fe8f7bc9207062a084e989bd97efd56e7b9a # v8.0.0 + uses: oxsecurity/megalinter@b38cdf1f0cbe056fad4112cb7cd99c2b574c9617 # v8.1.0 env: VALIDATE_ALL_CODEBASE: "true" # only try to post PR comments if it's not a fork @@ -86,7 +86,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ always() }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: MegaLinter reports path: | @@ -103,9 +103,9 @@ jobs: contents: read steps: - name: Checkout Code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Dependency Review - uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 + uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 gradle-wrapper-validation: name: validate gradle wrapper @@ -115,7 +115,7 @@ jobs: contents: read steps: - name: Checkout Code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle Wrapper uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0 @@ -127,11 +127,11 @@ jobs: contents: read steps: - name: Checkout Code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 1 - name: Install Cosign - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - run: | cosign dockerfile verify \ --output text \ @@ -154,11 +154,11 @@ jobs: language: ${{ fromJSON(inputs.codeql-languages) }} steps: - name: Checkout Code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Java if: ${{ matrix.language == 'java' }} - uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 + uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 with: java-version: ${{ inputs.java-version }} distribution: "temurin" @@ -166,13 +166,13 @@ jobs: - name: Set up .NET if: ${{ matrix.language == 'csharp' }} - uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1 + uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0 with: dotnet-version: ${{ inputs.dotnet-version }} # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -185,7 +185,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -198,6 +198,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/standard-release.yaml b/.github/workflows/standard-release.yaml index 466164a..d2abe28 100644 --- a/.github/workflows/standard-release.yaml +++ b/.github/workflows/standard-release.yaml @@ -33,13 +33,13 @@ jobs: egress-policy: audit # change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # via persist-credentials: false # Only required temporary: https://github.com/cycjimmy/semantic-release-action/issues/159 - - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 + - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: 14 diff --git a/.github/workflows/standard-schedule.yaml b/.github/workflows/standard-schedule.yaml index 4660d83..772d097 100644 --- a/.github/workflows/standard-schedule.yaml +++ b/.github/workflows/standard-schedule.yaml @@ -32,10 +32,10 @@ jobs: issues: write steps: - name: Checkout Code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore lychee cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: .lycheecache key: cache-lychee-${{ github.sha }} @@ -76,7 +76,7 @@ jobs: security-events: write # for github/codeql-action/upload-sarif to upload SARIF results steps: - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 with: image-ref: "${{ matrix.image }}" format: "template" @@ -85,6 +85,6 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: "trivy-results.sarif"