From 73642cf47e46f4abd650ac65d3c53c5c4b264da3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 20:26:21 +0000 Subject: [PATCH] chore(deps): update github-actions --- .github/workflows/ci.yaml | 2 +- .github/workflows/scorecard.yaml | 4 ++-- .github/workflows/standard-build.yaml | 14 +++++++------- .github/workflows/standard-lint.yaml | 12 ++++++------ .github/workflows/standard-schedule.yaml | 4 ++-- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cd3bce4..d62f234 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -97,7 +97,7 @@ jobs: docker info -f '{{ .DriverStatus }}' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Download build image uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 48b8135..313e873 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/.github/workflows/standard-build.yaml b/.github/workflows/standard-build.yaml index 9dec084..3a5e869 100644 --- a/.github/workflows/standard-build.yaml +++ b/.github/workflows/standard-build.yaml @@ -139,7 +139,7 @@ jobs: docker info -f '{{ .DriverStatus }}' - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 @@ -173,7 +173,7 @@ jobs: - name: Build unit test image layer if: ${{ inputs.enable-build-test-layer == true }} id: build_test - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: ${{ inputs.build-context }} push: false @@ -196,7 +196,7 @@ jobs: - name: Upload test image if: ${{ (inputs.enable-build-test-layer == true) && (inputs.enable-upload-test-image == true) }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.slugify-image.outputs.slug }}-test path: | @@ -204,7 +204,7 @@ jobs: - name: Build and push image id: build - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: ${{ inputs.build-context }} # when in a PR, save the image as a tar archive @@ -224,7 +224,7 @@ jobs: - name: Upload container image if: ${{ github.event_name == 'pull_request' && inputs.enable-upload-image == true }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: ${{ steps.slugify-image.outputs.slug }} path: | @@ -253,7 +253,7 @@ jobs: "${{ fromJson(steps.image_meta.outputs.json).tags[0] }}" - name: Upload image vulnerability attestation - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 if: ${{ inputs.enable-trivy-scan }} with: name: ${{ steps.slugify-image.outputs.slug }}-trivy-attestation @@ -407,7 +407,7 @@ jobs: cosign download attestation --output-file="$IMAGE_SLUG.intoto.jsonl" "$IMAGE" - name: upload assets to release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: files: | *.intoto.jsonl diff --git a/.github/workflows/standard-lint.yaml b/.github/workflows/standard-lint.yaml index b7f5716..f660a5c 100644 --- a/.github/workflows/standard-lint.yaml +++ b/.github/workflows/standard-lint.yaml @@ -86,7 +86,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ always() }} - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: MegaLinter reports path: | @@ -117,7 +117,7 @@ jobs: - name: Checkout Code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Validate Gradle Wrapper - uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1 + uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 base-image-signature-verification: name: verify Dockerfile base image signature @@ -158,7 +158,7 @@ jobs: - name: Set up Java if: ${{ matrix.language == 'java' }} - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: ${{ inputs.java-version }} distribution: "temurin" @@ -172,7 +172,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -185,7 +185,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -198,6 +198,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/standard-schedule.yaml b/.github/workflows/standard-schedule.yaml index 1f0946f..de2172a 100644 --- a/.github/workflows/standard-schedule.yaml +++ b/.github/workflows/standard-schedule.yaml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Restore lychee cache - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: .lycheecache key: cache-lychee-${{ github.sha }} @@ -85,6 +85,6 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: "trivy-results.sarif"