From 335baf20d76342442ca4104a7183b809b309e9fc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 21:40:15 +0000 Subject: [PATCH] deps: update github actions Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/deploy-keptn-on-cluster/action.yml | 4 ++-- .github/workflows/CI.yaml | 12 ++++++------ .github/workflows/component-test.yml | 2 +- .github/workflows/e2e-test.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- .github/workflows/htmltest.yaml | 2 +- .github/workflows/integration-test-component.yml | 2 +- .github/workflows/integration-test.yml | 2 +- .github/workflows/load-test.yml | 6 +++--- .github/workflows/markdown-checks.yaml | 2 +- .github/workflows/release.yml | 8 ++++---- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/security-scans.yml | 12 ++++++------ 13 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/actions/deploy-keptn-on-cluster/action.yml b/.github/actions/deploy-keptn-on-cluster/action.yml index 36e7d31d21..3c55f2a3d0 100644 --- a/.github/actions/deploy-keptn-on-cluster/action.yml +++ b/.github/actions/deploy-keptn-on-cluster/action.yml @@ -30,7 +30,7 @@ runs: using: "composite" steps: - name: Set up Go 1.x - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -43,7 +43,7 @@ runs: path: ~/download/artifacts - name: "Create single kind Cluster" - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 with: cluster_name: ${{ inputs.cluster-name }} version: ${{ inputs.kind-version }} diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index 46351121d2..4b15900445 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -91,7 +91,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go 1.x - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -139,17 +139,17 @@ jobs: - name: Cache build tools id: cache-build-tools - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: ./${{ matrix.config.folder }}bin key: build-tools-${{ github.ref_name }} - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Build Docker Image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: context: ${{ matrix.config.folder }} platforms: linux/amd64,linux/arm64 @@ -168,7 +168,7 @@ jobs: outputs: type=oci,dest=/tmp/${{ matrix.config.name }}-image.tar - name: Upload image as artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: ${{ matrix.config.name }}-image.tar path: /tmp/${{ matrix.config.name }}-image.tar @@ -184,7 +184,7 @@ jobs: run: echo "" > tag - name: Upload tag for tests - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: dev-${{ env.DATETIME }} path: tag diff --git a/.github/workflows/component-test.yml b/.github/workflows/component-test.yml index 4fc3f4c86f..44233f4ad8 100644 --- a/.github/workflows/component-test.yml +++ b/.github/workflows/component-test.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go 1.x - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: ${{ env.GO_VERSION }} cache: true diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 7cc01293af..299f87b356 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -45,7 +45,7 @@ jobs: - name: Upload ${{ matrix.config.name }} cluster logs if: always() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: logs-e2e-tests-${{ matrix.config.name }} path: .github/scripts/logs diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 6ee9a7d520..f0b29a1996 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -41,7 +41,7 @@ jobs: - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/htmltest.yaml b/.github/workflows/htmltest.yaml index c6e9c1544a..f38b0005ef 100644 --- a/.github/workflows/htmltest.yaml +++ b/.github/workflows/htmltest.yaml @@ -31,7 +31,7 @@ jobs: fetch-depth: 0 - name: Cache HTMLTest packages - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: | tmp/.htmltest diff --git a/.github/workflows/integration-test-component.yml b/.github/workflows/integration-test-component.yml index b5b97d9563..f726b6710f 100644 --- a/.github/workflows/integration-test-component.yml +++ b/.github/workflows/integration-test-component.yml @@ -51,7 +51,7 @@ jobs: - name: Upload cluster logs if: failure() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: logs-integration-tests-${{ inputs.type }} path: .github/scripts/logs diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index c44501a541..073f90eb19 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -52,7 +52,7 @@ jobs: - name: Upload cluster logs if: failure() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: logs-integration-tests-${{ inputs.cert-manager-io-enabled }} path: .github/scripts/logs diff --git a/.github/workflows/load-test.yml b/.github/workflows/load-test.yml index 206bc84281..6364b743ee 100644 --- a/.github/workflows/load-test.yml +++ b/.github/workflows/load-test.yml @@ -28,7 +28,7 @@ jobs: - name: Cache build tools id: cache-build-tools - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 with: path: /usr/local/bin/kube-burner key: kube-burner-${{ env.KUBE_BURNER_VERSION }} @@ -57,7 +57,7 @@ jobs: - name: Upload results if: always() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: load-tests-results path: ./collected-metrics @@ -69,7 +69,7 @@ jobs: - name: Upload cluster logs if: failure() - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: logs-load-tests path: .github/scripts/logs diff --git a/.github/workflows/markdown-checks.yaml b/.github/workflows/markdown-checks.yaml index c513c79c24..8725ec89ab 100644 --- a/.github/workflows/markdown-checks.yaml +++ b/.github/workflows/markdown-checks.yaml @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go 1.x - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 87e3fe74dc..7031ee2c7d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -152,7 +152,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 @@ -179,7 +179,7 @@ jobs: - name: Build Docker Image id: docker_build_image - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 + uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0 with: context: ${{ matrix.config.folder }} platforms: linux/amd64,linux/arm64 @@ -215,7 +215,7 @@ jobs: output-file: ./sbom-${{ matrix.config.name }}.spdx.json - name: Attach SBOM to release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 with: tag_name: ${{ matrix.config.tagName }} files: ./sbom-${{ matrix.config.name }}.spdx.json @@ -234,7 +234,7 @@ jobs: ${{ env.IMAGE_NAME }}@${{ env.IMAGE_DIGEST }} - name: Upload verification log as artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: cosign-attest-verification-log path: ./cosign-attest-output.json diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f62b97bb69..0d0d78b295 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -60,7 +60,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml index 2fc7b06a21..1952534d07 100644 --- a/.github/workflows/security-scans.yml +++ b/.github/workflows/security-scans.yml @@ -65,14 +65,14 @@ jobs: path: ./dist - name: Upload tag - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: tag path: | ./dist/dev-*/ - name: Upload images - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: images path: | @@ -99,7 +99,7 @@ jobs: steps: - name: Set up Go if: matrix.tool == 'kubeconform' - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: go-version: ${{ env.GO_VERSION }} check-latest: true @@ -157,7 +157,7 @@ jobs: - name: Upload KICS results if: always() && matrix.tool == 'kics' - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: kics-results path: results.json @@ -236,7 +236,7 @@ jobs: tar -xvf images/${{ matrix.image }}-image.tar/${{ matrix.image }}-image.tar -C images/${{ matrix.image }}-image.tar/ - name: Trivy image scan - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0 with: input: "images/${{ matrix.image }}-image.tar" severity: 'CRITICAL,HIGH' @@ -254,7 +254,7 @@ jobs: - "keptn-cert-manager" steps: - name: Set up Go 1.x - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 with: cache-dependency-path: ${{ matrix.artifact }}/go.sum go-version: ${{ env.GO_VERSION }}