From 1459ab96fe61ec346db1e3670e8f2f340c313407 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 17 Jan 2025 09:58:24 +0100 Subject: [PATCH] deps: update GitHub action dependencies (#3585) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/artifact_upload/action.yml | 2 +- .github/actions/build_micro_service/action.yml | 2 +- .github/actions/e2e_sonobuoy/action.yml | 2 +- .github/actions/publish_helmchart/action.yml | 2 +- .../actions/upload_terraform_module/action.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/build-gcp-guest-agent.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/check-links.yml | 2 +- .github/workflows/codeql.yml | 4 ++-- .github/workflows/draft-release.yml | 16 ++++++++-------- .github/workflows/e2e-upgrade.yml | 2 +- .github/workflows/e2e-windows.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/reproducible-builds.yml | 8 ++++---- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/sync-terraform-docs.yml | 2 +- .github/workflows/test-unittest.yml | 2 +- .github/workflows/update-rpms.yml | 2 +- 19 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index 50974a9fd..76d7c1f03 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -69,7 +69,7 @@ runs: done - name: Upload archive as artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: ${{ inputs.name }} path: ${{ steps.tempdir.outputs.directory }}/archive.7z diff --git a/.github/actions/build_micro_service/action.yml b/.github/actions/build_micro_service/action.yml index e7da91e77..6cf2e3895 100644 --- a/.github/actions/build_micro_service/action.yml +++ b/.github/actions/build_micro_service/action.yml @@ -62,7 +62,7 @@ runs: - name: Build and push container image id: build-micro-service - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: context: . file: ${{ inputs.dockerfile }} diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index b0d89052d..40380f7ad 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -70,7 +70,7 @@ runs: - name: Publish test results if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e') - uses: mikepenz/action-junit-report@992d97d6eb2e5f3de985fbf9df6a04386874114d # v5.1.0 + uses: mikepenz/action-junit-report@62516aa379bff6370c95fd5894d5a27fb6619d9b # v5.2.0 with: report_paths: "**/junit_01.xml" fail_on_failure: true diff --git a/.github/actions/publish_helmchart/action.yml b/.github/actions/publish_helmchart/action.yml index 6e8a9f762..3cf193e3d 100644 --- a/.github/actions/publish_helmchart/action.yml +++ b/.github/actions/publish_helmchart/action.yml @@ -29,7 +29,7 @@ runs: echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT - name: Create pull request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: path: helm branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}" diff --git a/.github/actions/upload_terraform_module/action.yml b/.github/actions/upload_terraform_module/action.yml index 18dd61280..90a067ae2 100644 --- a/.github/actions/upload_terraform_module/action.yml +++ b/.github/actions/upload_terraform_module/action.yml @@ -15,7 +15,7 @@ runs: zip -r terraform-module.zip terraform-module - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: terraform-module path: terraform-module.zip diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index e74f71961..a6a434cb7 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -113,7 +113,7 @@ jobs: - name: Build and push container image id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: context: ./cloud-provider-gcp push: ${{ github.ref_name == 'main' }} diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index f5b734f00..bf9d15c78 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -114,7 +114,7 @@ jobs: - name: Build and push container image if: steps.needs-build.outputs.out == 'true' id: build - uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 + uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 with: context: ./guest-agent file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 8fc51d407..000a57a16 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -97,7 +97,7 @@ jobs: run: rm -f internal/attestation/measurements/measurement-generator/generate - name: Create pull request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: branch: "image/automated/update-measurements-${{ github.run_number }}" base: main diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index d9f97cfaa..5176b7e3e 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -25,7 +25,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Link Checker - uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0 + uses: lycheeverse/lychee-action@f796c8b7d468feb9b8c0a46da3fac0af6874d374 # v2.2.0 with: args: "--config ./.lychee.toml './**/*.md' './**/*.html'" fail: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d206fa4fa..1f140931c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 38612425c..c82555570 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -92,7 +92,7 @@ jobs: cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Upload CLI as artifact (unix) - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if : ${{ matrix.os != 'windows' }} with: name: constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -101,7 +101,7 @@ jobs: build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig - name: Upload CLI as artifact (windows) - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if : ${{ matrix.os == 'windows' }} with: name: constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -149,7 +149,7 @@ jobs: targetArch: ${{ matrix.arch }} - name: Upload Terraform Provider Binary as artifact (unix) - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if : ${{ matrix.os != 'windows' }} with: name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -157,7 +157,7 @@ jobs: build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} - name: Upload Terraform Provider Binary as artifact (windows) - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 if : ${{ matrix.os == 'windows' }} with: name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -296,13 +296,13 @@ jobs: COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Upload Constellation CLI SBOM - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: constellation.spdx.sbom path: constellation.spdx.sbom - name: Upload Constellation CLI SBOM's signature - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: constellation.spdx.sbom.sig path: constellation.spdx.sbom.sig @@ -472,7 +472,7 @@ jobs: - name: Create release with artifacts id: create-release # GitHub endorsed release project. See: https://github.com/actions/create-release - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 with: draft: true generate_release_notes: true @@ -487,7 +487,7 @@ jobs: terraform-module.zip - name: Create Terraform provider release with artifcats - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 with: draft: true generate_release_notes: false diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 5e50ec87e..2f5a49098 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -268,7 +268,7 @@ jobs: push: true - name: Upload CLI binary # is needed for the cleanup step - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: constellation-upgrade-${{ inputs.attestationVariant }} path: build/constellation diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 26ee8833b..e9f377596 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -45,7 +45,7 @@ jobs: push: true - name: Upload CLI artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: path: build/constellation.exe name: "constell-exe" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9bb70b043..fffe4febe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -118,7 +118,7 @@ jobs: sed -i 's/fromVersion: \["[^"]*"\]/fromVersion: ["${{ inputs.version }}"]/g' .github/workflows/e2e-test-weekly.yml - name: Create docs pull request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: branch: ${{ env.BRANCH }} base: main diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index d0ff8a129..2307f6084 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -80,13 +80,13 @@ jobs: run: shasum -a 256 "${binary}" | tee "${binary}.sha256" - name: Upload binary artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "binaries-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" path: "${{ env.binary }}" - name: Upload hash artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" path: "${{ env.binary }}.sha256" @@ -145,13 +145,13 @@ jobs: run: shasum -a 256 "${binary}" | tee "${binary}.sha256" - name: Upload binary artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "osimages-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}" - name: Upload hash artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}.sha256" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ac2bc5817..7b18e3a73 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,13 +30,13 @@ jobs: publish_results: true - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: name: SARIF file path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-terraform-docs.yml b/.github/workflows/sync-terraform-docs.yml index 6b9be623d..36ef698b5 100644 --- a/.github/workflows/sync-terraform-docs.yml +++ b/.github/workflows/sync-terraform-docs.yml @@ -40,7 +40,7 @@ jobs: - name: Create pull request id: create-pull-request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: path: terraform-provider-constellation branch: "feat/docs/update" diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index b676e7dca..0f0a0054c 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -69,7 +69,7 @@ jobs: - name: Comment coverage if: steps.coverage.outputs.uploadable == 'true' && github.event_name == 'pull_request' - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1 with: header: coverage path: coverage_diff.md diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index bd30519ef..411a6cc73 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -39,7 +39,7 @@ jobs: fi - name: Create pull request - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: branch: "image/automated/update-rpms-${{ github.run_number }}" base: main