deps: update GitHub action dependencies (#3259)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-05 17:55:32 -05:00 · 2024-07-18 08:49:57 +02:00 · 2024-07-18 08:49:57 +02:00 · 78ce220cf9
commit 78ce220cf9
parent 1edc1966f9
16 changed files with 49 additions and 49 deletions
--- a/.github/workflows/aws-snp-launchmeasurement.yml
+++ b/.github/workflows/aws-snp-launchmeasurement.yml
@ -27,7 +27,7 @@ jobs:

    - name: Download Firmware release
      id: download-firmware
-      uses: robinraju/release-downloader@c39a3b234af58f0cf85888573d361fb6fa281534 # v1.10
+      uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # v1.11
      with:
        repository: aws/uefi
        latest: true
--- a/.github/workflows/build-ccm-gcp.yml
+++ b/.github/workflows/build-ccm-gcp.yml
@ -29,7 +29,7 @@ jobs:
          fetch-depth: 0

      - name: Setup Go environment
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: "1.22.5"
          cache: false
--- a/.github/workflows/build-os-image-scheduled.yml
+++ b/.github/workflows/build-os-image-scheduled.yml
@ -68,7 +68,7 @@ jobs:
          token: ${{ secrets.CI_COMMIT_PUSH_PR }}

      - name: Setup Go environment
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: "1.22.5"
          cache: false
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -38,13 +38,13 @@ jobs:

      - name: Setup Go environment
        if: matrix.language == 'go'
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: "1.22.5"
          cache: false

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
        with:
          languages: ${{ matrix.language }}

@ -63,6 +63,6 @@ jobs:
          echo "::endgroup::"

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
        with:
          category: "/language:${{ matrix.language }}"
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@ -92,7 +92,7 @@ jobs:
          cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}

      - name: Upload CLI as artifact (unix)
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if : ${{ matrix.os != 'windows' }}
        with:
          name: constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -101,7 +101,7 @@ jobs:
            build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig

      - name: Upload CLI as artifact (windows)
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if : ${{ matrix.os == 'windows' }}
        with:
          name: constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -149,7 +149,7 @@ jobs:
          targetArch: ${{ matrix.arch }}

      - name: Upload Terraform Provider Binary as artifact (unix)
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if : ${{ matrix.os != 'windows' }}
        with:
          name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -157,7 +157,7 @@ jobs:
            build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}

      - name: Upload Terraform Provider Binary as artifact (windows)
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if : ${{ matrix.os == 'windows' }}
        with:
          name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
@ -227,7 +227,7 @@ jobs:
        uses: ./.github/actions/download_release_binaries

      - name: Download CLI SBOM
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation.spdx.sbom

@ -296,13 +296,13 @@ jobs:
          COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}

      - name: Upload Constellation CLI SBOM
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: constellation.spdx.sbom
          path: constellation.spdx.sbom

      - name: Upload Constellation CLI SBOM's signature
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: constellation.spdx.sbom.sig
          path: constellation.spdx.sbom.sig
@ -340,12 +340,12 @@ jobs:
        uses: ./.github/actions/download_release_binaries

      - name: Download CLI SBOM
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation.spdx.sbom

      - name: Download provenance
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: ${{ needs.provenance.outputs.provenance-name }}

@ -418,17 +418,17 @@ jobs:
        uses: ./.github/actions/download_release_binaries

      - name: Download CLI SBOM
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation.spdx.sbom

      - name: Download Constellation CLI SBOM's signature
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation.spdx.sbom.sig

      - name: Download Constellation provenance
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: ${{ needs.provenance.outputs.provenance-name }}

@ -472,7 +472,7 @@ jobs:
      - name: Create release with artifacts
        id: create-release
        # GitHub endorsed release project. See: https://github.com/actions/create-release
-        uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6
+        uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7
        with:
          draft: true
          generate_release_notes: true
@ -487,7 +487,7 @@ jobs:
            terraform-module.zip

      - name: Create Terraform provider release with artifcats
-        uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6
+        uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7
        with:
          draft: true
          generate_release_notes: false
--- a/.github/workflows/e2e-upgrade.yml
+++ b/.github/workflows/e2e-upgrade.yml
@ -170,7 +170,7 @@ jobs:
          push: true

      - name: Upload CLI binary
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: constellation-upgrade-${{ inputs.attestationVariant }}
          path: build/constellation
@ -326,7 +326,7 @@ jobs:
          azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}

      - name: Download CLI
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation-upgrade-${{ inputs.attestationVariant }}
          path: build
@ -451,7 +451,7 @@ jobs:
          ref: ${{ inputs.gitRef }}

      - name: Download CLI
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: constellation-upgrade-${{ inputs.attestationVariant }}
          path: build
--- a/.github/workflows/e2e-windows.yml
+++ b/.github/workflows/e2e-windows.yml
@ -45,7 +45,7 @@ jobs:
          push: true

      - name: Upload CLI artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          path: build/constellation.exe
          name: "constell-exe"
@ -61,7 +61,7 @@ jobs:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Download CLI artifact
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: "constell-exe"

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -231,7 +231,7 @@ jobs:
          ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}

      - name: Setup Go environment
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: "1.22.5"
          cache: true
--- a/.github/workflows/reproducible-builds.yml
+++ b/.github/workflows/reproducible-builds.yml
@ -57,13 +57,13 @@ jobs:
        run: shasum -a 256 "${binary}" | tee "${binary}.sha256"

      - name: Upload binary artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: "binaries-${{ matrix.target }}-${{ matrix.runner }}"
          path: "${{ env.binary }}"

      - name: Upload hash artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
          path: "${{ env.binary }}.sha256"
@ -110,13 +110,13 @@ jobs:
        run: shasum -a 256 "${binary}" | tee "${binary}.sha256"

      - name: Upload binary artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: "osimages-${{ matrix.target }}-${{ matrix.runner }}"
          path: "${{ env.binary }}"

      - name: Upload hash artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
          path: "${{ env.binary }}.sha256"
@ -139,7 +139,7 @@ jobs:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Download binaries
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          pattern: "binaries-${{ matrix.target }}-*"
          merge-multiple: true
@ -173,7 +173,7 @@ jobs:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Download os images
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          pattern: "osimages-${{ matrix.target }}-*"
          merge-multiple: true
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@ -30,13 +30,13 @@ jobs:
          publish_results: true

      - name: Upload artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5

      - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
        with:
          sarif_file: results.sarif
--- a/.github/workflows/test-operator-codegen.yml
+++ b/.github/workflows/test-operator-codegen.yml
@ -26,7 +26,7 @@ jobs:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Setup Go environment
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: "1.22.5"
          cache: true