From b122f941eeef24878398798ffea56293b9d69b44 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 3 Jun 2025 08:01:42 +0200
Subject: [PATCH] deps: update GitHub action dependencies (#3852)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/actions/build_micro_service/action.yml  | 2 +-
 .github/actions/e2e_sonobuoy/action.yml         | 2 +-
 .github/actions/setup_bazel_nix/action.yml      | 2 +-
 .github/workflows/aws-snp-launchmeasurement.yml | 2 +-
 .github/workflows/build-ccm-gcp.yml             | 2 +-
 .github/workflows/build-gcp-guest-agent.yml     | 2 +-
 .github/workflows/scorecard.yml                 | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/actions/build_micro_service/action.yml b/.github/actions/build_micro_service/action.yml
index 84813d865..7fecf16a2 100644
--- a/.github/actions/build_micro_service/action.yml
+++ b/.github/actions/build_micro_service/action.yml
@@ -62,7 +62,7 @@ runs:
 
     - name: Build and push container image
       id: build-micro-service
-      uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
       with:
         context: .
         file: ${{ inputs.dockerfile }}
diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml
index 627a2fcad..eb636472f 100644
--- a/.github/actions/e2e_sonobuoy/action.yml
+++ b/.github/actions/e2e_sonobuoy/action.yml
@@ -70,7 +70,7 @@ runs:
 
     - name: Publish test results
       if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e')
-      uses: mikepenz/action-junit-report@cf701569b05ccdd861a76b8607a66d76f6fd4857 # v5.5.1
+      uses: mikepenz/action-junit-report@65fe03598d8d251738592a497a9e8547a5c48eaa # v5.6.0
       with:
         report_paths: "**/junit_01.xml"
         fail_on_failure: true
diff --git a/.github/actions/setup_bazel_nix/action.yml b/.github/actions/setup_bazel_nix/action.yml
index 1066e5d34..b560ac8f6 100644
--- a/.github/actions/setup_bazel_nix/action.yml
+++ b/.github/actions/setup_bazel_nix/action.yml
@@ -114,7 +114,7 @@ runs:
 
     - name: Install nix
       if: steps.check_inputs.outputs.nixPreinstalled == 'false'
-      uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
+      uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
       with:
         install_url: "https://releases.nixos.org/nix/nix-${{ steps.check_inputs.outputs.nixVersion }}/install"
 
diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml
index 8e72cffb6..d2483d71c 100644
--- a/.github/workflows/aws-snp-launchmeasurement.yml
+++ b/.github/workflows/aws-snp-launchmeasurement.yml
@@ -17,7 +17,7 @@ jobs:
         path: constellation
 
     - name: Install Nix
-      uses: cachix/install-nix-action@526118121621777ccd86f79b04685a9319637641 # v31
+      uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31
 
     - name: Download Firmware release
       id: download-firmware
diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml
index 1954f242c..b84514a1c 100644
--- a/.github/workflows/build-ccm-gcp.yml
+++ b/.github/workflows/build-ccm-gcp.yml
@@ -113,7 +113,7 @@ jobs:
 
       - name: Build and push container image
         id: build
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: ./cloud-provider-gcp
           push: ${{ github.ref_name == 'main' }}
diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml
index bcd766a1f..4fab1d2c4 100644
--- a/.github/workflows/build-gcp-guest-agent.yml
+++ b/.github/workflows/build-gcp-guest-agent.yml
@@ -114,7 +114,7 @@ jobs:
       - name: Build and push container image
         if: steps.needs-build.outputs.out == 'true'
         id: build
-        uses: docker/build-push-action@1dc73863535b631f98b2378be8619f83b136f4a0 # v6.17.0
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: ./guest-agent
           file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index ccde82ebc..08a7faeac 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -23,7 +23,7 @@ jobs:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif