Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-12 13:01:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

deps: update GitHub action dependencies (#3633)

Browse Source 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot] 2025-02-04 08:27:37 +01:00 committed by GitHub
parent 245700ee54
commit f1e30863c1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
28 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/build_micro_service/action.yml vendored
View File

@ -62,7 +62,7 @@ runs:
- name: Build and push container image
id: build-micro-service
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
with:
context: .
file: ${{ inputs.dockerfile }}

4
.github/actions/cdbg_deploy/action.yml vendored
View File

@ -61,7 +61,7 @@ runs:
- name: Login to AWS (IAM service principal)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1
@ -80,7 +80,7 @@ runs:
- name: Login to AWS (Cluster service principal)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/actions/constellation_destroy/action.yml vendored
View File

@ -67,7 +67,7 @@ runs:
- name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/actions/constellation_iam_destroy/action.yml vendored
View File

@ -23,7 +23,7 @@ runs:
- name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1

2
.github/actions/e2e_attestationconfigapi/action.yml vendored
View File

@ -19,7 +19,7 @@ runs:
uses: ./.github/actions/setup_bazel_nix
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubTestResourceAPI
aws-region: eu-west-1

4
.github/actions/e2e_benchmark/action.yml vendored
View File

@ -32,7 +32,7 @@ runs:
steps:
- name: Setup python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
with:
python-version: "3.10"
@ -166,7 +166,7 @@ runs:
encryptionSecret: ${{ inputs.encryptionSecret }}
- name: Assume AWS role to retrieve and update benchmarks in S3
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionUpdateBenchmarks
aws-region: us-east-2

2
.github/actions/e2e_cleanup_timeframe/action.yml vendored
View File

@ -16,7 +16,7 @@ runs:
using: "composite"
steps:
- name: Authenticate AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EDestroy
aws-region: eu-central-1

2
.github/actions/e2e_sonobuoy/action.yml vendored
View File

@ -70,7 +70,7 @@ runs:
- name: Publish test results
if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e')
uses: mikepenz/action-junit-report@62516aa379bff6370c95fd5894d5a27fb6619d9b # v5.2.0
uses: mikepenz/action-junit-report@ee6b445351cd81e2f73a16a0e52d598aeac2197f # v5.3.0
with:
report_paths: "**/junit_01.xml"
fail_on_failure: true

4
.github/actions/e2e_test/action.yml vendored
View File

@ -225,7 +225,7 @@ runs:
- name: Login to AWS (IAM role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1
@ -290,7 +290,7 @@ runs:
- name: Login to AWS (Cluster role)
if: inputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/actions/e2e_verify/action.yml vendored
View File

@ -82,7 +82,7 @@ runs:
- name: Login to AWS
if: github.ref_name == 'main'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1

2
.github/actions/find_latest_image/action.yml vendored
View File

@ -38,7 +38,7 @@ runs:
- name: Login to AWS
if: inputs.imageVersion == ''
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1

4
.github/actions/login_gcp/action.yml vendored
View File

@ -20,11 +20,11 @@ runs:
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
- name: Authorize GCP access
uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
uses: google-github-actions/auth@71f986410dfbc7added4569d411d040a91dc6935 # v2.1.8
with:
workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider
service_account: ${{ inputs.service_account }}
# Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil.
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4

2
.github/actions/select_image/action.yml vendored
View File

@ -18,7 +18,7 @@ runs:
using: "composite"
steps:
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1

2
.github/workflows/build-ccm-gcp.yml vendored
View File

@ -113,7 +113,7 @@ jobs:
- name: Build and push container image
id: build
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
with:
context: ./cloud-provider-gcp
push: ${{ github.ref_name == 'main' }}

2
.github/workflows/build-gcp-guest-agent.yml vendored
View File

@ -114,7 +114,7 @@ jobs:
- name: Build and push container image
if: steps.needs-build.outputs.out == 'true'
id: build
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0
with:
context: ./guest-agent
file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile

2
.github/workflows/build-os-image.yml vendored
View File

@ -147,7 +147,7 @@ jobs:
useCache: "false"
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1

4
.github/workflows/codeql.yml vendored
View File

@ -44,7 +44,7 @@ jobs:
cache: false
- name: Initialize CodeQL
uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
with:
languages: ${{ matrix.language }}
@ -63,6 +63,6 @@ jobs:
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
with:
category: "/language:${{ matrix.language }}"

2
.github/workflows/e2e-test-provider-example.yml vendored
View File

@ -154,7 +154,7 @@ jobs:
- name: Login to AWS (IAM + Cluster role)
if: steps.determine.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ETerraform
aws-region: eu-central-1

2
.github/workflows/e2e-test-release.yml vendored
View File

@ -342,7 +342,7 @@ jobs:
- name: Set up gcloud CLI (macOS)
if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
- name: Run E2E test
id: e2e_test

2
.github/workflows/e2e-test.yml vendored
View File

@ -232,7 +232,7 @@ jobs:
- name: Set up gcloud CLI (macOS)
if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS'
uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2
uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
- name: Run manual E2E test
id: e2e_test

6
.github/workflows/e2e-upgrade.yml vendored
View File

@ -274,7 +274,7 @@ jobs:
path: build/constellation
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1
@ -296,7 +296,7 @@ jobs:
- name: Login to AWS (IAM role)
if: needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2EIAM
aws-region: eu-central-1
@ -347,7 +347,7 @@ jobs:
- name: Login to AWS (Cluster role)
if: always() && needs.generate-input-parameters.outputs.cloudProvider == 'aws'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionsE2ECluster
aws-region: eu-central-1

2
.github/workflows/on-release.yml vendored
View File

@ -142,7 +142,7 @@ jobs:
- uses: ./.github/actions/setup_bazel_nix
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
aws-region: eu-central-1

2
.github/workflows/purge-main.yml vendored
View File

@ -23,7 +23,7 @@ jobs:
ref: ${{ github.head_ref }}
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1

2
.github/workflows/scorecard.yml vendored
View File

@ -37,6 +37,6 @@ jobs:
retention-days: 5
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
with:
sarif_file: results.sarif

2
.github/workflows/test-tidy.yml vendored
View File

@ -37,7 +37,7 @@ jobs:
- name: Assume AWS role to upload Bazel dependencies to S3
if: startsWith(github.head_ref, 'renovate/')
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1

2
.github/workflows/test-unittest.yml vendored
View File

@ -49,7 +49,7 @@ jobs:
rm -rf awscliv2.zip aws
- name: Login to AWS (IAM role)
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubActionGocoverage
aws-region: eu-central-1

2
.github/workflows/update-rpms.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
token: ${{ secrets.CI_COMMIT_PUSH_PR }}
- name: Assume AWS role to upload Bazel dependencies to S3
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationMirrorWrite
aws-region: eu-central-1

6
.github/workflows/versionsapi.yml vendored
View File

@ -149,21 +149,21 @@ jobs:
- name: Login to AWS without write access
if: steps.check-rights.outputs.write == 'false'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead
aws-region: eu-central-1
- name: Login to AWS with write access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'false'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIWrite
aws-region: eu-central-1
- name: Login to AWS with write and image remove access
if: steps.check-rights.outputs.write == 'true' && steps.check-rights.outputs.auth == 'true'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3
with:
role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRemove
aws-region: eu-central-1