Bump the actions group with 10 updates

Bumps the actions group with 10 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.1` | `5.1.0` | | [azure/login](https://github.com/azure/login) | `2.1.1` | `2.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.4.3` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.7` | `4.1.8` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2.8.0` | `3.7.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.22.0` | `0.28.0` | | [mindsers/changelog-reader-action](https://github.com/mindsers/changelog-reader-action) | `2.2.2` | `2.2.3` | | [jandelgado/gcov2lcov-action](https://github.com/jandelgado/gcov2lcov-action) | `1.0.9` | `1.1.1` | | [coverallsapp/github-action](https://github.com/coverallsapp/github-action) | `2.2.1` | `2.3.4` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v3...v4) Updates `actions/setup-go` from 5.0.1 to 5.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@cdcb360...41dfa10) Updates `azure/login` from 2.1.1 to 2.2.0 - [Release notes](https://github.com/azure/login/releases) - [Commits](Azure/login@6c25186...a65d910) Updates `actions/upload-artifact` from 4.3.3 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...b4b15b8) Updates `actions/download-artifact` from 4.1.7 to 4.1.8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@65a9edc...fa0a91b) Updates `docker/setup-buildx-action` from 2.8.0 to 3.7.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@16c0bc4...c47758b) Updates `aquasecurity/trivy-action` from 0.22.0 to 0.28.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@595be6a...915b19b) Updates `mindsers/changelog-reader-action` from 2.2.2 to 2.2.3 - [Release notes](https://github.com/mindsers/changelog-reader-action/releases) - [Changelog](https://github.com/mindsers/changelog-reader-action/blob/master/CHANGELOG.md) - [Commits](mindsers/changelog-reader-action@b97ce03...32aa5b4) Updates `jandelgado/gcov2lcov-action` from 1.0.9 to 1.1.1 - [Release notes](https://github.com/jandelgado/gcov2lcov-action/releases) - [Changelog](https://github.com/jandelgado/gcov2lcov-action/blob/master/CHANGELOG.md) - [Commits](jandelgado/gcov2lcov-action@c680c0f...4e19897) Updates `coverallsapp/github-action` from 2.2.1 to 2.3.4 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](coverallsapp/github-action@95b1a23...cfd0633) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: azure/login dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mindsers/changelog-reader-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: jandelgado/gcov2lcov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>
Azure · Nov 4, 2024 · c226204 · c226204
1 parent 35599f1
commit c226204
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 29 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -17,7 +17,7 @@ jobs:
   start_status:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ inputs.checkout_ref }}
 
@@ -32,10 +32,10 @@ jobs:
     outputs:
        matrix: ${{ steps.matrix.outputs.matrix }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ inputs.checkout_ref }}
-      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
           go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
@@ -62,7 +62,7 @@ jobs:
       fail-fast: false # we want to always report the status
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ inputs.checkout_ref }}
 

diff --git a/.github/workflows/provision-test.yaml b/.github/workflows/provision-test.yaml
@@ -14,17 +14,17 @@ jobs:
   provision:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
           go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
 
       - name: Azure login
-        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -35,31 +35,31 @@ jobs:
         run: (cd testing/e2e && go run ./main.go infra --subscription="${{ secrets.AZURE_SUBSCRIPTION_ID }}" --tenant="${{ secrets.AZURE_TENANT_ID }}" --names="${{ inputs.name }}" --infra-file="./infra-${{ inputs.name }}.json")
 
       - name: Upload infra file
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: infra-${{ inputs.name }}
           path: testing/e2e/infra-${{ inputs.name }}.json
   test:
     needs: provision
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
           go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
 
       - name: Azure login
-        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: infra-${{ inputs.name }}
           path: testing/e2e/

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -39,17 +39,17 @@ jobs:
       TAG: aks-app-routing-operator-validate:${{ inputs.version }}
     steps:
       # validate image from sha input
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ inputs.sha }}
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
       - name: Build image locally
         run: docker buildx build --tag "${TAG}" --load .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
         with:
           image-ref: ${{ env.TAG }}
           format: 'table'
@@ -66,25 +66,25 @@ jobs:
     runs-on: ["self-hosted", "1ES.Pool=${{ vars.RUNNER_BASE_NAME }}-ubuntu"]
     steps:
       # always read the changelog in main
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: 'main'
 
       - name: Read changelog
         id: changelog
-        uses: mindsers/changelog-reader-action@b97ce03a10d9bdbb07beb491c76a5a01d78cd3ef # v2.2.2
+        uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3
         with:
           validation_level: warn
           version: ${{ inputs.version }}
 
         # build image from sha input
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.sha }}
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
       - name: Authenticate to ACR
         run: |

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -14,7 +14,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
       - id: set-matrix
         run: |
           matrix=$(cat active_releases.json | tr '\n' ' ')

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -12,7 +12,7 @@ jobs:
       status_ref: ${{ steps.status_ref.outputs.STATUS_REF }}
     steps:
       # checkout repo so we can ls-remote. we can use main for this
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       # get the ref of the merge commit. we want to get the full sha instead of the tag so we can guarantee
       # it won't change by a user pushing a new change
       - id: checkout_ref 

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -19,7 +19,7 @@ jobs:
   operator:
     runs-on: ubuntu-latest
     steps:
-      - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+      - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
         with:
           image-ref: ${{ inputs.operator }}
           format: 'table'
@@ -30,7 +30,7 @@ jobs:
   nginx:
     runs-on: ubuntu-latest
     steps:
-      - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+      - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
         with:
           image-ref: ${{ inputs.nginx }}
           format: 'table'
@@ -41,7 +41,7 @@ jobs:
   externaldns:
     runs-on: ubuntu-latest
     steps:
-      - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+      - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0
         with:
           image-ref: ${{ inputs.externaldns }}
           format: 'table'

diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml
@@ -17,7 +17,7 @@ jobs:
   unit-test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         ref: ${{ inputs.checkout_ref }}
 
@@ -26,7 +26,7 @@ jobs:
         name: ${{ env.status-name }}
         ref: ${{ inputs.status_ref }}
 
-    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
       with:
         go-version: '~1.22'
         cache-dependency-path: "**/*.sum"
@@ -51,10 +51,10 @@ jobs:
       run: go test -race -v ./... -coverprofile=coverage.out
 
     - name: Convert coverage to lcov
-      uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5 #v1.0.8
+      uses: jandelgado/gcov2lcov-action@4e1989767862652e6ca8d3e2e61aabe6d43be28b #v1.0.8
 
     - name: Coveralls
-      uses: coverallsapp/github-action@95b1a2355bd0e526ad2fd62da9fd386ad4c98474 #v2.2.1
+      uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 #v2.3.4
       with:
         flag-name: unit-test
         path-to-lcov: coverage.lcov