From 08b0f29dd090fb13f6090fcbfed22d6adcc71112 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 06:31:35 +0000 Subject: [PATCH] Bump the actions group across 1 directory with 10 updates Bumps the actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.1` | `5.1.0` | | [azure/login](https://github.com/azure/login) | `2.1.1` | `2.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.4.3` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.7` | `4.1.8` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2.8.0` | `3.7.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.22.0` | `0.29.0` | | [mindsers/changelog-reader-action](https://github.com/mindsers/changelog-reader-action) | `2.2.2` | `2.2.3` | | [jandelgado/gcov2lcov-action](https://github.com/jandelgado/gcov2lcov-action) | `1.0.9` | `1.1.1` | | [coverallsapp/github-action](https://github.com/coverallsapp/github-action) | `2.2.1` | `2.3.4` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `actions/setup-go` from 5.0.1 to 5.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/cdcb36043654635271a94b9a6d1392de5bb323a7...41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed) Updates `azure/login` from 2.1.1 to 2.2.0 - [Release notes](https://github.com/azure/login/releases) - [Commits](https://github.com/azure/login/compare/6c251865b4e6290e7b78be643ea2d005bc51f69a...a65d910e8af852a8061c627c456678983e180302) Updates `actions/upload-artifact` from 4.3.3 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882) Updates `actions/download-artifact` from 4.1.7 to 4.1.8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/65a9edc5881444af0b9093a5e628f2fe47ea3b2e...fa0a91b85d4f404e444e00e005971372dc801d16) Updates `docker/setup-buildx-action` from 2.8.0 to 3.7.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a...c47758b77c9736f4b2ef4073d4d51994fabfe349) Updates `aquasecurity/trivy-action` from 0.22.0 to 0.29.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/595be6a0f6560a0a8fc419ddf630567fc623531d...18f2510ee396bbf400402947b394f2dd8c87dbb0) Updates `mindsers/changelog-reader-action` from 2.2.2 to 2.2.3 - [Release notes](https://github.com/mindsers/changelog-reader-action/releases) - [Changelog](https://github.com/mindsers/changelog-reader-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/mindsers/changelog-reader-action/compare/b97ce03a10d9bdbb07beb491c76a5a01d78cd3ef...32aa5b4c155d76c94e4ec883a223c947b2f02656) Updates `jandelgado/gcov2lcov-action` from 1.0.9 to 1.1.1 - [Release notes](https://github.com/jandelgado/gcov2lcov-action/releases) - [Changelog](https://github.com/jandelgado/gcov2lcov-action/blob/master/CHANGELOG.md) - [Commits](https://github.com/jandelgado/gcov2lcov-action/compare/c680c0f7c7442485f1749eb2a13e54a686e76eb5...4e1989767862652e6ca8d3e2e61aabe6d43be28b) Updates `coverallsapp/github-action` from 2.2.1 to 2.3.4 - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](https://github.com/coverallsapp/github-action/compare/95b1a2355bd0e526ad2fd62da9fd386ad4c98474...cfd0633edbd2411b532b808ba7a8b5e04f76d2c8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: azure/login dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: mindsers/changelog-reader-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: jandelgado/gcov2lcov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/e2e.yaml | 8 ++++---- .github/workflows/provision-test.yaml | 16 ++++++++-------- .github/workflows/release.yaml | 14 +++++++------- .github/workflows/scan.yml | 2 +- .github/workflows/test.yaml | 2 +- .github/workflows/trivy.yaml | 6 +++--- .github/workflows/unit.yaml | 8 ++++---- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 94acc5d6..be7f004b 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index ed98df5f..ee909b37 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -17,7 +17,7 @@ jobs: start_status: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.checkout_ref }} @@ -32,10 +32,10 @@ jobs: outputs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.checkout_ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" @@ -62,7 +62,7 @@ jobs: fail-fast: false # we want to always report the status runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.checkout_ref }} diff --git a/.github/workflows/provision-test.yaml b/.github/workflows/provision-test.yaml index ac8e8c25..459df270 100644 --- a/.github/workflows/provision-test.yaml +++ b/.github/workflows/provision-test.yaml @@ -14,17 +14,17 @@ jobs: provision: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" - name: Azure login - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} @@ -35,7 +35,7 @@ jobs: run: (cd testing/e2e && go run ./main.go infra --subscription="${{ secrets.AZURE_SUBSCRIPTION_ID }}" --tenant="${{ secrets.AZURE_TENANT_ID }}" --names="${{ inputs.name }}" --infra-file="./infra-${{ inputs.name }}.json") - name: Upload infra file - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: infra-${{ inputs.name }} path: testing/e2e/infra-${{ inputs.name }}.json @@ -43,23 +43,23 @@ jobs: needs: provision runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" - name: Azure login - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: infra-${{ inputs.name }} path: testing/e2e/ diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c2a7b05a..493aeb90 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -39,17 +39,17 @@ jobs: TAG: aks-app-routing-operator-validate:${{ inputs.version }} steps: # validate image from sha input - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.sha }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Build image locally run: docker buildx build --tag "${TAG}" --load . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: ${{ env.TAG }} format: 'table' @@ -66,25 +66,25 @@ jobs: runs-on: ["self-hosted", "1ES.Pool=${{ vars.RUNNER_BASE_NAME }}-ubuntu"] steps: # always read the changelog in main - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: 'main' - name: Read changelog id: changelog - uses: mindsers/changelog-reader-action@b97ce03a10d9bdbb07beb491c76a5a01d78cd3ef # v2.2.2 + uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3 with: validation_level: warn version: ${{ inputs.version }} # build image from sha input - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: ${{ inputs.sha }} - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Authenticate to ACR run: | diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 61d8d0b2..6d5af55f 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -14,7 +14,7 @@ jobs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb #v4.1.1 - id: set-matrix run: | matrix=$(cat active_releases.json | tr '\n' ' ') diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 865fae1f..5b4d68aa 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -12,7 +12,7 @@ jobs: status_ref: ${{ steps.status_ref.outputs.STATUS_REF }} steps: # checkout repo so we can ls-remote. we can use main for this - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 # get the ref of the merge commit. we want to get the full sha instead of the tag so we can guarantee # it won't change by a user pushing a new change - id: checkout_ref diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 896aa0b4..a050de0d 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -19,7 +19,7 @@ jobs: operator: runs-on: ubuntu-latest steps: - - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: ${{ inputs.operator }} format: 'table' @@ -30,7 +30,7 @@ jobs: nginx: runs-on: ubuntu-latest steps: - - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: ${{ inputs.nginx }} format: 'table' @@ -41,7 +41,7 @@ jobs: externaldns: runs-on: ubuntu-latest steps: - - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 + - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 with: image-ref: ${{ inputs.externaldns }} format: 'table' diff --git a/.github/workflows/unit.yaml b/.github/workflows/unit.yaml index 87713e4b..58b8fa7a 100644 --- a/.github/workflows/unit.yaml +++ b/.github/workflows/unit.yaml @@ -17,7 +17,7 @@ jobs: unit-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7 with: ref: ${{ inputs.checkout_ref }} @@ -26,7 +26,7 @@ jobs: name: ${{ env.status-name }} ref: ${{ inputs.status_ref }} - - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: '~1.22' cache-dependency-path: "**/*.sum" @@ -51,10 +51,10 @@ jobs: run: go test -race -v ./... -coverprofile=coverage.out - name: Convert coverage to lcov - uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5 #v1.0.8 + uses: jandelgado/gcov2lcov-action@4e1989767862652e6ca8d3e2e61aabe6d43be28b #v1.0.8 - name: Coveralls - uses: coverallsapp/github-action@95b1a2355bd0e526ad2fd62da9fd386ad4c98474 #v2.2.1 + uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 #v2.3.4 with: flag-name: unit-test path-to-lcov: coverage.lcov