Bump the actions group across 1 directory with 10 updates

.github/workflows/codeql.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

.github/workflows/e2e.yaml

@@ -17,7 +17,7 @@ jobs:
   start_status:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
       with:
         ref: ${{ inputs.checkout_ref }}
 
@@ -32,10 +32,10 @@ jobs:
     outputs:
        matrix: ${{ steps.matrix.outputs.matrix }}
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
         with:
           ref: ${{ inputs.checkout_ref }}
-      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
           go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
@@ -62,7 +62,7 @@ jobs:
       fail-fast: false # we want to always report the status
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
       with:
         ref: ${{ inputs.checkout_ref }}
 

.github/workflows/provision-test.yaml

@@ -14,17 +14,17 @@ jobs:
   provision:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
           go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
 
       - name: Azure login
-        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -35,31 +35,31 @@ jobs:
         run: (cd testing/e2e && go run ./main.go infra --subscription="${{ secrets.AZURE_SUBSCRIPTION_ID }}" --tenant="${{ secrets.AZURE_TENANT_ID }}" --names="${{ inputs.name }}" --infra-file="./infra-${{ inputs.name }}.json")
 
       - name: Upload infra file
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: infra-${{ inputs.name }}
           path: testing/e2e/infra-${{ inputs.name }}.json
   test:
     needs: provision
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
         with:
           ref: ${{ inputs.ref }}
 
-      - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
           go-version: '~1.22'
           cache-dependency-path: "**/*.sum"
 
       - name: Azure login
-        uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
-      - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: infra-${{ inputs.name }}
           path: testing/e2e/

.github/workflows/release.yaml

@@ -39,17 +39,17 @@ jobs:
       TAG: aks-app-routing-operator-validate:${{ inputs.version }}
     steps:
       # validate image from sha input
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
         with:
           ref: ${{ inputs.sha }}
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
       - name: Build image locally
         run: docker buildx build --tag "${TAG}" --load .
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         with:
           image-ref: ${{ env.TAG }}
           format: 'table'
@@ -66,25 +66,25 @@ jobs:
     runs-on: ["self-hosted", "1ES.Pool=${{ vars.RUNNER_BASE_NAME }}-ubuntu"]
     steps:
       # always read the changelog in main
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
         with:
           ref: 'main'
 
       - name: Read changelog
         id: changelog
-        uses: mindsers/changelog-reader-action@b97ce03a10d9bdbb07beb491c76a5a01d78cd3ef # v2.2.2
+        uses: mindsers/changelog-reader-action@32aa5b4c155d76c94e4ec883a223c947b2f02656 # v2.2.3
         with:
           validation_level: warn
           version: ${{ inputs.version }}
 
         # build image from sha input
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ inputs.sha }}
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2.8.0
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
 
       - name: Authenticate to ACR
         run: |

.github/workflows/scan.yml

@@ -14,7 +14,7 @@ jobs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb #v4.1.1
       - id: set-matrix
         run: |
           matrix=$(cat active_releases.json | tr '\n' ' ')

.github/workflows/test.yaml

@@ -12,7 +12,7 @@ jobs:
       status_ref: ${{ steps.status_ref.outputs.STATUS_REF }}
     steps:
       # checkout repo so we can ls-remote. we can use main for this
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
       # get the ref of the merge commit. we want to get the full sha instead of the tag so we can guarantee
       # it won't change by a user pushing a new change
       - id: checkout_ref 

.github/workflows/trivy.yaml

@@ -19,7 +19,7 @@ jobs:
   operator:
     runs-on: ubuntu-latest
     steps:
-      - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+      - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         with:
           image-ref: ${{ inputs.operator }}
           format: 'table'
@@ -30,7 +30,7 @@ jobs:
   nginx:
     runs-on: ubuntu-latest
     steps:
-      - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+      - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         with:
           image-ref: ${{ inputs.nginx }}
           format: 'table'
@@ -41,7 +41,7 @@ jobs:
   externaldns:
     runs-on: ubuntu-latest
     steps:
-      - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+      - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
         with:
           image-ref: ${{ inputs.externaldns }}
           format: 'table'

.github/workflows/unit.yaml

@@ -17,7 +17,7 @@ jobs:
   unit-test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.7
       with:
         ref: ${{ inputs.checkout_ref }}
 
@@ -26,7 +26,7 @@ jobs:
         name: ${{ env.status-name }}
         ref: ${{ inputs.status_ref }}
 
-    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
       with:
         go-version: '~1.22'
         cache-dependency-path: "**/*.sum"
@@ -51,10 +51,10 @@ jobs:
       run: go test -race -v ./... -coverprofile=coverage.out
 
     - name: Convert coverage to lcov
-      uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5 #v1.0.8
+      uses: jandelgado/gcov2lcov-action@4e1989767862652e6ca8d3e2e61aabe6d43be28b #v1.0.8
 
     - name: Coveralls
-      uses: coverallsapp/github-action@95b1a2355bd0e526ad2fd62da9fd386ad4c98474 #v2.2.1
+      uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 #v2.3.4
       with:
         flag-name: unit-test
         path-to-lcov: coverage.lcov