From 1b9615caccb574ade5f15191b273effe5e909590 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 19:14:24 +0000 Subject: [PATCH] :arrow_up: (deps): Update GitHub actions Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/_.helm.lint.yaml | 10 +++++----- .github/workflows/_.helm.list-changed.yaml | 4 ++-- .github/workflows/_.helm.test.yaml | 4 ++-- .github/workflows/_.images.build.yaml | 12 ++++++------ .github/workflows/_.images.lint.yaml | 2 +- .github/workflows/_.images.list-changed.yaml | 4 ++-- .../_.images.supply-chain.for-artifacts.yaml | 18 +++++++++--------- .../_.images.supply-chain.for-registry.yaml | 8 ++++---- ...e,workflow_dispatch.asdf.refresh-cache.yaml | 2 +- .github/workflows/push.helm.fix-renovate.yml | 2 +- .github/workflows/push.helm.release.yml | 8 ++++---- ...e,workflow_dispatch.labels.synchronize.yaml | 2 +- ...rkflow_dispatch.images.vulnerabilities.yaml | 2 +- .github/workflows/schedule.helm.test-all.yml | 2 +- .../workflow_dispatch.helm.release.yml | 10 +++++----- .../workflow_dispatch.images.release.yaml | 2 +- 16 files changed, 46 insertions(+), 46 deletions(-) diff --git a/.github/workflows/_.helm.lint.yaml b/.github/workflows/_.helm.lint.yaml index 1d98f62ef..e5c8b422f 100644 --- a/.github/workflows/_.helm.lint.yaml +++ b/.github/workflows/_.helm.lint.yaml @@ -19,7 +19,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 env: @@ -39,7 +39,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 id: restore-asdf @@ -105,8 +105,8 @@ jobs: security-events: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: format: sarif hide-progress: false @@ -119,7 +119,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: exit-code: '1' format: table diff --git a/.github/workflows/_.helm.list-changed.yaml b/.github/workflows/_.helm.list-changed.yaml index e0d20294d..c8c22cd85 100644 --- a/.github/workflows/_.helm.list-changed.yaml +++ b/.github/workflows/_.helm.list-changed.yaml @@ -16,11 +16,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 10 - - uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0 + - uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0 id: changed-images with: dir_names: true diff --git a/.github/workflows/_.helm.test.yaml b/.github/workflows/_.helm.test.yaml index d8e6bd703..aa3c2a00c 100644 --- a/.github/workflows/_.helm.test.yaml +++ b/.github/workflows/_.helm.test.yaml @@ -20,7 +20,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -38,7 +38,7 @@ jobs: python-version: '3.9' check-latest: true - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: cluster_name: kind wait: 30s diff --git a/.github/workflows/_.images.build.yaml b/.github/workflows/_.images.build.yaml index d150cc70a..1599e3371 100644 --- a/.github/workflows/_.images.build.yaml +++ b/.github/workflows/_.images.build.yaml @@ -47,7 +47,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 1 @@ -122,7 +122,7 @@ jobs: matrix: platform: ${{ fromJson(needs.metadata.outputs.build-platforms) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 1 @@ -173,7 +173,7 @@ jobs: - name: Rename OCI image artifact before upload if: ${{ inputs.dry-run }} run: mv ${{ needs.metadata.outputs.image-slug }}.tar oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: ${{ inputs.dry-run }} with: name: oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar @@ -208,8 +208,8 @@ jobs: security-events: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: format: sarif hide-progress: false @@ -222,7 +222,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: exit-code: '1' format: table diff --git a/.github/workflows/_.images.lint.yaml b/.github/workflows/_.images.lint.yaml index ac10ff2f4..7de9c8f7d 100644 --- a/.github/workflows/_.images.lint.yaml +++ b/.github/workflows/_.images.lint.yaml @@ -15,7 +15,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 with: dockerfile: ${{ inputs.containerfile }} diff --git a/.github/workflows/_.images.list-changed.yaml b/.github/workflows/_.images.list-changed.yaml index 14a1ad741..5493a9f41 100644 --- a/.github/workflows/_.images.list-changed.yaml +++ b/.github/workflows/_.images.list-changed.yaml @@ -23,11 +23,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 10 - - uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0 + - uses: tj-actions/changed-files@1754cd4b9e661d1f0eced3b33545a8d8b3bc46d8 # v44.5.0 id: changed-images with: files: ${{ inputs.pattern }} diff --git a/.github/workflows/_.images.supply-chain.for-artifacts.yaml b/.github/workflows/_.images.supply-chain.for-artifacts.yaml index 306d66494..bbf7c7bc5 100644 --- a/.github/workflows/_.images.supply-chain.for-artifacts.yaml +++ b/.github/workflows/_.images.supply-chain.for-artifacts.yaml @@ -21,11 +21,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 1 - - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 id: download-oci with: name: ${{ inputs.artifact-ref }} @@ -33,13 +33,13 @@ jobs: - name: Extract OCI-Archive for Trivy run: "skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }}" - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: input: trivy-${{ github.run_id }} format: cyclonedx output: sbom.cyclonedx.json - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: sbom-cyclonedx.${{ inputs.name }}.json path: sbom.cyclonedx.json @@ -53,11 +53,11 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 1 - - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 id: download-oci with: name: ${{ inputs.artifact-ref }} @@ -65,18 +65,18 @@ jobs: - name: Extract OCI-Archive for Trivy run: skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }} - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: input: trivy-${{ github.run_id }} format: cosign-vuln output: vulnerabilities.cosign-vuln.json - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: cosign-vuln.${{ inputs.name }}.json path: vulnerabilities.cosign-vuln.json # Upload SARIF report for GitHub CodeQL at the same time - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: input: trivy-${{ github.run_id }} format: sarif diff --git a/.github/workflows/_.images.supply-chain.for-registry.yaml b/.github/workflows/_.images.supply-chain.for-registry.yaml index f846062c6..2d209cf2d 100644 --- a/.github/workflows/_.images.supply-chain.for-registry.yaml +++ b/.github/workflows/_.images.supply-chain.for-registry.yaml @@ -24,7 +24,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: image-ref: ${{ inputs.image-ref }} format: cyclonedx @@ -45,7 +45,7 @@ jobs: packages: write security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: @@ -53,7 +53,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: image-ref: ${{ inputs.image-ref }} format: cosign-vuln @@ -64,7 +64,7 @@ jobs: run: cosign attest --yes --replace --predicate vulnerabilities.cosign-vuln.json --type vuln "${{ inputs.image-ref }}" # Upload SARIF report for GitHub CodeQL at the same time - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: image-ref: ${{ inputs.image-ref }} format: sarif diff --git a/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml b/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml index c03955fb1..593eae34e 100644 --- a/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml +++ b/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml @@ -22,7 +22,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/push.helm.fix-renovate.yml b/.github/workflows/push.helm.fix-renovate.yml index 19bb22666..16e346b8b 100644 --- a/.github/workflows/push.helm.fix-renovate.yml +++ b/.github/workflows/push.helm.fix-renovate.yml @@ -44,7 +44,7 @@ jobs: with: app_id: ${{ secrets.BOT_ID }} private_key: ${{ secrets.BOT_PKEY }} - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 token: ${{ steps.app_auth.outputs.token }} diff --git a/.github/workflows/push.helm.release.yml b/.github/workflows/push.helm.release.yml index b7449ce3d..b9f57e02f 100644 --- a/.github/workflows/push.helm.release.yml +++ b/.github/workflows/push.helm.release.yml @@ -22,7 +22,7 @@ jobs: pages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 @@ -84,8 +84,8 @@ jobs: matrix: chart: ${{ fromJson(needs.list-changed-charts.outputs.charts) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: format: sarif hide-progress: false @@ -98,7 +98,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: exit-code: '1' format: table diff --git a/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml b/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml index 78c5e4fc1..b3a822d46 100644 --- a/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml +++ b/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml @@ -14,7 +14,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: beluga-cloud/.github - uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 diff --git a/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml b/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml index f66308146..c0f586a69 100644 --- a/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml +++ b/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml @@ -17,7 +17,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Find all images id: find-images diff --git a/.github/workflows/schedule.helm.test-all.yml b/.github/workflows/schedule.helm.test-all.yml index 10e286074..7112d67ff 100644 --- a/.github/workflows/schedule.helm.test-all.yml +++ b/.github/workflows/schedule.helm.test-all.yml @@ -17,7 +17,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 1 diff --git a/.github/workflows/workflow_dispatch.helm.release.yml b/.github/workflows/workflow_dispatch.helm.release.yml index a47c2b359..c49c0b494 100644 --- a/.github/workflows/workflow_dispatch.helm.release.yml +++ b/.github/workflows/workflow_dispatch.helm.release.yml @@ -15,7 +15,7 @@ jobs: pages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 @@ -69,7 +69,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Find all Containerfiles id: find-charts @@ -94,8 +94,8 @@ jobs: matrix: chart: ${{ fromJson(needs.list-all-charts.outputs.charts) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: format: sarif hide-progress: false @@ -108,7 +108,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0 with: exit-code: '1' format: table diff --git a/.github/workflows/workflow_dispatch.images.release.yaml b/.github/workflows/workflow_dispatch.images.release.yaml index aa247c229..271e635e3 100644 --- a/.github/workflows/workflow_dispatch.images.release.yaml +++ b/.github/workflows/workflow_dispatch.images.release.yaml @@ -15,7 +15,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Find all Containerfiles id: find-images