From 783c4e9c5a388ccebbe917f2b0a30fc1d1528bc5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 4 Aug 2024 08:36:30 +0000 Subject: [PATCH] :arrow_up: (deps): Update GitHub actions Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/_.helm.lint.yaml | 12 +++++------ .github/workflows/_.helm.list-changed.yaml | 4 ++-- .github/workflows/_.helm.test.yaml | 6 +++--- .github/workflows/_.images.build.yaml | 20 +++++++++---------- .github/workflows/_.images.lint.yaml | 2 +- .github/workflows/_.images.list-changed.yaml | 4 ++-- .../_.images.supply-chain.for-artifacts.yaml | 18 ++++++++--------- .../_.images.supply-chain.for-registry.yaml | 12 +++++------ ...,workflow_dispatch.asdf.refresh-cache.yaml | 2 +- .github/workflows/push.helm.fix-renovate.yml | 2 +- .github/workflows/push.helm.release.yml | 8 ++++---- .github/workflows/push.images.release.yaml | 2 +- ...,workflow_dispatch.labels.synchronize.yaml | 2 +- ...kflow_dispatch.images.vulnerabilities.yaml | 2 +- .github/workflows/schedule.helm.test-all.yml | 2 +- .../workflow_dispatch.helm.release.yml | 10 +++++----- .../workflow_dispatch.images.release.yaml | 4 ++-- 17 files changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/_.helm.lint.yaml b/.github/workflows/_.helm.lint.yaml index 1d98f62ef..f5683689b 100644 --- a/.github/workflows/_.helm.lint.yaml +++ b/.github/workflows/_.helm.lint.yaml @@ -19,12 +19,12 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.9' check-latest: true @@ -39,7 +39,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 id: restore-asdf @@ -105,8 +105,8 @@ jobs: security-events: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: format: sarif hide-progress: false @@ -119,7 +119,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: exit-code: '1' format: table diff --git a/.github/workflows/_.helm.list-changed.yaml b/.github/workflows/_.helm.list-changed.yaml index e0d20294d..8f1fe6dbd 100644 --- a/.github/workflows/_.helm.list-changed.yaml +++ b/.github/workflows/_.helm.list-changed.yaml @@ -16,11 +16,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 10 - - uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0 + - uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7 id: changed-images with: dir_names: true diff --git a/.github/workflows/_.helm.test.yaml b/.github/workflows/_.helm.test.yaml index d8e6bd703..a554d5fc6 100644 --- a/.github/workflows/_.helm.test.yaml +++ b/.github/workflows/_.helm.test.yaml @@ -20,7 +20,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 @@ -33,12 +33,12 @@ jobs: with: skip_install: ${{ steps.restore-asdf.outputs.cache-hit == 'true' }} - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.9' check-latest: true - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: cluster_name: kind wait: 30s diff --git a/.github/workflows/_.images.build.yaml b/.github/workflows/_.images.build.yaml index d150cc70a..db7d5bf27 100644 --- a/.github/workflows/_.images.build.yaml +++ b/.github/workflows/_.images.build.yaml @@ -47,7 +47,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 @@ -122,13 +122,13 @@ jobs: matrix: platform: ${{ fromJson(needs.metadata.outputs.build-platforms) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 - - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 - - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -146,7 +146,7 @@ jobs: com.github.beluga-cloud.ci.workflow.url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/${{ inputs.containerfile }} - - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 id: build with: context: ${{ needs.metadata.outputs.build-context }} @@ -173,7 +173,7 @@ jobs: - name: Rename OCI image artifact before upload if: ${{ inputs.dry-run }} run: mv ${{ needs.metadata.outputs.image-slug }}.tar oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 if: ${{ inputs.dry-run }} with: name: oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar @@ -208,8 +208,8 @@ jobs: security-events: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: format: sarif hide-progress: false @@ -222,7 +222,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: exit-code: '1' format: table diff --git a/.github/workflows/_.images.lint.yaml b/.github/workflows/_.images.lint.yaml index ac10ff2f4..519040efb 100644 --- a/.github/workflows/_.images.lint.yaml +++ b/.github/workflows/_.images.lint.yaml @@ -15,7 +15,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 with: dockerfile: ${{ inputs.containerfile }} diff --git a/.github/workflows/_.images.list-changed.yaml b/.github/workflows/_.images.list-changed.yaml index 14a1ad741..504cb0bb8 100644 --- a/.github/workflows/_.images.list-changed.yaml +++ b/.github/workflows/_.images.list-changed.yaml @@ -23,11 +23,11 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 10 - - uses: tj-actions/changed-files@0874344d6ebbaa00a27da73276ae7162fadcaf69 # v44.3.0 + - uses: tj-actions/changed-files@c65cd883420fd2eb864698a825fc4162dd94482c # v44.5.7 id: changed-images with: files: ${{ inputs.pattern }} diff --git a/.github/workflows/_.images.supply-chain.for-artifacts.yaml b/.github/workflows/_.images.supply-chain.for-artifacts.yaml index 306d66494..8a1ff063b 100644 --- a/.github/workflows/_.images.supply-chain.for-artifacts.yaml +++ b/.github/workflows/_.images.supply-chain.for-artifacts.yaml @@ -21,11 +21,11 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 - - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 id: download-oci with: name: ${{ inputs.artifact-ref }} @@ -33,13 +33,13 @@ jobs: - name: Extract OCI-Archive for Trivy run: "skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }}" - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: input: trivy-${{ github.run_id }} format: cyclonedx output: sbom.cyclonedx.json - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: sbom-cyclonedx.${{ inputs.name }}.json path: sbom.cyclonedx.json @@ -53,11 +53,11 @@ jobs: contents: read security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 - - uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 id: download-oci with: name: ${{ inputs.artifact-ref }} @@ -65,18 +65,18 @@ jobs: - name: Extract OCI-Archive for Trivy run: skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }} - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: input: trivy-${{ github.run_id }} format: cosign-vuln output: vulnerabilities.cosign-vuln.json - - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2 + - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5 with: name: cosign-vuln.${{ inputs.name }}.json path: vulnerabilities.cosign-vuln.json # Upload SARIF report for GitHub CodeQL at the same time - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: input: trivy-${{ github.run_id }} format: sarif diff --git a/.github/workflows/_.images.supply-chain.for-registry.yaml b/.github/workflows/_.images.supply-chain.for-registry.yaml index f846062c6..f5958ede7 100644 --- a/.github/workflows/_.images.supply-chain.for-registry.yaml +++ b/.github/workflows/_.images.supply-chain.for-registry.yaml @@ -18,13 +18,13 @@ jobs: id-token: write packages: write steps: - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: image-ref: ${{ inputs.image-ref }} format: cyclonedx @@ -45,15 +45,15 @@ jobs: packages: write security-events: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: image-ref: ${{ inputs.image-ref }} format: cosign-vuln @@ -64,7 +64,7 @@ jobs: run: cosign attest --yes --replace --predicate vulnerabilities.cosign-vuln.json --type vuln "${{ inputs.image-ref }}" # Upload SARIF report for GitHub CodeQL at the same time - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: image-ref: ${{ inputs.image-ref }} format: sarif diff --git a/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml b/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml index c03955fb1..31a7c1b6d 100644 --- a/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml +++ b/.github/workflows/push,schedule,workflow_dispatch.asdf.refresh-cache.yaml @@ -22,7 +22,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/push.helm.fix-renovate.yml b/.github/workflows/push.helm.fix-renovate.yml index 19bb22666..3a0cbed73 100644 --- a/.github/workflows/push.helm.fix-renovate.yml +++ b/.github/workflows/push.helm.fix-renovate.yml @@ -44,7 +44,7 @@ jobs: with: app_id: ${{ secrets.BOT_ID }} private_key: ${{ secrets.BOT_PKEY }} - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 token: ${{ steps.app_auth.outputs.token }} diff --git a/.github/workflows/push.helm.release.yml b/.github/workflows/push.helm.release.yml index b7449ce3d..b6c63035e 100644 --- a/.github/workflows/push.helm.release.yml +++ b/.github/workflows/push.helm.release.yml @@ -22,7 +22,7 @@ jobs: pages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 @@ -84,8 +84,8 @@ jobs: matrix: chart: ${{ fromJson(needs.list-changed-charts.outputs.charts) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: format: sarif hide-progress: false @@ -98,7 +98,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: exit-code: '1' format: table diff --git a/.github/workflows/push.images.release.yaml b/.github/workflows/push.images.release.yaml index b04858d47..78238a4d8 100644 --- a/.github/workflows/push.images.release.yaml +++ b/.github/workflows/push.images.release.yaml @@ -109,7 +109,7 @@ jobs: | jq --raw-output '.artifacts | map("\(.artifact)@sha256:\(.digest) ") | add' ) | tee --append "${GITHUB_OUTPUT}" - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml b/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml index 78c5e4fc1..16db7b321 100644 --- a/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml +++ b/.github/workflows/repository_dispatch,schedule,workflow_dispatch.labels.synchronize.yaml @@ -14,7 +14,7 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: beluga-cloud/.github - uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0 diff --git a/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml b/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml index f66308146..08d2f645e 100644 --- a/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml +++ b/.github/workflows/schedule,workflow_dispatch.images.vulnerabilities.yaml @@ -17,7 +17,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Find all images id: find-images diff --git a/.github/workflows/schedule.helm.test-all.yml b/.github/workflows/schedule.helm.test-all.yml index 10e286074..a7c2afb39 100644 --- a/.github/workflows/schedule.helm.test-all.yml +++ b/.github/workflows/schedule.helm.test-all.yml @@ -17,7 +17,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 1 diff --git a/.github/workflows/workflow_dispatch.helm.release.yml b/.github/workflows/workflow_dispatch.helm.release.yml index a47c2b359..02f04fe6f 100644 --- a/.github/workflows/workflow_dispatch.helm.release.yml +++ b/.github/workflows/workflow_dispatch.helm.release.yml @@ -15,7 +15,7 @@ jobs: pages: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 @@ -69,7 +69,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Find all Containerfiles id: find-charts @@ -94,8 +94,8 @@ jobs: matrix: chart: ${{ fromJson(needs.list-all-charts.outputs.charts) }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: format: sarif hide-progress: false @@ -108,7 +108,7 @@ jobs: sarif_file: trivy-results.sarif # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found - - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0 + - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0 with: exit-code: '1' format: table diff --git a/.github/workflows/workflow_dispatch.images.release.yaml b/.github/workflows/workflow_dispatch.images.release.yaml index aa247c229..01c78bfb1 100644 --- a/.github/workflows/workflow_dispatch.images.release.yaml +++ b/.github/workflows/workflow_dispatch.images.release.yaml @@ -15,7 +15,7 @@ jobs: contents: read runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Find all Containerfiles id: find-images @@ -119,7 +119,7 @@ jobs: | jq --raw-output '.artifacts | map("\(.artifact)@sha256:\(.digest) ") | add' ) | tee --append "${GITHUB_OUTPUT}" - - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }}