Bump the actions group with 6 updates (#4861)

Bumps the actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.16.0` | `0.16.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.22.11` | `3.22.12` | | [nginxinc/aws-marketplace-publish](https://github.com/nginxinc/aws-marketplace-publish) | `1.0.1` | `1.0.2` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.1` | `0.15.2` | | [lucacome/draft-release](https://github.com/lucacome/draft-release) | `1.0.1` | `1.0.2` | | [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.39.1` | `1.40.0` | Updates `aquasecurity/trivy-action` from 0.16.0 to 0.16.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@91713af...d43c1f1) Updates `github/codeql-action` from 3.22.11 to 3.22.12 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b374143...012739e) Updates `nginxinc/aws-marketplace-publish` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/nginxinc/aws-marketplace-publish/releases) - [Commits](nginx/aws-marketplace-publish@3f47c25...22487a7) Updates `anchore/sbom-action` from 0.15.1 to 0.15.2 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@5ecf649...7191336) Updates `lucacome/draft-release` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/lucacome/draft-release/releases) - [Commits](lucacome/draft-release@785af55...52f02d1) Updates `reviewdog/action-actionlint` from 1.39.1 to 1.40.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](reviewdog/action-actionlint@82693e9...9ccda19) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: nginxinc/aws-marketplace-publish dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: lucacome/draft-release dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: reviewdog/action-actionlint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
nginx · Jan 3, 2024 · 48222a7 · 48222a7
1 parent 12308e4
commit 48222a7
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 12 deletions.
diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml
@@ -169,7 +169,7 @@ jobs:
         if: ${{ github.ref_type == 'tag' && contains(inputs.image, 'ubi') }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # 0.16.0
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
         continue-on-error: true
         with:
           image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
@@ -178,7 +178,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"

diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml
@@ -198,7 +198,7 @@ jobs:
         if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
 
       - name: Publish to AWS Marketplace
-        uses: nginxinc/aws-marketplace-publish@3f47c25274f67a3d3b087ce9c0786679af316be6 # v1.0.1
+        uses: nginxinc/aws-marketplace-publish@22487a7f9a905bd233dd77d8dc356767aef8fb11 # v1.0.2
         continue-on-error: true
         with:
           version: ${{ steps.aws.outputs.version }}
@@ -234,7 +234,7 @@ jobs:
             ${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # 0.16.0
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
         continue-on-error: true
         with:
           image-ref: docker.io/${{ inputs.image }}:${{ steps.meta.outputs.version }}
@@ -243,7 +243,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -124,8 +124,26 @@ jobs:
     permissions:
       contents: write # for lucacome/draft-release
     steps:
+      - name: Checkout Repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: go.mod
+
+      - name: Download Syft
+        uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
+        if: github.ref_type == 'tag'
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
+        if: github.ref_type == 'tag'
+
       - name: Create/Update Draft
-        uses: lucacome/draft-release@785af55296512c907875513e397320ae3f1306bb # v1.0.1
+        uses: lucacome/draft-release@52f02d1a69b61568e54ab5cf86ce91503bac4066 # v1.0.2
         id: release-notes
         with:
           minor-label: "enhancement"
@@ -167,7 +185,7 @@ jobs:
           go-version-file: go.mod
 
       - name: Download Syft
-        uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1
+        uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
         if: github.ref_type == 'tag'
 
       - name: Install Cosign

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -43,7 +43,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -62,7 +62,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -75,6 +75,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -44,7 +44,7 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - uses: reviewdog/action-actionlint@82693e9e3b239f213108d6e412506f8b54003586 # v1.39.1
+      - uses: reviewdog/action-actionlint@9ccda195fd3a290c8596db7f1958c897deaa8c76 # v1.40.0
         with:
           actionlint_flags: -shellcheck ""
 

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           sarif_file: results.sarif