From 48222a7dabeecf3ef1795466d6140e0980ace544 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 3 Jan 2024 16:42:33 +0000
Subject: [PATCH] Bump the actions group with 6 updates (#4861)

Bumps the actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.16.0` | `0.16.1` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.22.11` | `3.22.12` |
| [nginxinc/aws-marketplace-publish](https://github.com/nginxinc/aws-marketplace-publish) | `1.0.1` | `1.0.2` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.1` | `0.15.2` |
| [lucacome/draft-release](https://github.com/lucacome/draft-release) | `1.0.1` | `1.0.2` |
| [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.39.1` | `1.40.0` |

Updates `aquasecurity/trivy-action` from 0.16.0 to 0.16.1
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/91713af97dc80187565512baba96e4364e983601...d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca)

Updates `github/codeql-action` from 3.22.11 to 3.22.12
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b374143c1149a9115d881581d29b8390bbcbb59c...012739e5082ff0c22ca6d6ab32e07c36df03c4a4)

Updates `nginxinc/aws-marketplace-publish` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/nginxinc/aws-marketplace-publish/releases)
- [Commits](https://github.com/nginxinc/aws-marketplace-publish/compare/3f47c25274f67a3d3b087ce9c0786679af316be6...22487a7f9a905bd233dd77d8dc356767aef8fb11)

Updates `anchore/sbom-action` from 0.15.1 to 0.15.2
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](https://github.com/anchore/sbom-action/compare/5ecf649a417b8ae17dc8383dc32d46c03f2312df...719133684c7d294116626d1344fe64f0d2ff3e9e)

Updates `lucacome/draft-release` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/lucacome/draft-release/releases)
- [Commits](https://github.com/lucacome/draft-release/compare/785af55296512c907875513e397320ae3f1306bb...52f02d1a69b61568e54ab5cf86ce91503bac4066)

Updates `reviewdog/action-actionlint` from 1.39.1 to 1.40.0
- [Release notes](https://github.com/reviewdog/action-actionlint/releases)
- [Commits](https://github.com/reviewdog/action-actionlint/compare/82693e9e3b239f213108d6e412506f8b54003586...9ccda195fd3a290c8596db7f1958c897deaa8c76)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: nginxinc/aws-marketplace-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: lucacome/draft-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: reviewdog/action-actionlint
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build-oss.yml       |  4 ++--
 .github/workflows/build-plus.yml      |  6 +++---
 .github/workflows/ci.yml              | 22 ++++++++++++++++++++--
 .github/workflows/codeql-analysis.yml |  6 +++---
 .github/workflows/lint.yml            |  2 +-
 .github/workflows/scorecards.yml      |  2 +-
 6 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/build-oss.yml b/.github/workflows/build-oss.yml
index 910daec2fb..a1eec5b765 100644
--- a/.github/workflows/build-oss.yml
+++ b/.github/workflows/build-oss.yml
@@ -169,7 +169,7 @@ jobs:
         if: ${{ github.ref_type == 'tag' && contains(inputs.image, 'ubi') }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # 0.16.0
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
         continue-on-error: true
         with:
           image-ref: nginx/nginx-ingress:${{ steps.meta.outputs.version }}
@@ -178,7 +178,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"
diff --git a/.github/workflows/build-plus.yml b/.github/workflows/build-plus.yml
index 06ac6b6bca..6f8fc09aa2 100644
--- a/.github/workflows/build-plus.yml
+++ b/.github/workflows/build-plus.yml
@@ -198,7 +198,7 @@ jobs:
         if: github.ref_type == 'tag' && contains(inputs.target, 'aws')
 
       - name: Publish to AWS Marketplace
-        uses: nginxinc/aws-marketplace-publish@3f47c25274f67a3d3b087ce9c0786679af316be6 # v1.0.1
+        uses: nginxinc/aws-marketplace-publish@22487a7f9a905bd233dd77d8dc356767aef8fb11 # v1.0.2
         continue-on-error: true
         with:
           version: ${{ steps.aws.outputs.version }}
@@ -234,7 +234,7 @@ jobs:
             ${{ inputs.nap_modules != '' && contains(inputs.image, 'ubi') && format('"rhel_license={0}"', secrets.RHEL_LICENSE) || '' }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # 0.16.0
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
         continue-on-error: true
         with:
           image-ref: docker.io/${{ inputs.image }}:${{ steps.meta.outputs.version }}
@@ -243,7 +243,7 @@ jobs:
           ignore-unfixed: "true"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         continue-on-error: true
         with:
           sarif_file: "trivy-results-${{ inputs.image }}.sarif"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fe1a0bec23..93ef93c721 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -124,8 +124,26 @@ jobs:
     permissions:
       contents: write # for lucacome/draft-release
     steps:
+      - name: Checkout Repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Setup Golang Environment
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: go.mod
+
+      - name: Download Syft
+        uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
+        if: github.ref_type == 'tag'
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
+        if: github.ref_type == 'tag'
+
       - name: Create/Update Draft
-        uses: lucacome/draft-release@785af55296512c907875513e397320ae3f1306bb # v1.0.1
+        uses: lucacome/draft-release@52f02d1a69b61568e54ab5cf86ce91503bac4066 # v1.0.2
         id: release-notes
         with:
           minor-label: "enhancement"
@@ -167,7 +185,7 @@ jobs:
           go-version-file: go.mod
 
       - name: Download Syft
-        uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1
+        uses: anchore/sbom-action/download-syft@719133684c7d294116626d1344fe64f0d2ff3e9e # v0.15.2
         if: github.ref_type == 'tag'
 
       - name: Install Cosign
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 325a334a76..9d65623443 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -43,7 +43,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -62,7 +62,7 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -75,6 +75,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index dd2c9e48fd..e129d86a83 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -44,7 +44,7 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - uses: reviewdog/action-actionlint@82693e9e3b239f213108d6e412506f8b54003586 # v1.39.1
+      - uses: reviewdog/action-actionlint@9ccda195fd3a290c8596db7f1958c897deaa8c76 # v1.40.0
         with:
           actionlint_flags: -shellcheck ""
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 41aae56f77..f03b827f7e 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b374143c1149a9115d881581d29b8390bbcbb59c # v3.22.11
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           sarif_file: results.sarif