From 6c8b3f9b25f22b2b5e655e312212238dc624dad0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Aug 2025 20:45:39 +0000 Subject: [PATCH] ci: bump the github-actions group with 9 updates Bumps the github-actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.0` | `5.0.0` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.35.3` | `1.35.5` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.0` | `4.3.1` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.7.1` | `5.0.0` | | [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) | `2.2.0` | `3.0.0` | | [depot/build-push-action](https://github.com/depot/build-push-action) | `1.15.0` | `1.16.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `f963b3f3562b00b6d2dd25efc390eb04e51ef6c6` | `3b04099b21072562f07469c10deb182b24236ca9` | | [nixbuild/nix-quick-install-action](https://github.com/nixbuild/nix-quick-install-action) | `32` | `33` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.8` | `3.29.11` | Updates `actions/checkout` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08eba0b27e820071cde6df949e0beb9ba4906955...08c6903cd8c0fde910a37f88322edcfb5dd907a8) Updates `crate-ci/typos` from 1.35.3 to 1.35.5 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](https://github.com/crate-ci/typos/compare/52bd719c2c91f9d676e2aa359fc8e0db8925e6d8...a4c3e43aea0a9e9b9e6578d2731ebd9a27e8f6cd) Updates `azure/setup-helm` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/b9e51907a09c216f16ebe8536097933489208112...1a275c3b69536ee54be43f2070a358922e12c8d4) Updates `actions/setup-java` from 4.7.1 to 5.0.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/c5195efecf7bdfc987ee8bae7a71cb8b11521c00...dded0888837ed1f317902acf8a20df0ad188d165) Updates `google-github-actions/setup-gcloud` from 2.2.0 to 3.0.0 - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/setup-gcloud/compare/cb1e50a9932213ecece00a606661ae9ca44f3397...26f734c2779b00b7dda794207734c511110a4368) Updates `depot/build-push-action` from 1.15.0 to 1.16.2 - [Release notes](https://github.com/depot/build-push-action/releases) - [Commits](https://github.com/depot/build-push-action/compare/2583627a84956d07561420dcc1d0eb1f2af3fac0...9785b135c3c76c33db102e45be96a25ab55cd507) Updates `tj-actions/changed-files` from f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 to 3b04099b21072562f07469c10deb182b24236ca9 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/f963b3f3562b00b6d2dd25efc390eb04e51ef6c6...3b04099b21072562f07469c10deb182b24236ca9) Updates `nixbuild/nix-quick-install-action` from 32 to 33 - [Release notes](https://github.com/nixbuild/nix-quick-install-action/releases) - [Commits](https://github.com/nixbuild/nix-quick-install-action/compare/63ca48f939ee3b8d835f4126562537df0fee5b91...1f095fee853b33114486cfdeae62fa099cda35a9) Updates `github/codeql-action` from 3.29.8 to 3.29.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/76621b61decf072c1cee8dd1ce2d2a82d33c17ed...3c3833e0f8c1c83d449a7478aa59c036a9165498) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: crate-ci/typos dependency-version: 1.35.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: azure/setup-helm dependency-version: 4.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google-github-actions/setup-gcloud dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: depot/build-push-action dependency-version: 1.16.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-version: 3b04099b21072562f07469c10deb182b24236ca9 dependency-type: direct:production dependency-group: github-actions - dependency-name: nixbuild/nix-quick-install-action dependency-version: '33' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 3.29.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 48 ++++++++++++------------- .github/workflows/docker-base.yaml | 4 +-- .github/workflows/docs-ci.yaml | 4 +-- .github/workflows/dogfood.yaml | 8 ++--- .github/workflows/nightly-gauntlet.yaml | 2 +- .github/workflows/pr-deploy.yaml | 8 ++--- .github/workflows/release.yaml | 16 ++++----- .github/workflows/scorecard.yml | 4 +-- .github/workflows/security.yaml | 10 +++--- .github/workflows/stale.yaml | 2 +- .github/workflows/weekly-docs.yaml | 2 +- 11 files changed, 54 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 747f158e28a9e..73db8db0da349 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -39,7 +39,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -123,7 +123,7 @@ jobs: # runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} # steps: # - name: Checkout - # uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + # uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # with: # fetch-depth: 1 # # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs @@ -161,7 +161,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -190,7 +190,7 @@ jobs: # Check for any typos - name: Check for typos - uses: crate-ci/typos@52bd719c2c91f9d676e2aa359fc8e0db8925e6d8 # v1.35.3 + uses: crate-ci/typos@a4c3e43aea0a9e9b9e6578d2731ebd9a27e8f6cd # v1.35.5 with: config: .github/workflows/typos.toml @@ -203,7 +203,7 @@ jobs: # Needed for helm chart linting - name: Install helm - uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1 with: version: v3.9.2 @@ -239,7 +239,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -295,7 +295,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -366,7 +366,7 @@ jobs: uses: coder/setup-ramdisk-action@e1100847ab2d7bcd9d14bcda8f2d1b0f07b36f1b # v0.1.0 - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -551,7 +551,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -600,7 +600,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -660,7 +660,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -687,7 +687,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -720,7 +720,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false @@ -792,7 +792,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # 👇 Ensures Chromatic can read your full git history fetch-depth: 0 @@ -873,7 +873,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # 0 is required here for version.sh to work. fetch-depth: 0 @@ -973,7 +973,7 @@ jobs: steps: # Harden Runner doesn't work on macOS - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -1060,7 +1060,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -1115,7 +1115,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -1156,7 +1156,7 @@ jobs: # Necessary for signing Windows binaries. - name: Setup Java - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: "zulu" java-version: "11.0" @@ -1196,7 +1196,7 @@ jobs: token_format: "access_token" - name: Setup GCloud SDK - uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # v2.2.0 + uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0 - name: Download dylibs uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 @@ -1490,7 +1490,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -1502,7 +1502,7 @@ jobs: service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} - name: Set up Google Cloud SDK - uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # v2.2.0 + uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0 - name: Set up Flux CLI uses: fluxcd/flux2/action@6bf37f6a560fd84982d67f853162e4b3c2235edb # v2.6.4 @@ -1555,7 +1555,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -1591,7 +1591,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/docker-base.yaml b/.github/workflows/docker-base.yaml index 5c8fa142450bb..9c561ca76640b 100644 --- a/.github/workflows/docker-base.yaml +++ b/.github/workflows/docker-base.yaml @@ -43,7 +43,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -62,7 +62,7 @@ jobs: # This uses OIDC authentication, so no auth variables are required. - name: Build base Docker image via depot.dev - uses: depot/build-push-action@2583627a84956d07561420dcc1d0eb1f2af3fac0 # v1.15.0 + uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2 with: project: wl5hnrrkns context: base-build-context diff --git a/.github/workflows/docs-ci.yaml b/.github/workflows/docs-ci.yaml index 887db40660caf..3e9da082dd6b7 100644 --- a/.github/workflows/docs-ci.yaml +++ b/.github/workflows/docs-ci.yaml @@ -23,14 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node - - uses: tj-actions/changed-files@f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 # v45.0.7 + - uses: tj-actions/changed-files@3b04099b21072562f07469c10deb182b24236ca9 # v45.0.7 id: changed-files with: files: | diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index 119cd4fe85244..23ea863cfb6f8 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -31,12 +31,12 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Setup Nix - uses: nixbuild/nix-quick-install-action@63ca48f939ee3b8d835f4126562537df0fee5b91 # v32 + uses: nixbuild/nix-quick-install-action@1f095fee853b33114486cfdeae62fa099cda35a9 # v33 with: # Pinning to 2.28 here, as Nix gets a "error: [json.exception.type_error.302] type must be array, but is string" # on version 2.29 and above. @@ -88,7 +88,7 @@ jobs: password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Build and push Non-Nix image - uses: depot/build-push-action@2583627a84956d07561420dcc1d0eb1f2af3fac0 # v1.15.0 + uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2 with: project: b4q6ltmpzh token: ${{ secrets.DEPOT_TOKEN }} @@ -130,7 +130,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/nightly-gauntlet.yaml b/.github/workflows/nightly-gauntlet.yaml index 5769b3b652c44..4f9352c0098a0 100644 --- a/.github/workflows/nightly-gauntlet.yaml +++ b/.github/workflows/nightly-gauntlet.yaml @@ -53,7 +53,7 @@ jobs: uses: coder/setup-ramdisk-action@e1100847ab2d7bcd9d14bcda8f2d1b0f07b36f1b # v0.1.0 - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml index ccf7511eafc78..1bd6c9ca686b8 100644 --- a/.github/workflows/pr-deploy.yaml +++ b/.github/workflows/pr-deploy.yaml @@ -44,7 +44,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -81,7 +81,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -233,7 +233,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -337,7 +337,7 @@ jobs: kubectl create namespace "pr${PR_NUMBER}" - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f4f9c8f317664..24c9e8a858834 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -65,7 +65,7 @@ jobs: steps: # Harden Runner doesn't work on macOS. - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -169,7 +169,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -253,7 +253,7 @@ jobs: # Necessary for signing Windows binaries. - name: Setup Java - uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 + uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 with: distribution: "zulu" java-version: "11.0" @@ -324,7 +324,7 @@ jobs: token_format: "access_token" - name: Setup GCloud SDK - uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # v2.2.0 + uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # v3.0.0 - name: Download dylibs uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 @@ -397,7 +397,7 @@ jobs: # This uses OIDC authentication, so no auth variables are required. - name: Build base Docker image via depot.dev if: steps.image-base-tag.outputs.tag != '' - uses: depot/build-push-action@2583627a84956d07561420dcc1d0eb1f2af3fac0 # v1.15.0 + uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2 with: project: wl5hnrrkns context: base-build-context @@ -740,7 +740,7 @@ jobs: service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} - name: Setup GCloud SDK - uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # 2.2.0 + uses: google-github-actions/setup-gcloud@26f734c2779b00b7dda794207734c511110a4368 # 3.0.0 - name: Publish Helm Chart if: ${{ !inputs.dry_run }} @@ -888,7 +888,7 @@ jobs: GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }} - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -976,7 +976,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 persist-credentials: false diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 87e9e6271c6ac..614df8894f4d7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index e7fde82bf1dce..7fcdc67d28133 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -32,7 +32,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false @@ -40,7 +40,7 @@ jobs: uses: ./.github/actions/setup-go - name: Initialize CodeQL - uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: languages: go, javascript @@ -50,7 +50,7 @@ jobs: rm Makefile - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 - name: Send Slack notification on failure if: ${{ failure() }} @@ -74,7 +74,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 persist-credentials: false @@ -154,7 +154,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 + uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3.29.5 with: sarif_file: trivy-results.sarif category: "Trivy" diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 27ec157fa0f3f..617d230474cf0 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -101,7 +101,7 @@ jobs: egress-policy: audit - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false - name: Run delete-old-branches-action diff --git a/.github/workflows/weekly-docs.yaml b/.github/workflows/weekly-docs.yaml index 56f5e799305e8..7c8a04f9e99c6 100644 --- a/.github/workflows/weekly-docs.yaml +++ b/.github/workflows/weekly-docs.yaml @@ -26,7 +26,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: persist-credentials: false