From 40ccd08f3319fdee0229ccba2e17062601731a04 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 05:28:06 +0000 Subject: [PATCH] chore(deps): Bump actions/upload-artifact from 4.6.0 to 5.0.0 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 5.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...330a01c490aca151604b8cf639adc76d48f6c5d4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/phase_1_keycloak.yml | 16 ++++++++-------- .github/workflows/phase_1_python.yml | 12 ++++++------ .github/workflows/phase_2_harbor.yml | 16 ++++++++-------- .github/workflows/phase_2_kubectl.yml | 16 ++++++++-------- .github/workflows/phase_3_yocto.yml | 6 +++--- .github/workflows/scorecard.yml | 2 +- 6 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/phase_1_keycloak.yml b/.github/workflows/phase_1_keycloak.yml index 6377018..906cc6d 100644 --- a/.github/workflows/phase_1_keycloak.yml +++ b/.github/workflows/phase_1_keycloak.yml @@ -50,13 +50,13 @@ jobs: keycloak-${KEYCLOAK_TAG} - name: Upload Generated CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-keycloak-sbom-cyclonedx path: "/tmp/generated-keycloak-sbom.cdx.json" - name: Upload Generated SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-keycloak-sbom-spdx path: "/tmp/generated-keycloak-sbom.spdx.json" @@ -115,13 +115,13 @@ jobs: augmented_keycloak-sbom.cdx.json > /tmp/augmented_keycloak-sbom.cdx.json - name: Upload Augmented SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-keycloak-sbom-spdx path: "/tmp/augmented_keycloak-sbom.spdx.json" - name: Upload Augmented CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-keycloak-sbom-cyclonedx path: "/tmp/augmented_keycloak-sbom.cdx.json" @@ -152,13 +152,13 @@ jobs: augmented-keycloak-sbom-spdx/augmented_keycloak-sbom.spdx.json > /tmp/enriched_keycloak-sbom.spdx.json - name: Upload Enriched SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-keycloak-sbom-spdx path: "/tmp/enriched_keycloak-sbom.spdx.json" - name: Upload Enriched CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-keycloak-sbom-cyclonedx path: "/tmp/enriched_keycloak-sbom.cdx.json" @@ -169,13 +169,13 @@ jobs: cp /tmp/enriched_keycloak-sbom.cdx.json /tmp/final_keycloak-sbom.cdx.json - name: Upload Final SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-keycloak-sbom-spdx path: "/tmp/final_keycloak-sbom.spdx.json" - name: Upload Final CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-keycloak-sbom-cyclonedx path: "/tmp/final_keycloak-sbom.cdx.json" diff --git a/.github/workflows/phase_1_python.yml b/.github/workflows/phase_1_python.yml index 3dc7a1d..12abd97 100644 --- a/.github/workflows/phase_1_python.yml +++ b/.github/workflows/phase_1_python.yml @@ -53,13 +53,13 @@ jobs: phase-1-python - name: Upload CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: container-sbom-cyclonedx path: "/tmp/container-sbom.cdx.json" - name: Upload SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: container-sbom-spdx path: "/tmp/container-sbom.spdx.json" @@ -94,13 +94,13 @@ jobs: requirements.txt - name: Upload CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: application-sbom-cyclonedx path: "/tmp/application-sbom.cdx.json" - name: Upload SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: application-sbom-spdx path: "/tmp/application-sbom.spdx.json" @@ -212,7 +212,7 @@ jobs: /tmp/augmented_application-sbom.spdx.tmp > /tmp/augmented_application-sbom.spdx.json - name: Upload Augmented SBOMs - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-sboms path: "/tmp/augmented_*.json" @@ -249,7 +249,7 @@ jobs: augmented-sboms/augmented_application-sbom.spdx.json > /tmp/enriched_application-sbom.spdx.json - name: Upload Enriched SBOMs - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-sboms path: "/tmp/enriched_*.json" diff --git a/.github/workflows/phase_2_harbor.yml b/.github/workflows/phase_2_harbor.yml index c334f55..045381a 100644 --- a/.github/workflows/phase_2_harbor.yml +++ b/.github/workflows/phase_2_harbor.yml @@ -51,14 +51,14 @@ jobs: harbor-${HARBOR_TAG} - name: Upload Generated CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-harbor-sbom-cyclonedx path: "/tmp/generated-harbor-sbom.cdx.json" if-no-files-found: error - name: Upload Generated SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-harbor-sbom-spdx path: "/tmp/generated-harbor-sbom.spdx.json" @@ -125,13 +125,13 @@ jobs: augmented_harbor-sbom.cdx.json > /tmp/augmented_harbor-sbom.cdx.json - name: Upload Augmented SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-harbor-sbom-spdx path: "/tmp/augmented_harbor-sbom.spdx.json" - name: Upload Augmented CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-harbor-sbom-cyclonedx path: "/tmp/augmented_harbor-sbom.cdx.json" @@ -167,13 +167,13 @@ jobs: augmented-harbor-sbom-spdx/augmented_harbor-sbom.spdx.json > /tmp/enriched_harbor-sbom.spdx.json - name: Upload Enriched SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-harbor-sbom-spdx path: "/tmp/enriched_harbor-sbom.spdx.json" - name: Upload Enriched CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-harbor-sbom-cyclonedx path: "/tmp/enriched_harbor-sbom.cdx.json" @@ -184,13 +184,13 @@ jobs: cp /tmp/enriched_harbor-sbom.cdx.json /tmp/final_harbor-sbom.cdx.json - name: Upload Final SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-harbor-sbom-spdx path: "/tmp/final_harbor-sbom.spdx.json" - name: Upload Final CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-harbor-sbom-cyclonedx path: "/tmp/final_harbor-sbom.cdx.json" diff --git a/.github/workflows/phase_2_kubectl.yml b/.github/workflows/phase_2_kubectl.yml index c7db56e..64540aa 100644 --- a/.github/workflows/phase_2_kubectl.yml +++ b/.github/workflows/phase_2_kubectl.yml @@ -50,13 +50,13 @@ jobs: kubectl-${KUBECTL_TAG} - name: Upload Generated CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-kubectl-sbom-cyclonedx path: "/tmp/generated-kubectl-sbom.cdx.json" - name: Upload Generated SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-kubectl-sbom-spdx path: "/tmp/generated-kubectl-sbom.spdx.json" @@ -115,13 +115,13 @@ jobs: augmented_kubectl-sbom.cdx.json > /tmp/augmented_kubectl-sbom.cdx.json - name: Upload Augmented SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-kubectl-sbom-spdx path: "/tmp/augmented_kubectl-sbom.spdx.json" - name: Upload Augmented CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-kubectl-sbom-cyclonedx path: "/tmp/augmented_kubectl-sbom.cdx.json" @@ -152,13 +152,13 @@ jobs: augmented-kubectl-sbom-spdx/augmented_kubectl-sbom.spdx.json > /tmp/enriched_kubectl-sbom.spdx.json - name: Upload Enriched SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-kubectl-sbom-spdx path: "/tmp/enriched_kubectl-sbom.spdx.json" - name: Upload Enriched CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: enriched-kubectl-sbom-cyclonedx path: "/tmp/enriched_kubectl-sbom.cdx.json" @@ -169,13 +169,13 @@ jobs: cp /tmp/enriched_kubectl-sbom.cdx.json /tmp/final_kubectl-sbom.cdx.json - name: Upload Final SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-kubectl-sbom-spdx path: "/tmp/final_kubectl-sbom.spdx.json" - name: Upload Final CycloneDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-kubectl-sbom-cyclonedx path: "/tmp/final_kubectl-sbom.cdx.json" diff --git a/.github/workflows/phase_3_yocto.yml b/.github/workflows/phase_3_yocto.yml index 1765961..2646a83 100644 --- a/.github/workflows/phase_3_yocto.yml +++ b/.github/workflows/phase_3_yocto.yml @@ -38,7 +38,7 @@ jobs: bitbake core-image-minimal - name: Upload Generated SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: generated-yocto-sbom-spdx path: "poky/build/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.spdx.json" @@ -57,7 +57,7 @@ jobs: cp generated-yocto-sbom-spdx/core-image-minimal-qemux86-64.rootfs.spdx.json /tmp/augmented_yocto-sbom.spdx.json - name: Upload Augmented SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: augmented-yocto-sbom-spdx path: "/tmp/augmented_yocto-sbom.spdx.json" @@ -77,7 +77,7 @@ jobs: cp augmented-yocto-sbom-spdx/augmented_yocto-sbom.spdx.json /tmp/final_yocto-sbom.spdx.json - name: Upload Final SPDX SBOM - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v4 with: name: final-yocto-sbom-spdx path: "/tmp/final_yocto-sbom.spdx.json" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8fa11c1..7f8d2a6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v3.pre.node20 + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v3.pre.node20 with: name: SARIF file path: results.sarif