From 60b4c76aee42f3dcfca9ed6cfb494b271762bdb0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 10:38:19 +0000 Subject: [PATCH 1/5] build(deps): bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- .github/workflows/ci.yml | 6 +++--- .github/workflows/lint.yml | 2 +- .github/workflows/push.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0521f87..cd4334a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -93,14 +93,14 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@v5 + uses: actions/checkout@v6 if: env.GHA_GIT_REF == '' with: submodules: recursive - name: Checkout code with reference id: checkout-code-ref - uses: actions/checkout@v5 + uses: actions/checkout@v6 if: env.GHA_GIT_REF != '' with: submodules: recursive diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 855ea4a..0ae4783 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: env: HADOLINT_RESULTS: "" steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: hadolint/hadolint-action@v3.3.0 id: hadolint continue-on-error: true @@ -59,7 +59,7 @@ jobs: needs: test-lint-ok runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/upload-artifact@v5 with: name: build_artifact @@ -80,7 +80,7 @@ jobs: needs: test-lint-ok runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: actions/upload-artifact@v5 with: name: build_artifact_additional diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5500bfd..7f2687a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,7 +26,7 @@ jobs: GHA_DOCKER_LINT_DOCKERFILE: ${{ inputs.dockerfile }} GHA_DOCKER_LINT_IGNORE: ${{ inputs.ignore }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: submodules: recursive - uses: hadolint/hadolint-action@v3.3.0 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0dc0fcb..059363e 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -146,14 +146,14 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@v5 + uses: actions/checkout@v6 if: env.GHA_DOCKER_PUSH_GIT_REF== '' with: submodules: recursive - name: Checkout code with reference id: checkout-code-ref - uses: actions/checkout@v5 + uses: actions/checkout@v6 if: env.GHA_DOCKER_PUSH_GIT_REF!= '' with: submodules: recursive From 5c5900a224ddfcad0d595c0e1c218b76bebfdd16 Mon Sep 17 00:00:00 2001 From: Glenn Terjesen <48587132+Glenn-Terjesen@users.noreply.github.com> Date: Mon, 12 Jan 2026 18:55:09 +0100 Subject: [PATCH 2/5] fix: Update GitHub Actions to use specific version tags for external components --- .github/workflows/build.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cd4334a..9ea52db 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -93,14 +93,14 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_GIT_REF == '' with: submodules: recursive - name: Checkout code with reference id: checkout-code-ref - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_GIT_REF != '' with: submodules: recursive @@ -109,7 +109,7 @@ jobs: - if: env.GHA_DOCKER_BUILD_ARTIFACT_NAME != '' name: Download artifact ${{ env.GHA_DOCKER_BUILD_ARTIFACT_NAME }} id: download-artifact - uses: actions/download-artifact@v6 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ env.GHA_DOCKER_BUILD_ARTIFACT_NAME }} path: ${{ env.GHA_DOCKER_BUILD_ARTIFACT_PATH }} @@ -122,7 +122,7 @@ jobs: - name: Setup buildx id: setup-buildx - uses: docker/setup-buildx-action@v3.11.1 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Authenticate with the cloud provider id: auth @@ -137,7 +137,7 @@ jobs: - name: Build image id: build - uses: docker/build-push-action@v6.18.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: cache-from: type=gha cache-to: type=gha,mode=max @@ -153,7 +153,7 @@ jobs: - name: Save docker image to the artifact storage id: save-image - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ env.GHA_DOCKER_BUILD_IMAGE_NAME }} path: /tmp/${{ env.GHA_DOCKER_BUILD_IMAGE_NAME }}.tar @@ -185,7 +185,7 @@ jobs: - name: Save additional artifacts to the artifact storage if: inputs.additional_artifacts_paths != '' id: save-additional-artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: ${{ env.GHA_ADDITIONAL_ARTIFACTS_NAME }} path: /tmp/artifacts From 678a60d9d307c741a27eeb81218c3bdb2d3f03e5 Mon Sep 17 00:00:00 2001 From: Glenn Terjesen <48587132+Glenn-Terjesen@users.noreply.github.com> Date: Mon, 12 Jan 2026 18:57:22 +0100 Subject: [PATCH 3/5] fix: Update actions/checkout and actions/download-artifact versions --- .github/workflows/push.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 059363e..1d2df82 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -146,21 +146,21 @@ jobs: - name: Checkout code id: checkout-code - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_DOCKER_PUSH_GIT_REF== '' with: submodules: recursive - name: Checkout code with reference id: checkout-code-ref - uses: actions/checkout@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 if: env.GHA_DOCKER_PUSH_GIT_REF!= '' with: submodules: recursive ref: ${{ env.GHA_DOCKER_PUSH_GIT_REF}} - name: Download docker image from the artifact storage - uses: actions/download-artifact@v6 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: ${{ env.GHA_DOCKER_PUSH_IMAGE_NAME }} path: /tmp From bc8a2254bb08e8d188b8b2958fe96774989830c9 Mon Sep 17 00:00:00 2001 From: Glenn Terjesen <48587132+Glenn-Terjesen@users.noreply.github.com> Date: Mon, 12 Jan 2026 18:58:51 +0100 Subject: [PATCH 4/5] fix: Update actions/checkout and hadolint versions --- .github/workflows/lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7f2687a..9a2fc4a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,10 +26,10 @@ jobs: GHA_DOCKER_LINT_DOCKERFILE: ${{ inputs.dockerfile }} GHA_DOCKER_LINT_IGNORE: ${{ inputs.ignore }} steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 with: submodules: recursive - - uses: hadolint/hadolint-action@v3.3.0 + - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 with: dockerfile: ${{ env.GHA_DOCKER_LINT_DOCKERFILE }} ignore: ${{ env.GHA_DOCKER_LINT_IGNORE }} From 4f41be0d911595f8e1ff70076629438ab40de3b4 Mon Sep 17 00:00:00 2001 From: Glenn Terjesen <48587132+Glenn-Terjesen@users.noreply.github.com> Date: Mon, 12 Jan 2026 19:05:24 +0100 Subject: [PATCH 5/5] fix: pin versions --- .github/workflows/ci.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0ae4783..dbb1222 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,14 +26,14 @@ jobs: env: HADOLINT_RESULTS: "" steps: - - uses: actions/checkout@v6 - - uses: hadolint/hadolint-action@v3.3.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 + - uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0 id: hadolint continue-on-error: true with: no-fail: true dockerfile: fixture/Dockerfile.bad - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "fixture/Dockerfile.bad:4 DL3000 error: Use absolute WORKDIR" actual: ${{ env.HADOLINT_RESULTS }} @@ -59,8 +59,8 @@ jobs: needs: test-lint-ok runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 - - uses: actions/upload-artifact@v5 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: build_artifact path: fixture/artifact.txt @@ -80,8 +80,8 @@ jobs: needs: test-lint-ok runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v6 - - uses: actions/upload-artifact@v5 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2 + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: build_artifact_additional path: | @@ -107,7 +107,7 @@ jobs: needs: test-build-ok-with-additional-artifacts runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "extras" actual: ${{ needs.test-build-ok-with-additional-artifacts.outputs.additional_artifacts }} @@ -132,7 +132,7 @@ jobs: needs: test-push-gcr-ok-with-tag runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-tag" actual: ${{ needs.test-push-gcr-ok-with-tag.outputs.image_tag }} @@ -151,7 +151,7 @@ jobs: needs: test-push-gcr-ok-with-multiple-tags runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-tag,ci-test-tag-2,ci-test-tag-3" actual: ${{ needs.test-push-gcr-ok-with-multiple-tags.outputs.all_image_tags }} @@ -169,7 +169,7 @@ jobs: needs: test-push-gcr-ok-with-git-ref runs-on: ubuntu-24.04 steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: main actual: ${{ needs.test-push-gcr-ok-with-git-ref.outputs.image_tag }} @@ -185,7 +185,7 @@ jobs: runs-on: ubuntu-24.04 needs: test-build-ok-with-custom-image-name steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "custom_image_name" actual: ${{ needs.test-build-ok-with-custom-image-name.outputs.image_artifact }} @@ -204,7 +204,7 @@ jobs: runs-on: ubuntu-24.04 needs: test-push-acr-ok-with-tag steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-az-tag" actual: ${{ needs.test-push-acr-ok-with-tag.outputs.image_tag }} @@ -224,7 +224,7 @@ jobs: runs-on: ubuntu-24.04 needs: test-push-acr-ok-with-multiple-tags steps: - - uses: nick-fields/assert-action@v2 + - uses: nick-fields/assert-action@aa0067e01f0f6545c31755d6ca128c5a3a14f6bf # v2.0.0 with: expected: "ci-test-az-tag,ci-test-az-tag-2,ci-test-az-tag-3" actual: ${{ needs.test-push-acr-ok-with-multiple-tags.outputs.all_image_tags }}