From 7e38a1826ef97c588ef81e8d561642e38934e3d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 22:14:30 +0000 Subject: [PATCH] Bump the action-packages group across 1 directory with 7 updates Bumps the action-packages group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5` | `7` | | [mikefarah/yq](https://github.com/mikefarah/yq) | `4.44.1` | `4.52.4` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.6.0` | `4.9.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.5.0` | `6.2.0` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) Updates `docker/build-push-action` from 5 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v7) Updates `mikefarah/yq` from 4.44.1 to 4.52.4 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](https://github.com/mikefarah/yq/compare/v4.44.1...v4.52.4) Updates `actions/dependency-review-action` from 4.6.0 to 4.9.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/ce3cf9537a52e8119d91fd484ab5b8a807627bf8...2031cfc080254a8a887f58cffee85186f0e49e48) Updates `actions/setup-python` from 5.5.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/8d9ed9ac5c53483de85588cdf95a591a75ab9f55...a309ff8b426b58ec0e2a45f0f869d46889d02405) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-packages - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-packages - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-packages - dependency-name: mikefarah/yq dependency-version: 4.52.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-packages - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-packages - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-packages - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: action-packages ... Signed-off-by: dependabot[bot] --- .github/workflows/build-push.yml | 14 +++++++------- .github/workflows/dependency-review.yml | 4 ++-- .github/workflows/formatting_and_linting.yml | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index b61581f..40438e1 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -19,24 +19,24 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Log in to the Container registry - uses: docker/login-action@v3 + uses: docker/login-action@v4 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.WRITE_PACKAGE_TOKEN }} - name: Checkout the Gitops repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: repository: fiaisis/gitops token: ${{ secrets.GITOPS_STAGING_EDIT_TOKEN }} - name: Build and push live-data-operator Docker image id: live_data_operator_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: file: ./container/operator.Dockerfile push: true @@ -50,7 +50,7 @@ jobs: echo "::set-output name=digest::$FILTERED_DIGEST" - name: Edit the YAML live-data-operator.yml file for staging for live data operator - uses: mikefarah/yq@v4.44.1 + uses: mikefarah/yq@v4.52.4 with: cmd: yq e -i '.spec.template.spec.containers[] |= select(.name == "live-data-operator").image = "ghcr.io/fiaisis/live-data-operator@${{ steps.live_data_operator_build.outputs.digest }}"' './components/live-data-operator/envs/staging/live-data-operator.yml' @@ -64,7 +64,7 @@ jobs: - name: Build and push live-data-processor Docker image id: live_data_processor_build - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v7 with: file: ./container/processor.Dockerfile push: true @@ -79,7 +79,7 @@ jobs: - name: Update LIVE_DATA_PROCESSOR_IMAGE in the Deployment YAML - uses: mikefarah/yq@v4.44.1 + uses: mikefarah/yq@v4.52.4 with: cmd: yq e -i '.spec.template.spec.containers[] |= (select(.name == "live-data-operator") | .env[] |= select(.name == "LIVE_DATA_PROCESSOR_IMAGE_SHA").value = "${{ steps.remove_sha256_processor.outputs.digest }}")' './components/live-data-operator/envs/staging/live-data-operator.yml' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index ed8dec3..9e3b183 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 diff --git a/.github/workflows/formatting_and_linting.yml b/.github/workflows/formatting_and_linting.yml index 3fc04ba..16ed94b 100644 --- a/.github/workflows/formatting_and_linting.yml +++ b/.github/workflows/formatting_and_linting.yml @@ -14,21 +14,21 @@ jobs: steps: - name: Checkout project if: github.actor != 'dependabot[bot]' - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4.1.1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.1.1 with: token: ${{ secrets.COMMIT_TOKEN }} - name: Checkout project (dependabot) if: github.actor == 'dependabot[bot]' - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v4.1.1 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.1.1 - name: Set up Python - uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.12' - name: Set up cache for Python dependencies - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}