From cfaa79909b7074c5098fedc96fcc8f515bc5c84e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 05:29:33 +0000 Subject: [PATCH] Bump the actions-deps group across 1 directory with 11 updates Bumps the actions-deps group with 11 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.0` | `2.13.1` | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `6` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4` | `5` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `8` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2` | `3` | | [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) | `19` | `20` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | Updates `step-security/harden-runner` from 2.12.0 to 2.13.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a) Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) Updates `actions/download-artifact` from 4 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v6) Updates `aws-actions/configure-aws-credentials` from 4 to 5 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4...v5) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v8) Updates `actions/attest-build-provenance` from 2 to 3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/v2...v3) Updates `DavidAnson/markdownlint-cli2-action` from 19 to 20 - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](https://github.com/davidanson/markdownlint-cli2-action/compare/v19...v20) Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/a26af69be951a213d495a4c3e4e4022e16d87065...e797f83bcb11b83ae66e0230d6156d7c80228e7c) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: aws-actions/configure-aws-credentials dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/attest-build-provenance dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: '20' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yml | 4 ++-- .github/workflows/api-server.yml | 24 +++++++++---------- .github/workflows/cherry-pick.yml | 2 +- .github/workflows/devcontainer-image.yml | 8 +++---- .github/workflows/lint-jobs.yml | 12 +++++----- .github/workflows/lint-ui.yml | 4 ++-- .../pr-healthcheck-sidecar-image.yml | 8 +++---- .github/workflows/pr-images.yml | 8 +++---- .github/workflows/release-images.yml | 8 +++---- 9 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 82a2f1dd..e5ac5112 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -34,12 +34,12 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden Runner" - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/api-server.yml b/.github/workflows/api-server.yml index 1496be50..ff628a63 100644 --- a/.github/workflows/api-server.yml +++ b/.github/workflows/api-server.yml @@ -30,10 +30,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -65,9 +65,9 @@ jobs: run: working-directory: api-server steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -78,7 +78,7 @@ jobs: make -j dist/packages - name: Upload apiserver tar.gz packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: apiserver-darwin-packages-tar if-no-files-found: error @@ -95,7 +95,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - name: download tar.gz binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: name: apiserver-darwin-packages-tar path: ./dist/packages @@ -105,7 +105,7 @@ jobs: working-directory: ./dist/packages - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.AWS_ROLE }} role-session-name: apiserver-ci-deploy @@ -121,9 +121,9 @@ jobs: run: working-directory: api-server steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -134,7 +134,7 @@ jobs: make -j dist/packages - name: Upload apiserver tar.gz packages - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: apiserver-linux-packages-tar if-no-files-found: error @@ -151,7 +151,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - name: download tar.gz binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: name: apiserver-linux-packages-tar path: ./dist/packages @@ -161,7 +161,7 @@ jobs: working-directory: ./dist/packages - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.AWS_ROLE }} role-session-name: apiserver-ci-deploy diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index d5e70798..ff18d754 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/devcontainer-image.yml b/.github/workflows/devcontainer-image.yml index 4dfaeca3..79524efc 100644 --- a/.github/workflows/devcontainer-image.yml +++ b/.github/workflows/devcontainer-image.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -59,7 +59,7 @@ jobs: - name: Get Pull Request Number from Commit id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -115,7 +115,7 @@ jobs: file: src/Containerfile - name: Generate devcontainer GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_DEV_IMAGE_NAME}} subject-digest: ${{ steps.push-dev-ghcr.outputs.digest }} @@ -137,7 +137,7 @@ jobs: file: src/Containerfile - name: Generate devcontainer Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_DEV_IMAGE_NAME}} subject-digest: ${{ steps.push-dev-quay.outputs.digest }} diff --git a/.github/workflows/lint-jobs.yml b/.github/workflows/lint-jobs.yml index 9fbe284e..000eb2c3 100644 --- a/.github/workflows/lint-jobs.yml +++ b/.github/workflows/lint-jobs.yml @@ -23,7 +23,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: @@ -32,9 +32,9 @@ jobs: markdown-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: markdownlint-cli2-action - uses: DavidAnson/markdownlint-cli2-action@v19 + uses: DavidAnson/markdownlint-cli2-action@v20 with: globs: "**/*.md" @@ -42,19 +42,19 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden Runner" - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: # https://github.com/actions/checkout/issues/249 fetch-depth: 0 # yamllint is a Python-based tool - name: Setup Python 3.11 - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: 3.11 diff --git a/.github/workflows/lint-ui.yml b/.github/workflows/lint-ui.yml index b837ab48..66548fc6 100644 --- a/.github/workflows/lint-ui.yml +++ b/.github/workflows/lint-ui.yml @@ -27,9 +27,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: node-version: '22' - name: Install dependencies diff --git a/.github/workflows/pr-healthcheck-sidecar-image.yml b/.github/workflows/pr-healthcheck-sidecar-image.yml index fa8414e5..db2b2511 100644 --- a/.github/workflows/pr-healthcheck-sidecar-image.yml +++ b/.github/workflows/pr-healthcheck-sidecar-image.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -59,7 +59,7 @@ jobs: - name: Get Pull Request Number from Commit id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -114,7 +114,7 @@ jobs: file: healthcheck-sidecar/Containerfile - name: Generate GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME}} subject-digest: ${{ steps.push-hs-ghcr.outputs.digest }} @@ -136,7 +136,7 @@ jobs: file: healthcheck-sidecar/Containerfile - name: Generate QA HS Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME}} subject-digest: ${{ steps.push-hs-quay.outputs.digest }} diff --git a/.github/workflows/pr-images.yml b/.github/workflows/pr-images.yml index 5760d8b9..1284db58 100644 --- a/.github/workflows/pr-images.yml +++ b/.github/workflows/pr-images.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -71,7 +71,7 @@ jobs: - name: Get Pull Request Number from Commit if: env.SKIP_WORKFLOW == 'false' id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -130,7 +130,7 @@ jobs: - name: Generate GHCR artifact attestation if: env.SKIP_WORKFLOW == 'false' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} @@ -154,7 +154,7 @@ jobs: - name: Generate QA UI Quay artifact attestation if: env.SKIP_WORKFLOW == 'false' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-quay.outputs.digest }} diff --git a/.github/workflows/release-images.yml b/.github/workflows/release-images.yml index 37d61149..2662b664 100644 --- a/.github/workflows/release-images.yml +++ b/.github/workflows/release-images.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Log in to the GHCR container image registry uses: docker/login-action@v3 @@ -75,7 +75,7 @@ jobs: file: src/Containerfile - name: Generate Prod UI GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} @@ -95,14 +95,14 @@ jobs: file: src/Containerfile - name: Generate PROD UI Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-quay.outputs.digest }} push-to-registry: true - name: Re-Checkout main on the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: main