From f38fb253ec7be479acf9aca3d90ce71a99966535 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Oct 2025 05:04:42 +0000 Subject: [PATCH] Bump the github-actions group with 7 updates Bumps the github-actions group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.33.1` | | [ad-m/github-push-action](https://github.com/ad-m/github-push-action) | `0.8.0` | `1.0.0` | | [devops-infra/action-pull-request](https://github.com/devops-infra/action-pull-request) | `0.6.0` | `0.6.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.9.2` | `3.10.0` | | [actions/stale](https://github.com/actions/stale) | `9` | `10` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `aquasecurity/trivy-action` from 0.32.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.32.0...0.33.1) Updates `ad-m/github-push-action` from 0.8.0 to 1.0.0 - [Release notes](https://github.com/ad-m/github-push-action/releases) - [Commits](https://github.com/ad-m/github-push-action/compare/v0.8.0...v1.0.0) Updates `devops-infra/action-pull-request` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/devops-infra/action-pull-request/releases) - [Commits](https://github.com/devops-infra/action-pull-request/compare/v0.6.0...v0.6.1) Updates `sigstore/cosign-installer` from 3.9.2 to 3.10.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d58896d6a1865668819e1d91763c7751a165e159...d7543c93d881b35a8faa02e8e3605f69b7a1ce62) Updates `actions/stale` from 9 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v9...v10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ad-m/github-push-action dependency-version: 1.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: devops-infra/action-pull-request dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-test.yaml | 18 +++++++++--------- .github/workflows/coverage-badge.yaml | 4 ++-- .github/workflows/helm-docs.yaml | 4 ++-- .github/workflows/helm-test.yaml | 10 +++++----- .github/workflows/release.yaml | 16 ++++++++-------- .github/workflows/stale.yaml | 2 +- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build-test.yaml b/.github/workflows/build-test.yaml index 54124e04..0bbf40b4 100644 --- a/.github/workflows/build-test.yaml +++ b/.github/workflows/build-test.yaml @@ -18,10 +18,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup Golang - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -37,10 +37,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@0.32.0 + uses: aquasecurity/trivy-action@0.33.1 continue-on-error: true with: scan-type: "fs" @@ -61,7 +61,7 @@ jobs: steps: # We only need to checkout as govuln does the go setup... - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - id: govulncheck uses: golang/govulncheck-action@v1 @@ -74,10 +74,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup Golang - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -117,7 +117,7 @@ jobs: name: Build Images steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -147,7 +147,7 @@ jobs: type=provenance,mode=max - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.32.0 + uses: aquasecurity/trivy-action@0.33.1 with: input: ./.oci-image format: "table" diff --git a/.github/workflows/coverage-badge.yaml b/.github/workflows/coverage-badge.yaml index 048f9321..11088313 100644 --- a/.github/workflows/coverage-badge.yaml +++ b/.github/workflows/coverage-badge.yaml @@ -13,13 +13,13 @@ jobs: name: Update coverage badge steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token. fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository. - name: Setup go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: 'go.mod' diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index d53def80..f4059dae 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -21,7 +21,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -62,7 +62,7 @@ jobs: git commit -m "[HELM] Update helm docs" - name: Push Changes if: steps.filter-readme.outputs.readme == 'true' - uses: ad-m/github-push-action@v0.8.0 + uses: ad-m/github-push-action@v1.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.head_ref }} diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index a5f9b8c9..2e164b9e 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -20,10 +20,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup Golang - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -36,10 +36,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Setup Golang - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -64,7 +64,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install Kyverno CLI uses: kyverno/action-install-cli@v0.2.0 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 47ecf7e9..7f4b494f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,12 +37,12 @@ jobs: contents: write steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Setup Golang - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version-file: go.mod @@ -103,7 +103,7 @@ jobs: - name: Push changes if: steps.filter.outputs.versions == 'true' - uses: ad-m/github-push-action@v0.8.0 + uses: ad-m/github-push-action@v1.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: ${{ github.ref_name }} @@ -115,7 +115,7 @@ jobs: ignorePreReleases: true - name: Create Release PR - uses: devops-infra/action-pull-request@v0.6.0 + uses: devops-infra/action-pull-request@v0.6.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} target_branch: main @@ -137,7 +137,7 @@ jobs: - release-name steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: path: version-checker @@ -145,7 +145,7 @@ jobs: uses: sigstore/cosign-installer@main - name: checkout jetstack-charts - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.JETSTACK_CHARTS_PAT }} repository: jetstack/jetstack-charts @@ -202,12 +202,12 @@ jobs: - release-name steps: - name: Checkout code - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 #v3.9.2 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 #v3.10.0 with: cosign-release: "v2.2.4" diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index aa6831d9..7d19171d 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -14,7 +14,7 @@ jobs: pull-requests: write # for actions/stale to close stale PRs runs-on: 'ubuntu-latest' steps: - - uses: 'actions/stale@v9' + - uses: 'actions/stale@v10' with: stale-issue-message: |- This issue has been automatically marked as stale because it has not had