From 111f0661af4521c6ac7916479502ee2d46f82d23 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Apr 2024 02:45:52 +0000 Subject: [PATCH] chore(deps): update github-actions Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/depsreview.yml | 2 +- .github/workflows/e2e.schedule.cli.yml | 4 ++-- .github/workflows/e2e.schedule.installer.yml | 10 +++++----- .github/workflows/pre-submit.actions.yml | 4 ++-- .github/workflows/pre-submit.cli.yml | 4 ++-- .github/workflows/pre-submit.e2e.yml | 4 ++-- .github/workflows/pre-submit.lfs.yml | 4 ++-- .github/workflows/pre-submit.lint.yml | 6 +++--- .github/workflows/pre-submit.references.yml | 2 +- .github/workflows/release.yml | 8 ++++---- .github/workflows/scorecards.yml | 6 +++--- 12 files changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index bb5943a96..21fc7a1a4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,7 +40,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 # TODO(#740): Workaround for go1.21 compatibility. Remove when GHA runners have Go 1.21+. - name: setup-go @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -63,7 +63,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 # Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 80c3fa65f..c9881c2a3 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -9,6 +9,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: 'Dependency Review' uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5 diff --git a/.github/workflows/e2e.schedule.cli.yml b/.github/workflows/e2e.schedule.cli.yml index af8b84815..b14e95baf 100644 --- a/.github/workflows/e2e.schedule.cli.yml +++ b/.github/workflows/e2e.schedule.cli.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest # See https://github.com/orgs/community/discussions/26238. steps: - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 + - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 with: name: event_name - name: Check event name @@ -28,7 +28,7 @@ jobs: ctned="true" fi echo "continue=$ctned" >> $GITHUB_OUTPUT - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 if: steps.name.outputs.continue == 'true' with: ref: main diff --git a/.github/workflows/e2e.schedule.installer.yml b/.github/workflows/e2e.schedule.installer.yml index 8a9c91f7a..5976ac51a 100644 --- a/.github/workflows/e2e.schedule.installer.yml +++ b/.github/workflows/e2e.schedule.installer.yml @@ -27,14 +27,14 @@ jobs: version: ${{ steps.generate-versions.outputs.version }} steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: # NOTE: the example-package needs to be checked out in the default workspace. repository: slsa-framework/example-package ref: main - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: path: __THIS_REPO__ @@ -77,7 +77,7 @@ jobs: - name: Checkout this repository # Skip release candidates unless specified explicitly. if: ${{ inputs.version != '' || ! contains(matrix.version, '-rc' ) }} - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ matrix.version }} @@ -196,7 +196,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: slsa-framework/example-package ref: main @@ -210,7 +210,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml index a0014140e..6d7566024 100644 --- a/.github/workflows/pre-submit.actions.yml +++ b/.github/workflows/pre-submit.actions.yml @@ -11,7 +11,7 @@ jobs: check-dist: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Set Node.js 20 uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 @@ -34,7 +34,7 @@ jobs: fi # If index.js was different from expected, upload the expected version as an artifact - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 if: ${{ failure() && steps.diff.conclusion == 'failure' }} with: name: dist diff --git a/.github/workflows/pre-submit.cli.yml b/.github/workflows/pre-submit.cli.yml index 58071cd8e..ae85eed5b 100644 --- a/.github/workflows/pre-submit.cli.yml +++ b/.github/workflows/pre-submit.cli.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: setup-go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -30,7 +30,7 @@ jobs: run: | echo "$EVENT_NAME" > ./event_name.txt - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: event_name path: ./event_name.txt diff --git a/.github/workflows/pre-submit.e2e.yml b/.github/workflows/pre-submit.e2e.yml index 50bac3c01..b98788d97 100644 --- a/.github/workflows/pre-submit.e2e.yml +++ b/.github/workflows/pre-submit.e2e.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: path: __THIS_REPO__ @@ -29,7 +29,7 @@ jobs: go build -o slsa-verifier ./cli/slsa-verifier - name: Checkout e2e verification script - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: path: __EXAMPLE_PACKAGE__ repository: slsa-framework/example-package diff --git a/.github/workflows/pre-submit.lfs.yml b/.github/workflows/pre-submit.lfs.yml index 5e5228baa..e86ee1e3c 100644 --- a/.github/workflows/pre-submit.lfs.yml +++ b/.github/workflows/pre-submit.lfs.yml @@ -11,8 +11,8 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: actionsdesk/lfs-warning@e5f9a4c21f4bee104db7c0f23954dde59e5df909 # v3.2 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actionsdesk/lfs-warning@4b98a8a5e6c429c23c34eee02d71553bca216425 # v3.3 with: token: ${{ secrets.GITHUB_TOKEN }} filesizelimit: 10MB diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index b16255163..c3be4f4d9 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -10,7 +10,7 @@ jobs: golangci-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version-file: "go.mod" @@ -27,7 +27,7 @@ jobs: yamllint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - env: YAMLLINT_VERSION: "1.26.3" run: | @@ -42,7 +42,7 @@ jobs: eslint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: actions/setup-node@v4 with: node-version: 16 diff --git a/.github/workflows/pre-submit.references.yml b/.github/workflows/pre-submit.references.yml index 7620a8275..bd3b35aeb 100644 --- a/.github/workflows/pre-submit.references.yml +++ b/.github/workflows/pre-submit.references.yml @@ -13,7 +13,7 @@ jobs: env: BODY: ${{ github.event.pull_request.body }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Check documentation is up-to-date run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d1a599ad0..3f2d6dfb0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: version: ${{ steps.ldflags.outputs.version }} steps: - id: checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 - id: ldflags @@ -63,7 +63,7 @@ jobs: permissions: read-all steps: - name: Install the verifier - uses: slsa-framework/slsa-verifier/actions/installer@v2.4.1 + uses: slsa-framework/slsa-verifier/actions/installer@v2.5.1 - name: Download assets env: @@ -98,7 +98,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: slsa-framework/example-package ref: main @@ -112,7 +112,7 @@ jobs: contents: read issues: write steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: slsa-framework/example-package ref: main diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 0a4879caa..e43388a4b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: persist-credentials: false @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 with: sarif_file: results.sarif