From 8f0aee1d52f496fdcbb81b3cced7d578c20c2121 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 05:25:53 +0000 Subject: [PATCH] Bump the actions-deps group across 1 directory with 9 updates Bumps the actions-deps group with 9 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.0` | `2.13.0` | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `5` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4` | `5` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `8` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2` | `3` | | [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) | `19` | `20` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `5` | Updates `step-security/harden-runner` from 2.12.0 to 2.13.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...ec9f2d5744a09debf3a187a3f4f675c53b671911) Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v5) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `actions/download-artifact` from 4 to 5 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v5) Updates `aws-actions/configure-aws-credentials` from 4 to 5 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v4...v5) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v8) Updates `actions/attest-build-provenance` from 2 to 3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/v2...v3) Updates `DavidAnson/markdownlint-cli2-action` from 19 to 20 - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](https://github.com/davidanson/markdownlint-cli2-action/compare/v19...v20) Updates `actions/setup-node` from 4 to 5 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v5) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: aws-actions/configure-aws-credentials dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/attest-build-provenance dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: '20' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: actions/setup-node dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] --- .github/workflows/actionlint.yml | 4 ++-- .github/workflows/api-server.yml | 20 +++++++++---------- .github/workflows/cherry-pick.yml | 2 +- .github/workflows/devcontainer-image.yml | 8 ++++---- .github/workflows/lint-jobs.yml | 6 +++--- .github/workflows/lint-ui.yml | 4 ++-- .../pr-healthcheck-sidecar-image.yml | 8 ++++---- .github/workflows/pr-images.yml | 8 ++++---- .github/workflows/release-images.yml | 8 ++++---- 9 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 82a2f1dd..3628b83d 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -34,12 +34,12 @@ jobs: runs-on: ubuntu-latest steps: - name: "Harden Runner" - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 diff --git a/.github/workflows/api-server.yml b/.github/workflows/api-server.yml index 1496be50..d6581f95 100644 --- a/.github/workflows/api-server.yml +++ b/.github/workflows/api-server.yml @@ -30,10 +30,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -65,9 +65,9 @@ jobs: run: working-directory: api-server steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -95,7 +95,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - name: download tar.gz binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: apiserver-darwin-packages-tar path: ./dist/packages @@ -105,7 +105,7 @@ jobs: working-directory: ./dist/packages - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.AWS_ROLE }} role-session-name: apiserver-ci-deploy @@ -121,9 +121,9 @@ jobs: run: working-directory: api-server steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: '1.21.6' @@ -151,7 +151,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - name: download tar.gz binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: apiserver-linux-packages-tar path: ./dist/packages @@ -161,7 +161,7 @@ jobs: working-directory: ./dist/packages - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: role-to-assume: ${{ secrets.AWS_ROLE }} role-session-name: apiserver-ci-deploy diff --git a/.github/workflows/cherry-pick.yml b/.github/workflows/cherry-pick.yml index 50eb4484..49b0ab62 100644 --- a/.github/workflows/cherry-pick.yml +++ b/.github/workflows/cherry-pick.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/devcontainer-image.yml b/.github/workflows/devcontainer-image.yml index 4dfaeca3..79524efc 100644 --- a/.github/workflows/devcontainer-image.yml +++ b/.github/workflows/devcontainer-image.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -59,7 +59,7 @@ jobs: - name: Get Pull Request Number from Commit id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -115,7 +115,7 @@ jobs: file: src/Containerfile - name: Generate devcontainer GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_DEV_IMAGE_NAME}} subject-digest: ${{ steps.push-dev-ghcr.outputs.digest }} @@ -137,7 +137,7 @@ jobs: file: src/Containerfile - name: Generate devcontainer Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_DEV_IMAGE_NAME}} subject-digest: ${{ steps.push-dev-quay.outputs.digest }} diff --git a/.github/workflows/lint-jobs.yml b/.github/workflows/lint-jobs.yml index d3cbd11c..f0e90297 100644 --- a/.github/workflows/lint-jobs.yml +++ b/.github/workflows/lint-jobs.yml @@ -19,7 +19,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: @@ -28,8 +28,8 @@ jobs: markdown-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: markdownlint-cli2-action - uses: DavidAnson/markdownlint-cli2-action@v19 + uses: DavidAnson/markdownlint-cli2-action@v20 with: globs: "**/*.md" diff --git a/.github/workflows/lint-ui.yml b/.github/workflows/lint-ui.yml index b837ab48..eee0345c 100644 --- a/.github/workflows/lint-ui.yml +++ b/.github/workflows/lint-ui.yml @@ -27,9 +27,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: '22' - name: Install dependencies diff --git a/.github/workflows/pr-healthcheck-sidecar-image.yml b/.github/workflows/pr-healthcheck-sidecar-image.yml index fa8414e5..db2b2511 100644 --- a/.github/workflows/pr-healthcheck-sidecar-image.yml +++ b/.github/workflows/pr-healthcheck-sidecar-image.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -59,7 +59,7 @@ jobs: - name: Get Pull Request Number from Commit id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -114,7 +114,7 @@ jobs: file: healthcheck-sidecar/Containerfile - name: Generate GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_HS_IMAGE_NAME}} subject-digest: ${{ steps.push-hs-ghcr.outputs.digest }} @@ -136,7 +136,7 @@ jobs: file: healthcheck-sidecar/Containerfile - name: Generate QA HS Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_HS_IMAGE_NAME}} subject-digest: ${{ steps.push-hs-quay.outputs.digest }} diff --git a/.github/workflows/pr-images.yml b/.github/workflows/pr-images.yml index 5760d8b9..1284db58 100644 --- a/.github/workflows/pr-images.yml +++ b/.github/workflows/pr-images.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: 'main' @@ -71,7 +71,7 @@ jobs: - name: Get Pull Request Number from Commit if: env.SKIP_WORKFLOW == 'false' id: get_pr_number - uses: actions/github-script@v7 + uses: actions/github-script@v8 with: script: | console.log("Repository owner:", context.repo.owner); @@ -130,7 +130,7 @@ jobs: - name: Generate GHCR artifact attestation if: env.SKIP_WORKFLOW == 'false' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} @@ -154,7 +154,7 @@ jobs: - name: Generate QA UI Quay artifact attestation if: env.SKIP_WORKFLOW == 'false' - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-quay.outputs.digest }} diff --git a/.github/workflows/release-images.yml b/.github/workflows/release-images.yml index 37d61149..2662b664 100644 --- a/.github/workflows/release-images.yml +++ b/.github/workflows/release-images.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Check out the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Log in to the GHCR container image registry uses: docker/login-action@v3 @@ -75,7 +75,7 @@ jobs: file: src/Containerfile - name: Generate Prod UI GHCR artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.GHCR_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-ghcr.outputs.digest }} @@ -95,14 +95,14 @@ jobs: file: src/Containerfile - name: Generate PROD UI Quay artifact attestation - uses: actions/attest-build-provenance@v2 + uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.QUAY_REGISTRY }}/${{ env.QUAY_UI_IMAGE_NAME}} subject-digest: ${{ steps.push-ui-quay.outputs.digest }} push-to-registry: true - name: Re-Checkout main on the repo - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: token: ${{ secrets.BOT_PAT }} ref: main