From 424cbfc66423d2918454a82115aebbc179aa2e0d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 25 Apr 2025 03:49:34 +0000 Subject: [PATCH] Bump the ci group across 1 directory with 10 updates Bumps the ci group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `5.3.0` | `5.4.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.4.0` | `3.6.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.9.0` | `3.10.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.1` | `3.8.2` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.18.0` | `0.19.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.4.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.6.1` | `5.7.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.14.0` | `6.16.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.2.1` | `6.3.0` | | [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) | `2.0.0` | `2.1.0` | Updates `actions/setup-go` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/f111f3307d8850f501ac008e886eec1fd1932a34...0aaccfd150d50ccaeb58ebd88d36e91967a5f35b) Updates `docker/setup-qemu-action` from 3.4.0 to 3.6.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...29109295f81e9208d7d86ff1c6c12d2833863392) Updates `docker/setup-buildx-action` from 3.9.0 to 3.10.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2) Updates `sigstore/cosign-installer` from 3.8.1 to 3.8.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a...3454372f43399081ed03b604cb2d021dabca52bb) Updates `anchore/sbom-action` from 0.18.0 to 0.19.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/f325610c9f50a54015d37c8d16cb3b0e2c8f4de0...9f7302141466aa6482940f15371237e9d9f4c34a) Updates `docker/login-action` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...74a5d142397b4f367a81961eba4e8cd7edddf772) Updates `docker/metadata-action` from 5.6.1 to 5.7.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804) Updates `docker/build-push-action` from 6.14.0 to 6.16.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/0adf9959216b96bec444f325f1e493d4aa344497...14487ce63c7a62a4a324b0bfb37086795e31c6c1) Updates `goreleaser/goreleaser-action` from 6.2.1 to 6.3.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/90a3faa9d0182683851fbfa97ca1a2cb983bfca3...9c156ee8a17a598857849441385a2041ef570552) Updates `slsa-framework/slsa-github-generator` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-qemu-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-buildx-action dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-version: 3.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: anchore/sbom-action dependency-version: 0.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/login-action dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/metadata-action dependency-version: 5.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/build-push-action dependency-version: 6.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yaml | 26 +++++++++++++------------- .github/workflows/test.yaml | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 18cf0b8..c73f0d5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,30 +42,30 @@ jobs: fi echo "version=${VERSION}" >> $GITHUB_OUTPUT - name: Setup Go - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version: 1.23.x cache-dependency-path: | **/go.sum **/go.mod - - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3.4.0 - - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3.9.0 - - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 - - uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0 + - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 + - uses: anchore/sbom-action/download-syft@9f7302141466aa6482940f15371237e9d9f4c34a # v0.19.0 - name: Docker login ghcr.io - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: fluxcdbot password: ${{ secrets.GHCR_TOKEN }} - name: Docker login docker.io - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: fluxcdbot password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }} - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | fluxcd/${{ env.CONTROLLER }} @@ -73,7 +73,7 @@ jobs: tags: | type=raw,value=${{ steps.prep.outputs.version }} - name: Docker push - uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0 + uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 id: build-push with: sbom: true @@ -94,7 +94,7 @@ jobs: - name: GoReleaser publish signed SBOM id: run-goreleaser if: startsWith(github.ref, 'refs/tags/v') - uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 + uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0 with: version: latest args: release --clean --skip=validate @@ -121,7 +121,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to the release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 with: base64-subjects: "${{ needs.release.outputs.hashes }}" upload-assets: true @@ -132,7 +132,7 @@ jobs: actions: read # for detecting the Github Actions environment. id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0 with: image: ${{ needs.release.outputs.image_url }} digest: ${{ needs.release.outputs.image_digest }} @@ -146,7 +146,7 @@ jobs: actions: read # for detecting the Github Actions environment. id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.1.0 with: image: ghcr.io/${{ needs.release.outputs.image_url }} digest: ${{ needs.release.outputs.image_digest }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index c52e1b8..5440581 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -15,7 +15,7 @@ jobs: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 with: go-version: 1.23.x cache-dependency-path: |