🌱 Bump the github-actions group across 1 directory with 6 updates (#4051)

2024-08-15 19:30:40 +03:00 · 2024-04-24 17:59:20 +00:00 · 2024-04-24 17:59:20 +00:00 · db55585a49
commit db55585a49
parent 252eee2f68
12 changed files with 32 additions and 32 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -60,7 +60,7 @@ jobs:
        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

    - name: Checkout repository
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

    # don't use the default version of Go from GitHub runners
    # https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087
@ -73,7 +73,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+      uses: github/codeql-action/init@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
      with:
        languages: ${{ matrix.language }}
        queries: +security-extended
@ -85,7 +85,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+      uses: github/codeql-action/autobuild@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@ -99,4 +99,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+      uses: github/codeql-action/analyze@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
--- a/.github/workflows/depsreview.yml
+++ b/.github/workflows/depsreview.yml
@ -22,6 +22,6 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@5bbc3ba658137598168acb2ab73b21c432dd411b # v4.2.5
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -35,7 +35,7 @@ jobs:
      docs_only: ${{ steps.docs_only_check.outputs.docs_only }}
    steps:
    - name: Check out code
-      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 #v4.1.2
+      uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b #v4.1.4
      with:
        fetch-depth: 2 # needed to diff changed files
    - id: docs_only_check
@ -77,7 +77,7 @@ jobs:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
     - name: Clone the code
       if: (needs.docs_only_check.outputs.docs_only != 'true')
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
     - name: Setup Go # needed for some of the Makefile evaluations, even if building happens in Docker 
       if: (needs.docs_only_check.outputs.docs_only != 'true')
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
--- a/.github/workflows/gitlab.yml
+++ b/.github/workflows/gitlab.yml
@ -37,7 +37,7 @@ jobs:
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
      - name: Clone the code
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          ref: ${{ github.event.pull_request.head.sha || github.sha }} # head SHA if PR, else fallback to push SHA
      - name: Setup Go
--- a/.github/workflows/goreleaser.yaml
+++ b/.github/workflows/goreleaser.yaml
@ -39,7 +39,7 @@ jobs:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

      - name: Checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          fetch-depth: 0
      - name: Set up Go
@ -75,7 +75,7 @@ jobs:
      actions: read # To read the workflow path.
      id-token: write # To sign the provenance.
      contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
    with:
      base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
      upload-assets: true # upload to a new release
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@ -48,7 +48,7 @@ jobs:
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
      - name: Clone the code
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Setup Go
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@ -22,7 +22,7 @@ jobs:
      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
        with:
          go-version: ${{ env.GO_VERSION }}
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -41,7 +41,7 @@ jobs:
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
     - name: Setup Go
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
@ -117,7 +117,7 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-go-
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       with:
          fetch-depth: 0
     - name: Setup Go
@ -147,7 +147,7 @@ jobs:
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
     - name: Setup Go
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
@ -182,7 +182,7 @@ jobs:
        version: ${{ env.PROTOC_VERSION }}
        repo-token: ${{ secrets.GITHUB_TOKEN }}
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       with:
          fetch-depth: 0
     - name: Setup Go
@ -237,7 +237,7 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-go-
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
     - name: Setup Go
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
@ -277,7 +277,7 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-go-
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       with:
          fetch-depth: 0
     - name: Setup Go
@ -306,7 +306,7 @@ jobs:
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
     - name: Setup Go
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
       with:
@ -340,7 +340,7 @@ jobs:
        version: ${{ env.PROTOC_VERSION }}
        repo-token: ${{ secrets.GITHUB_TOKEN }}
     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       with:
          fetch-depth: 0
     - name: Setup Go
@ -369,7 +369,7 @@ jobs:
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v2.2.0
        with:
          go-version: ${{ env.GO_VERSION }}
--- a/.github/workflows/publishimage.yml
+++ b/.github/workflows/publishimage.yml
@ -41,7 +41,7 @@ jobs:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

     - name: Clone the code
-       uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+       uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       with:
          fetch-depth: 0
     - name: Setup Go
@ -62,7 +62,7 @@ jobs:
            make install
            make scorecard-ko
     - name: Install Cosign
-       uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
+       uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
     - name: Sign image
       run: |
          cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v5:${{ github.sha }}
--- a/.github/workflows/scdiff.yml
+++ b/.github/workflows/scdiff.yml
@ -78,7 +78,7 @@ jobs:
              checks = found[1]
            }
            core.exportVariable('SCORECARD_CHECKS', checks)
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          ref: ${{ steps.config.outputs.base }}
      - name: Setup Go
@ -94,7 +94,7 @@ jobs:
          go run cmd/internal/scdiff/main.go generate \
            --repos $HOME/repos.txt \
            --checks $SCORECARD_CHECKS > $HOME/before.json
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          ref: ${{ steps.config.outputs.head }}
      - name: generate after results
--- a/.github/workflows/scorecard-analysis.yml
+++ b/.github/workflows/scorecard-analysis.yml
@ -22,7 +22,7 @@ jobs:

    steps:
      - name: "Checkout code"
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          persist-credentials: false

@ -42,7 +42,7 @@ jobs:
      # uploads of run results in SARIF format to the repository Actions tab.
      # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
      - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
        with:
          name: SARIF file
          path: results.sarif
@ -51,6 +51,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard (optional).
      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3.25.2
        with:
          sarif_file: results.sarif
--- a/.github/workflows/slsa-goreleaser.yml
+++ b/.github/workflows/slsa-goreleaser.yml
@ -19,7 +19,7 @@ jobs:
      go-binary-name: ${{ steps.build.outputs.go-binary-name }}
    steps:
      - id: checkout
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
        with:
          fetch-depth: 0
      - id: ldflags
@ -32,7 +32,7 @@ jobs:
      contents: write
      actions: read
    needs: args
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.10.0 #7f4fdb871876c23e455853d694197440c5a91506
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v2.0.0 #7f4fdb871876c23e455853d694197440c5a91506
    with:
      go-version: ${{ env.GO_VERSION }}
      evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
@ -47,12 +47,12 @@ jobs:
        uses: slsa-framework/slsa-verifier/actions/installer@v2.5.1

      - name: Download the artifact
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
        with:
          name: "${{ needs.build.outputs.go-binary-name }}.intoto.jsonl"

      - name: Download the artifact
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
        with:
          name: ${{ needs.build.outputs.go-binary-name }}