mirror of
https://github.com/ossf/scorecard.git
synced 2024-08-15 19:30:40 +03:00
🌱 Bump the github-actions group with 6 updates (#3860)
Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.6.1` | `2.7.0` | | [nick-invision/retry](https://github.com/nick-invision/retry) | `2.9.0` | `3.0.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.5` | `3.1.6` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.3.0` | `3.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.0` | `4.3.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.1` | `4.1.2` | Updates `step-security/harden-runner` from 2.6.1 to 2.7.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](eb238b55ef...63c24ba6bd
) Updates `nick-invision/retry` from 2.9.0 to 3.0.0 - [Release notes](https://github.com/nick-invision/retry/releases) - [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js) - [Commits](14672906e6...7152eba30c
) Updates `codecov/codecov-action` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](4fe8c5f003...ab904c41d6
) Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](9614fae9e5...e1523de757
) Updates `actions/upload-artifact` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](26f96dfa69...5d5d22a312
) Updates `actions/download-artifact` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](6b208ae046...eaceaf801f
) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: nick-invision/retry dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
parent
64d330790d
commit
fb3edd9d63
2
.github/workflows/codeql-analysis.yml
vendored
2
.github/workflows/codeql-analysis.yml
vendored
@ -55,7 +55,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
|
2
.github/workflows/docker.yml
vendored
2
.github/workflows/docker.yml
vendored
@ -70,7 +70,7 @@ jobs:
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
if: (needs.docs_only_check.outputs.docs_only != 'true')
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Clone the code
|
||||
|
8
.github/workflows/gitlab.yml
vendored
8
.github/workflows/gitlab.yml
vendored
@ -33,7 +33,7 @@ jobs:
|
||||
environment: gitlab
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Clone the code
|
||||
@ -66,7 +66,7 @@ jobs:
|
||||
go mod download
|
||||
|
||||
- name: Run GitLab tokenless E2E
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
|
||||
if: github.event_name == 'pull_request'
|
||||
with:
|
||||
max_attempts: 3
|
||||
@ -75,7 +75,7 @@ jobs:
|
||||
command: make e2e-gitlab
|
||||
|
||||
- name: Run GitLab PAT E2E # skip if auth token is not available
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
|
||||
if: ${{ github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
|
||||
env:
|
||||
GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }}
|
||||
@ -86,7 +86,7 @@ jobs:
|
||||
command: make e2e-gitlab-token
|
||||
|
||||
- name: codecov
|
||||
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 3.1.5
|
||||
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 3.1.6
|
||||
with:
|
||||
files: "*e2e-coverage.out"
|
||||
verbose: true
|
||||
|
2
.github/workflows/goreleaser.yaml
vendored
2
.github/workflows/goreleaser.yaml
vendored
@ -34,7 +34,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
|
8
.github/workflows/integration.yml
vendored
8
.github/workflows/integration.yml
vendored
@ -31,7 +31,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
@ -44,7 +44,7 @@ jobs:
|
||||
needs: [approve]
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Clone the code
|
||||
@ -77,7 +77,7 @@ jobs:
|
||||
go mod download
|
||||
|
||||
- name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled.
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
|
||||
env:
|
||||
GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
@ -87,7 +87,7 @@ jobs:
|
||||
command: make e2e-gh-token
|
||||
|
||||
- name: codecov
|
||||
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 3.1.5
|
||||
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 3.1.6
|
||||
with:
|
||||
files: "*e2e-coverage.out"
|
||||
verbose: true
|
||||
|
2
.github/workflows/lint.yml
vendored
2
.github/workflows/lint.yml
vendored
@ -19,7 +19,7 @@ jobs:
|
||||
name: check-linter
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
- uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
|
38
.github/workflows/main.yml
vendored
38
.github/workflows/main.yml
vendored
@ -37,7 +37,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Clone the code
|
||||
@ -68,12 +68,12 @@ jobs:
|
||||
- name: Run unit-tests
|
||||
run: make unit-test
|
||||
- name: Upload codecoverage
|
||||
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 3.1.5
|
||||
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 3.1.6
|
||||
with:
|
||||
files: ./unit-coverage.out
|
||||
verbose: true
|
||||
- name: Run PAT Token E2E #using retry because the GitHub token is being throttled.
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }}
|
||||
env:
|
||||
GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
|
||||
@ -83,7 +83,7 @@ jobs:
|
||||
timeout_minutes: 30
|
||||
command: make e2e-pat
|
||||
- name: codecov
|
||||
uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 2.1.0
|
||||
uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 2.1.0
|
||||
if: ${{ github.event_name != 'pull_request' || github.actor != 'dependabot[bot]' }}
|
||||
with:
|
||||
files: "*e2e-coverage.out"
|
||||
@ -95,7 +95,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
@ -127,7 +127,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: generate mocks
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -143,7 +143,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Clone the code
|
||||
@ -155,7 +155,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: generate docs
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -172,7 +172,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
@ -192,7 +192,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: build-proto
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -221,7 +221,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Cache builds
|
||||
@ -245,7 +245,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: Run build
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -260,7 +260,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
@ -287,7 +287,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: Run build
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -302,7 +302,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
- name: Clone the code
|
||||
@ -314,7 +314,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: Run build
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -330,7 +330,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
@ -350,7 +350,7 @@ jobs:
|
||||
check-latest: true
|
||||
cache: true
|
||||
- name: Run build
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -365,7 +365,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
|
6
.github/workflows/publishimage.yml
vendored
6
.github/workflows/publishimage.yml
vendored
@ -35,7 +35,7 @@ jobs:
|
||||
COSIGN_EXPERIMENTAL: "true"
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
@ -51,7 +51,7 @@ jobs:
|
||||
- name: install ko
|
||||
uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
|
||||
- name: publishimage
|
||||
uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
|
||||
uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e
|
||||
with:
|
||||
max_attempts: 3
|
||||
retry_on: error
|
||||
@ -61,7 +61,7 @@ jobs:
|
||||
make install
|
||||
make scorecard-ko
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4
|
||||
- name: Sign image
|
||||
run: |
|
||||
cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }}
|
||||
|
2
.github/workflows/scorecard-analysis.yml
vendored
2
.github/workflows/scorecard-analysis.yml
vendored
@ -40,7 +40,7 @@ jobs:
|
||||
# https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
|
||||
# Optional.
|
||||
- name: "Upload artifact"
|
||||
uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v3
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v3
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
|
4
.github/workflows/slsa-goreleaser.yml
vendored
4
.github/workflows/slsa-goreleaser.yml
vendored
@ -47,12 +47,12 @@ jobs:
|
||||
uses: slsa-framework/slsa-verifier/actions/installer@v2.4.1
|
||||
|
||||
- name: Download the artifact
|
||||
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
with:
|
||||
name: "${{ needs.build.outputs.go-binary-name }}.intoto.jsonl"
|
||||
|
||||
- name: Download the artifact
|
||||
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
with:
|
||||
name: ${{ needs.build.outputs.go-binary-name }}
|
||||
|
||||
|
2
.github/workflows/stale.yml
vendored
2
.github/workflows/stale.yml
vendored
@ -27,7 +27,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
|
2
.github/workflows/verify.yml
vendored
2
.github/workflows/verify.yml
vendored
@ -26,7 +26,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Harden Runner
|
||||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1
|
||||
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1
|
||||
with:
|
||||
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user