From fb3edd9d63f0c84858d88a65c47205676e330489 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Feb 2024 12:21:56 -0800 Subject: [PATCH] :seedling: Bump the github-actions group with 6 updates (#3860) Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.6.1` | `2.7.0` | | [nick-invision/retry](https://github.com/nick-invision/retry) | `2.9.0` | `3.0.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.5` | `3.1.6` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.3.0` | `3.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.0` | `4.3.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.1` | `4.1.2` | Updates `step-security/harden-runner` from 2.6.1 to 2.7.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/eb238b55efaa70779f274895e782ed17c84f2895...63c24ba6bd7ba022e95695ff85de572c04a18142) Updates `nick-invision/retry` from 2.9.0 to 3.0.0 - [Release notes](https://github.com/nick-invision/retry/releases) - [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js) - [Commits](https://github.com/nick-invision/retry/compare/14672906e672a08bd6eeb15720e9ed3ce869cdd4...7152eba30c6575329ac0576536151aca5a72780e) Updates `codecov/codecov-action` from 3.1.5 to 3.1.6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0...ab904c41d6ece82784817410c45d8b8c02684457) Updates `sigstore/cosign-installer` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/9614fae9e5c5eddabb09f90a270fcb487c9f7149...e1523de7571e31dbe865fd2e80c5c7c23ae71eb4) Updates `actions/upload-artifact` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) Updates `actions/download-artifact` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/6b208ae046db98c579e8a3aa621ab581ff575935...eaceaf801fd36c7dee90939fad912460b18a1ffe) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: nick-invision/retry dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/gitlab.yml | 8 ++--- .github/workflows/goreleaser.yaml | 2 +- .github/workflows/integration.yml | 8 ++--- .github/workflows/lint.yml | 2 +- .github/workflows/main.yml | 38 ++++++++++++------------ .github/workflows/publishimage.yml | 6 ++-- .github/workflows/scorecard-analysis.yml | 2 +- .github/workflows/slsa-goreleaser.yml | 4 +-- .github/workflows/stale.yml | 2 +- .github/workflows/verify.yml | 2 +- 12 files changed, 39 insertions(+), 39 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 28167f1b..c2837147 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -55,7 +55,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index d9f61506..101d0200 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -70,7 +70,7 @@ jobs: steps: - name: Harden Runner if: (needs.docs_only_check.outputs.docs_only != 'true') - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code diff --git a/.github/workflows/gitlab.yml b/.github/workflows/gitlab.yml index a1fb9614..b2000812 100644 --- a/.github/workflows/gitlab.yml +++ b/.github/workflows/gitlab.yml @@ -33,7 +33,7 @@ jobs: environment: gitlab steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -66,7 +66,7 @@ jobs: go mod download - name: Run GitLab tokenless E2E - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 if: github.event_name == 'pull_request' with: max_attempts: 3 @@ -75,7 +75,7 @@ jobs: command: make e2e-gitlab - name: Run GitLab PAT E2E # skip if auth token is not available - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 if: ${{ github.event_name == 'push' && github.actor != 'dependabot[bot]' }} env: GITLAB_AUTH_TOKEN: ${{ secrets.GITLAB_TOKEN }} @@ -86,7 +86,7 @@ jobs: command: make e2e-gitlab-token - name: codecov - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 3.1.5 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 3.1.6 with: files: "*e2e-coverage.out" verbose: true diff --git a/.github/workflows/goreleaser.yaml b/.github/workflows/goreleaser.yaml index b80c0982..0e609cee 100644 --- a/.github/workflows/goreleaser.yaml +++ b/.github/workflows/goreleaser.yaml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 4fcd7007..97e75b1e 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -31,7 +31,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -44,7 +44,7 @@ jobs: needs: [approve] steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -77,7 +77,7 @@ jobs: go mod download - name: Run GITHUB_TOKEN E2E #using retry because the GitHub token is being throttled. - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 env: GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -87,7 +87,7 @@ jobs: command: make e2e-gh-token - name: codecov - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 3.1.5 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 3.1.6 with: files: "*e2e-coverage.out" verbose: true diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f25c6e31..766789e9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -19,7 +19,7 @@ jobs: name: check-linter runs-on: ubuntu-latest steps: - - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e1dfeb3c..1c118f03 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -68,12 +68,12 @@ jobs: - name: Run unit-tests run: make unit-test - name: Upload codecoverage - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 3.1.5 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 3.1.6 with: files: ./unit-coverage.out verbose: true - name: Run PAT Token E2E #using retry because the GitHub token is being throttled. - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} env: GITHUB_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }} @@ -83,7 +83,7 @@ jobs: timeout_minutes: 30 command: make e2e-pat - name: codecov - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # 2.1.0 + uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # 2.1.0 if: ${{ github.event_name != 'pull_request' || github.actor != 'dependabot[bot]' }} with: files: "*e2e-coverage.out" @@ -95,7 +95,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -127,7 +127,7 @@ jobs: check-latest: true cache: true - name: generate mocks - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e with: max_attempts: 3 retry_on: error @@ -143,7 +143,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -155,7 +155,7 @@ jobs: check-latest: true cache: true - name: generate docs - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 with: max_attempts: 3 retry_on: error @@ -172,7 +172,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -192,7 +192,7 @@ jobs: check-latest: true cache: true - name: build-proto - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e with: max_attempts: 3 retry_on: error @@ -221,7 +221,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Cache builds @@ -245,7 +245,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 # v2.9.0 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 with: max_attempts: 3 retry_on: error @@ -260,7 +260,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -287,7 +287,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e with: max_attempts: 3 retry_on: error @@ -302,7 +302,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Clone the code @@ -314,7 +314,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e with: max_attempts: 3 retry_on: error @@ -330,7 +330,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -350,7 +350,7 @@ jobs: check-latest: true cache: true - name: Run build - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e with: max_attempts: 3 retry_on: error @@ -365,7 +365,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/publishimage.yml b/.github/workflows/publishimage.yml index 6f4cce86..0cc71cb2 100644 --- a/.github/workflows/publishimage.yml +++ b/.github/workflows/publishimage.yml @@ -35,7 +35,7 @@ jobs: COSIGN_EXPERIMENTAL: "true" steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -51,7 +51,7 @@ jobs: - name: install ko uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 - name: publishimage - uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4 + uses: nick-invision/retry@7152eba30c6575329ac0576536151aca5a72780e with: max_attempts: 3 retry_on: error @@ -61,7 +61,7 @@ jobs: make install make scorecard-ko - name: Install Cosign - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 - name: Sign image run: | cosign sign --yes ghcr.io/${{github.repository_owner}}/scorecard/v4:${{ github.sha }} diff --git a/.github/workflows/scorecard-analysis.yml b/.github/workflows/scorecard-analysis.yml index ccdeff43..093312b1 100644 --- a/.github/workflows/scorecard-analysis.yml +++ b/.github/workflows/scorecard-analysis.yml @@ -40,7 +40,7 @@ jobs: # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts # Optional. - name: "Upload artifact" - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v3 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/slsa-goreleaser.yml b/.github/workflows/slsa-goreleaser.yml index 6f36dd02..0d14c521 100644 --- a/.github/workflows/slsa-goreleaser.yml +++ b/.github/workflows/slsa-goreleaser.yml @@ -47,12 +47,12 @@ jobs: uses: slsa-framework/slsa-verifier/actions/installer@v2.4.1 - name: Download the artifact - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: "${{ needs.build.outputs.go-binary-name }}.intoto.jsonl" - name: Download the artifact - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: ${{ needs.build.outputs.go-binary-name }} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index b74a8104..e0cbc5e2 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index e6024834..52a2af8d 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -26,7 +26,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v1 + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs