From a83b7fd0bcf0c30570832077e816714ce9327066 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 11:09:02 +0000 Subject: [PATCH] build(deps): bump the ci group with 3 updates Bumps the ci group with 3 updates: [helm/kind-action](https://github.com/helm/kind-action), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) and [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Updates `helm/kind-action` from 1.9.0 to 1.10.0 - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.9.0...v1.10.0) Updates `sigstore/cosign-installer` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.4.0...v3.5.0) Updates `slsa-framework/slsa-github-generator` from 1.10.0 to 2.0.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.10.0...v2.0.0) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/e2e.yaml | 4 ++-- .github/workflows/push-ld.yml | 2 +- .github/workflows/release.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 5a80fc357..10a84ea23 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -38,14 +38,14 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Setup Kubernetes - uses: helm/kind-action@v1.9.0 + uses: helm/kind-action@v1.10.0 if: matrix.provider != 'skipper' with: version: v0.20.0 cluster_name: kind node_image: kindest/node:v1.27.3@sha256:9dd3392d79af1b084671b05bcf65b21de476256ad1dcc853d9f3b10b4ac52dde - name: Setup Kubernetes for skipper - uses: helm/kind-action@v1.9.0 + uses: helm/kind-action@v1.10.0 if: matrix.provider == 'skipper' with: version: v0.20.0 diff --git a/.github/workflows/push-ld.yml b/.github/workflows/push-ld.yml index 24ad028e3..bea33785d 100644 --- a/.github/workflows/push-ld.yml +++ b/.github/workflows/push-ld.yml @@ -17,7 +17,7 @@ jobs: packages: write steps: - uses: actions/checkout@v4 - - uses: sigstore/cosign-installer@v3.4.0 + - uses: sigstore/cosign-installer@v3.5.0 - name: Prepare id: prep run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6a89bcea0..ba77a9753 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: with: go-version: 1.22.x - uses: fluxcd/flux2/action@main - - uses: sigstore/cosign-installer@v3.4.0 + - uses: sigstore/cosign-installer@v3.5.0 - name: Prepare id: prep run: | @@ -146,7 +146,7 @@ jobs: actions: read # for detecting the Github Actions environment. id-token: write # for creating OIDC tokens for signing. contents: write # for uploading attestations to GitHub releases. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: provenance-name: "provenance.intoto.jsonl" base64-subjects: "${{ needs.release-flagger.outputs.hashes }}"