From 668b535511e5036505e567b3316a4631a07f075b Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 21 Jun 2023 02:36:45 +0200 Subject: [PATCH] chore(deps): update workflows (#406) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | patch | `v3.5.2` -> `v3.5.3` | | [docker/login-action](https://togithub.com/docker/login-action) | action | digest | `f4ef78c` -> `465a078` | | [docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action) | action | digest | `4b4e9c3` -> `ecf9528` | | [docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action) | action | digest | `e81a89b` -> `2b82ce8` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.3.6` -> `v2.20.0` | | [golangci/golangci-lint-action](https://togithub.com/golangci/golangci-lint-action) | action | minor | `v3.5.0` -> `v3.6.0` | | [goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action) | action | minor | `v4.2.0` -> `v4.3.0` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.6.0` -> `v1.7.0` | --- ### Release Notes
actions/checkout ### [`v3.5.3`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v353) [Compare Source](https://togithub.com/actions/checkout/compare/v3.5.2...v3.5.3) - [Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in](https://togithub.com/actions/checkout/pull/1196) - [Fix typos found by codespell](https://togithub.com/actions/checkout/pull/1287) - [Add support for sparse checkouts](https://togithub.com/actions/checkout/pull/1369)
github/codeql-action ### [`v2.20.0`](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.3.6...v2.20.0)
golangci/golangci-lint-action ### [`v3.6.0`](https://togithub.com/golangci/golangci-lint-action/releases/tag/v3.6.0) [Compare Source](https://togithub.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0) #### What's Changed - docs: fix example by [@​yuki0920](https://togithub.com/yuki0920) in [https://github.com/golangci/golangci-lint-action/pull/762](https://togithub.com/golangci/golangci-lint-action/pull/762) - doc: Add custom configuration file path to args by [@​Aisuko](https://togithub.com/Aisuko) in [https://github.com/golangci/golangci-lint-action/pull/767](https://togithub.com/golangci/golangci-lint-action/pull/767) - feat: add install-mode by [@​ldez](https://togithub.com/ldez) in [https://github.com/golangci/golangci-lint-action/pull/768](https://togithub.com/golangci/golangci-lint-action/pull/768) - feat: support out-format as args by [@​jrehwaldt](https://togithub.com/jrehwaldt) in [https://github.com/golangci/golangci-lint-action/pull/769](https://togithub.com/golangci/golangci-lint-action/pull/769) - fix: out-format by [@​ldez](https://togithub.com/ldez) in [https://github.com/golangci/golangci-lint-action/pull/770](https://togithub.com/golangci/golangci-lint-action/pull/770) #### New Contributors - [@​yuki0920](https://togithub.com/yuki0920) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/762](https://togithub.com/golangci/golangci-lint-action/pull/762) - [@​Aisuko](https://togithub.com/Aisuko) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/767](https://togithub.com/golangci/golangci-lint-action/pull/767) - [@​ldez](https://togithub.com/ldez) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/768](https://togithub.com/golangci/golangci-lint-action/pull/768) - [@​jrehwaldt](https://togithub.com/jrehwaldt) made their first contribution in [https://github.com/golangci/golangci-lint-action/pull/769](https://togithub.com/golangci/golangci-lint-action/pull/769) **Full Changelog**: https://github.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0
goreleaser/goreleaser-action ### [`v4.3.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.3.0) [Compare Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.2.0...v4.3.0) #### What's Changed - Update in command examples by [@​arnaduga](https://togithub.com/arnaduga) in [https://github.com/goreleaser/goreleaser-action/pull/393](https://togithub.com/goreleaser/goreleaser-action/pull/393) - chore(deps): bump yargs from 17.6.2 to 17.7.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/395](https://togithub.com/goreleaser/goreleaser-action/pull/395) - Improve documentation for use of `GITHUB_TOKEN` by [@​jamietanna](https://togithub.com/jamietanna) in [https://github.com/goreleaser/goreleaser-action/pull/399](https://togithub.com/goreleaser/goreleaser-action/pull/399) - chore(deps): bump actions/setup-go from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/403](https://togithub.com/goreleaser/goreleaser-action/pull/403) - chore(deps): bump docker/bake-action from 2 to 3 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/408](https://togithub.com/goreleaser/goreleaser-action/pull/408) - chore(deps): bump semver from 7.3.8 to 7.5.0 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/407](https://togithub.com/goreleaser/goreleaser-action/pull/407) - Bump setup-go action version to v4 in README by [@​kishaningithub](https://togithub.com/kishaningithub) in [https://github.com/goreleaser/goreleaser-action/pull/411](https://togithub.com/goreleaser/goreleaser-action/pull/411) - ci: split test and validate workflow by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/413](https://togithub.com/goreleaser/goreleaser-action/pull/413) - chore: update yarn to 3.5.1 by [@​crazy-max](https://togithub.com/crazy-max) in [https://github.com/goreleaser/goreleaser-action/pull/412](https://togithub.com/goreleaser/goreleaser-action/pull/412) - chore(deps): bump yargs from 17.7.1 to 17.7.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/goreleaser/goreleaser-action/pull/410](https://togithub.com/goreleaser/goreleaser-action/pull/410) - feat: support nightly by [@​caarlos0](https://togithub.com/caarlos0) in [https://github.com/goreleaser/goreleaser-action/pull/419](https://togithub.com/goreleaser/goreleaser-action/pull/419) #### New Contributors - [@​arnaduga](https://togithub.com/arnaduga) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/393](https://togithub.com/goreleaser/goreleaser-action/pull/393) - [@​jamietanna](https://togithub.com/jamietanna) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/399](https://togithub.com/goreleaser/goreleaser-action/pull/399) - [@​kishaningithub](https://togithub.com/kishaningithub) made their first contribution in [https://github.com/goreleaser/goreleaser-action/pull/411](https://togithub.com/goreleaser/goreleaser-action/pull/411) **Full Changelog**: https://github.com/goreleaser/goreleaser-action/compare/v4.2.0...v4.3.0
slsa-framework/slsa-github-generator ### [`v1.7.0`](https://togithub.com/slsa-framework/slsa-github-generator/releases/tag/v1.7.0) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.6.0...v1.7.0) See the [CHANGELOG](./CHANGELOG.md) for details.
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). đŸšĻ **Automerge**: Disabled by config. Please merge this manually once you are satisfied. â™ģ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. đŸ‘ģ **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner). --- .github/workflows/codeql-analysis.yml | 8 ++++---- .github/workflows/goreleaser.yml | 12 ++++++------ .github/workflows/lint-action/action.yml | 2 +- .github/workflows/lint.yaml | 2 +- .github/workflows/scorecards.yml | 4 ++-- .github/workflows/test.yml | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4b1aa553ca..fdc7f905e1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -40,11 +40,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -55,7 +55,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -69,4 +69,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 43299816e6..7b520ce148 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -21,7 +21,7 @@ jobs: DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: fetch-depth: 0 - name: Set up Go @@ -33,17 +33,17 @@ jobs: uses: ./.github/workflows/test-action - name: Run Lints uses: ./.github/workflows/lint-action - - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2 - - uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2 + - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2 + - uses: docker/setup-buildx-action@ecf95283f03858871ff00b787d79c419715afc34 # v2 - name: ghcr-login - uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run GoReleaser id: run-goreleaser - uses: goreleaser/goreleaser-action@f82d6c1c344bcacabba2c841718984797f664a6b # v4.2.0 + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0 with: version: latest args: release --rm-dist @@ -63,7 +63,7 @@ jobs: actions: read # To read the workflow path. id-token: write # To sign the provenance. contents: write # To add assets to a release. - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.6.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.7.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" upload-assets: true # upload to a new release diff --git a/.github/workflows/lint-action/action.yml b/.github/workflows/lint-action/action.yml index c3ffcf8182..4153a88829 100644 --- a/.github/workflows/lint-action/action.yml +++ b/.github/workflows/lint-action/action.yml @@ -19,7 +19,7 @@ runs: using: composite steps: - name: Run golangci-lint - uses: golangci/golangci-lint-action@5f1fec7010f6ae3b84ea4f7b2129beb8639b564f # v3.5.0 + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: v1.51.1 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 6d19d235bb..f6fe300efc 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false fetch-depth: 0 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 8dde34e34c..ff0800f41e 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6 + uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6673f4db7f..fbfb63ce89 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false fetch-depth: 0