Skip to content

Commit

Permalink
chore(deps): update github-actions
Browse files Browse the repository at this point in the history
  • Loading branch information
renovate[bot] authored Mar 8, 2024
1 parent 5eb4170 commit 3a965b4
Show file tree
Hide file tree
Showing 15 changed files with 41 additions and 41 deletions.
2 changes: 1 addition & 1 deletion .github/actions/test-image/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ runs:
using: composite
steps:
- name: Download artifact
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
if: ${{ github.event_name == 'pull_request' }}
with:
name: ${{ inputs.project-name }}-build-artifacts
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,11 +44,11 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0

- name: Container meta
id: container_meta
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
with:
images: |
${{ env.IMAGE_NAME }}
Expand All @@ -57,7 +57,7 @@ jobs:
- name: Build image
id: build
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
with:
cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache
cache-to: type=inline
Expand All @@ -70,7 +70,7 @@ jobs:
MODULE_NAME=${{ inputs.module-name }}
- name: Run unit tests
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
with:
cache-from: type=gha
cache-to: type=gha,mode=max
Expand All @@ -81,7 +81,7 @@ jobs:
MODULE_NAME=${{ inputs.module-name }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0
with:
image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }}
severity: "CRITICAL"
Expand All @@ -90,7 +90,7 @@ jobs:
timeout: 15m

- name: Save Trivy vulnerability attestation
uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1
uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0
with:
image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }}
exit-code: "0"
Expand All @@ -99,7 +99,7 @@ jobs:
timeout: 15m

- name: Upload image vulnerability attestation
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ inputs.module-name }}-attestations
path: |
Expand All @@ -115,7 +115,7 @@ jobs:
- name: Upload container image
if: ${{ github.event_name == 'pull_request' }}
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ inputs.module-name }}-build-artifacts
path: |
Expand Down Expand Up @@ -161,13 +161,13 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Download attestations
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: ${{ inputs.module-name }}-attestations
path: /tmp

- name: Install Cosign
uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0

- name: Sign image
run: |
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/chaos-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0

- name: Build image
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
with:
push: false
load: true
Expand All @@ -26,7 +26,7 @@ jobs:
ghcr.io/miracum/recruit/chaos-tester:v1
- name: Create KinD cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
with:
cluster_name: kind

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check-links.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:

- name: Link Checker
id: lychee
uses: lycheeverse/lychee-action@c3089c702fbb949e3f7a8122be0c33c017904f9b # v1.9.1
uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3
with:
args: "--config=.lychee.toml ."
env:
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/codeql.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,15 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4

- name: Set up Java
uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4
uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4
with:
java-version: "17"
distribution: "adopt"
cache: gradle

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3
uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -66,7 +66,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3
uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -79,6 +79,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3
uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3
with:
category: "/language:${{matrix.language}}"
4 changes: 2 additions & 2 deletions .github/workflows/helm-lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ permissions: read-all
jobs:
lint:
runs-on: ubuntu-22.04
container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26
container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3
steps:
- name: Add workspace as safe directory
run: |
Expand Down Expand Up @@ -63,7 +63,7 @@ jobs:

- name: Cache kubeconform schemas
id: cache-powerlint-kubeconform
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
with:
path: /tmp
key: ${{ runner.os }}-powerlint-kubeconform
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/mega-linter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
id: ml
# You can override MegaLinter flavor used to have faster performances
# More info at https://oxsecurity.github.io/megalinter/flavors/
uses: oxsecurity/megalinter@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0
uses: oxsecurity/megalinter@190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2 # v7.9.0
env:
# All available variables are described in documentation
# https://oxsecurity.github.io/megalinter/configuration/
Expand All @@ -51,7 +51,7 @@ jobs:
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: ${{ always() }}
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: MegaLinter reports
path: |
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
repo-token: ${{ secrets.GITHUB_TOKEN }}

- name: Install Cosign
uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0

- name: Add helm repos and update deps
run: |
Expand All @@ -54,7 +54,7 @@ jobs:
cosign sign --yes "ghcr.io/${{ github.repository }}/charts/recruit:${CHART_VERSION}"
- uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: helm-chart
path: |
Expand Down Expand Up @@ -89,7 +89,7 @@ jobs:
CHART_VERSION=$(yq .version recruit/charts/recruit/Chart.yaml)
echo "version=${CHART_VERSION}" >> "$GITHUB_OUTPUT"
- uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
- uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1
with:
token: ${{ secrets.token }}
path: miracum-charts
Expand All @@ -101,7 +101,7 @@ jobs:
publish-kyverno-policies:
name: publish kyverno policies
runs-on: ubuntu-22.04
container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26
container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3
continue-on-error: true
steps:
- name: Checkout
Expand Down Expand Up @@ -129,7 +129,7 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Download Helm chart
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4
with:
name: helm-chart
path: /tmp
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/reset-chart-changelog-annotations.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
reset-commit-and-push:
name: reset changelog annotations, commit, and push
runs-on: ubuntu-22.04
container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26
container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3
permissions:
contents: write
steps:
Expand Down Expand Up @@ -46,7 +46,7 @@ jobs:
# use it to replace the entire changelog annotation with a single entry.
yq -i '.annotations["artifacthub.io/changes"] |= strenv(FIRST_CHANGELOG_ENTRY)' charts/recruit/Chart.yaml
- uses: EndBug/add-and-commit@1bad3abcf0d6ec49a5857d124b0bfb52dc7bb081 # v9.1.3
- uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
# run everything above in PRs to make sure it works, but only actually commit it on releases
if: ${{ github.event_name != 'pull_request' }}
with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,14 +59,14 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: SARIF file
path: results.sarif
retention-days: 5

# Upload the results to GitHub's code scanning dashboard.
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1
uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
with:
sarif_file: results.sarif
2 changes: 1 addition & 1 deletion .github/workflows/test-compose-installation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:

- name: Download all artifacts
if: ${{ github.event_name == 'pull_request' }}
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
path: /tmp

Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/test-k8s-installation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ jobs:
helm version
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0

- name: Build tester image
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
with:
push: false
load: true
Expand All @@ -40,7 +40,7 @@ jobs:
ghcr.io/miracum/recruit/tester:v1
- name: Create k8s KinD cluster
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
with:
cluster_name: kind

Expand All @@ -60,7 +60,7 @@ jobs:
--version 0.20.8
- name: Download all artifacts
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
path: /tmp

Expand Down Expand Up @@ -115,7 +115,7 @@ jobs:
- name: Upload cluster dump
if: always()
uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: kind-cluster-dump.txt
path: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-fhir-resources.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
validate-fhir-resource:
name: Validate FHIR resources
runs-on: ubuntu-22.04
container: ghcr.io/miracum/ig-build-tools:v2.0.27@sha256:b190ad30beaaad0f581bddadfd73ed37b9bee8aac7f2b2047a028a0348b04dcf
container: ghcr.io/miracum/ig-build-tools:v2.0.49@sha256:79a3b25085173e92c9bfbe70cb3994b766a756ca5a2c28958a219078ae4a92c0
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-gradle-wrapper.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ jobs:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0
- uses: gradle/wrapper-validation-action@699bb18358f12c5b78b37bb0111d3a0e2276e0e2 # v2.1.1
2 changes: 1 addition & 1 deletion .github/workflows/yamllint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
yamllint:
runs-on: ubuntu-22.04
# contains yamllint
container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26
container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
Expand Down

0 comments on commit 3a965b4

Please sign in to comment.