From 3a965b4edf8f7ba1c90e96b55df08f36bbaab03a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 8 Mar 2024 12:03:51 +0000 Subject: [PATCH] chore(deps): update github-actions --- .github/actions/test-image/action.yaml | 2 +- .github/workflows/build.yaml | 20 +++++++++---------- .github/workflows/chaos-test.yaml | 6 +++--- .github/workflows/check-links.yaml | 2 +- .github/workflows/codeql.yaml | 8 ++++---- .github/workflows/helm-lint.yaml | 4 ++-- .github/workflows/mega-linter.yml | 4 ++-- .github/workflows/release.yaml | 10 +++++----- .../reset-chart-changelog-annotations.yaml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- .../workflows/test-compose-installation.yaml | 2 +- .github/workflows/test-k8s-installation.yaml | 10 +++++----- .../workflows/validate-fhir-resources.yaml | 2 +- .../workflows/validate-gradle-wrapper.yaml | 2 +- .github/workflows/yamllint.yaml | 2 +- 15 files changed, 41 insertions(+), 41 deletions(-) diff --git a/.github/actions/test-image/action.yaml b/.github/actions/test-image/action.yaml index 8049bd68..dd95b489 100644 --- a/.github/actions/test-image/action.yaml +++ b/.github/actions/test-image/action.yaml @@ -19,7 +19,7 @@ runs: using: composite steps: - name: Download artifact - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 if: ${{ github.event_name == 'pull_request' }} with: name: ${{ inputs.project-name }}-build-artifacts diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 88540471..aa6ba761 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -44,11 +44,11 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Container meta id: container_meta - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 with: images: | ${{ env.IMAGE_NAME }} @@ -57,7 +57,7 @@ jobs: - name: Build image id: build - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:buildcache cache-to: type=inline @@ -70,7 +70,7 @@ jobs: MODULE_NAME=${{ inputs.module-name }} - name: Run unit tests - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: cache-from: type=gha cache-to: type=gha,mode=max @@ -81,7 +81,7 @@ jobs: MODULE_NAME=${{ inputs.module-name }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} severity: "CRITICAL" @@ -90,7 +90,7 @@ jobs: timeout: 15m - name: Save Trivy vulnerability attestation - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 + uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0 with: image-ref: ${{ fromJson(steps.container_meta.outputs.json).tags[0] }} exit-code: "0" @@ -99,7 +99,7 @@ jobs: timeout: 15m - name: Upload image vulnerability attestation - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ${{ inputs.module-name }}-attestations path: | @@ -115,7 +115,7 @@ jobs: - name: Upload container image if: ${{ github.event_name == 'pull_request' }} - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: ${{ inputs.module-name }}-build-artifacts path: | @@ -161,13 +161,13 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Download attestations - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: ${{ inputs.module-name }}-attestations path: /tmp - name: Install Cosign - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - name: Sign image run: | diff --git a/.github/workflows/chaos-test.yaml b/.github/workflows/chaos-test.yaml index fc3aca0f..6db2a149 100644 --- a/.github/workflows/chaos-test.yaml +++ b/.github/workflows/chaos-test.yaml @@ -14,10 +14,10 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Build image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: push: false load: true @@ -26,7 +26,7 @@ jobs: ghcr.io/miracum/recruit/chaos-tester:v1 - name: Create KinD cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 with: cluster_name: kind diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml index 0a541c99..b0b1f7dd 100644 --- a/.github/workflows/check-links.yaml +++ b/.github/workflows/check-links.yaml @@ -18,7 +18,7 @@ jobs: - name: Link Checker id: lychee - uses: lycheeverse/lychee-action@c3089c702fbb949e3f7a8122be0c33c017904f9b # v1.9.1 + uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3 with: args: "--config=.lychee.toml ." env: diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 5b50ad81..e78abc31 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -45,7 +45,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Set up Java - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4 + uses: actions/setup-java@9704b39bf258b59bc04b50fa2dd55e9ed76b47a8 # v4 with: java-version: "17" distribution: "adopt" @@ -53,7 +53,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3 + uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -66,7 +66,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3 + uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -79,6 +79,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3 + uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index 8167ad48..d1de3e1c 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -10,7 +10,7 @@ permissions: read-all jobs: lint: runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26 + container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3 steps: - name: Add workspace as safe directory run: | @@ -63,7 +63,7 @@ jobs: - name: Cache kubeconform schemas id: cache-powerlint-kubeconform - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: path: /tmp key: ${{ runner.os }}-powerlint-kubeconform diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 6e2f351b..bddbe25e 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -40,7 +40,7 @@ jobs: id: ml # You can override MegaLinter flavor used to have faster performances # More info at https://oxsecurity.github.io/megalinter/flavors/ - uses: oxsecurity/megalinter@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0 + uses: oxsecurity/megalinter@190cd0dad6dc52b2de5b810e3b290c3d6bdcc0f2 # v7.9.0 env: # All available variables are described in documentation # https://oxsecurity.github.io/megalinter/configuration/ @@ -51,7 +51,7 @@ jobs: # Upload MegaLinter artifacts - name: Archive production artifacts if: ${{ always() }} - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: MegaLinter reports path: | diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a2c69f3b..07053d56 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - name: Add helm repos and update deps run: | @@ -54,7 +54,7 @@ jobs: cosign sign --yes "ghcr.io/${{ github.repository }}/charts/recruit:${CHART_VERSION}" - - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: helm-chart path: | @@ -89,7 +89,7 @@ jobs: CHART_VERSION=$(yq .version recruit/charts/recruit/Chart.yaml) echo "version=${CHART_VERSION}" >> "$GITHUB_OUTPUT" - - uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0 + - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # v6.0.1 with: token: ${{ secrets.token }} path: miracum-charts @@ -101,7 +101,7 @@ jobs: publish-kyverno-policies: name: publish kyverno policies runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26 + container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3 continue-on-error: true steps: - name: Checkout @@ -129,7 +129,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Download Helm chart - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4 with: name: helm-chart path: /tmp diff --git a/.github/workflows/reset-chart-changelog-annotations.yaml b/.github/workflows/reset-chart-changelog-annotations.yaml index d8f2f38c..29a70c71 100644 --- a/.github/workflows/reset-chart-changelog-annotations.yaml +++ b/.github/workflows/reset-chart-changelog-annotations.yaml @@ -16,7 +16,7 @@ jobs: reset-commit-and-push: name: reset changelog annotations, commit, and push runs-on: ubuntu-22.04 - container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26 + container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3 permissions: contents: write steps: @@ -46,7 +46,7 @@ jobs: # use it to replace the entire changelog annotation with a single entry. yq -i '.annotations["artifacthub.io/changes"] |= strenv(FIRST_CHANGELOG_ENTRY)' charts/recruit/Chart.yaml - - uses: EndBug/add-and-commit@1bad3abcf0d6ec49a5857d124b0bfb52dc7bb081 # v9.1.3 + - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 # run everything above in PRs to make sure it works, but only actually commit it on releases if: ${{ github.event_name != 'pull_request' }} with: diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3d0ff06b..7332e394 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # v3.23.1 + uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: sarif_file: results.sarif diff --git a/.github/workflows/test-compose-installation.yaml b/.github/workflows/test-compose-installation.yaml index f700a36f..bb353bb5 100644 --- a/.github/workflows/test-compose-installation.yaml +++ b/.github/workflows/test-compose-installation.yaml @@ -20,7 +20,7 @@ jobs: - name: Download all artifacts if: ${{ github.event_name == 'pull_request' }} - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: path: /tmp diff --git a/.github/workflows/test-k8s-installation.yaml b/.github/workflows/test-k8s-installation.yaml index a7b3579d..32761e33 100644 --- a/.github/workflows/test-k8s-installation.yaml +++ b/.github/workflows/test-k8s-installation.yaml @@ -26,10 +26,10 @@ jobs: helm version - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 - name: Build tester image - uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0 + uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0 with: push: false load: true @@ -40,7 +40,7 @@ jobs: ghcr.io/miracum/recruit/tester:v1 - name: Create k8s KinD cluster - uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 with: cluster_name: kind @@ -60,7 +60,7 @@ jobs: --version 0.20.8 - name: Download all artifacts - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: path: /tmp @@ -115,7 +115,7 @@ jobs: - name: Upload cluster dump if: always() - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: kind-cluster-dump.txt path: | diff --git a/.github/workflows/validate-fhir-resources.yaml b/.github/workflows/validate-fhir-resources.yaml index 2a0dd075..6f846c79 100644 --- a/.github/workflows/validate-fhir-resources.yaml +++ b/.github/workflows/validate-fhir-resources.yaml @@ -12,7 +12,7 @@ jobs: validate-fhir-resource: name: Validate FHIR resources runs-on: ubuntu-22.04 - container: ghcr.io/miracum/ig-build-tools:v2.0.27@sha256:b190ad30beaaad0f581bddadfd73ed37b9bee8aac7f2b2047a028a0348b04dcf + container: ghcr.io/miracum/ig-build-tools:v2.0.49@sha256:79a3b25085173e92c9bfbe70cb3994b766a756ca5a2c28958a219078ae4a92c0 steps: - name: Checkout code uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 diff --git a/.github/workflows/validate-gradle-wrapper.yaml b/.github/workflows/validate-gradle-wrapper.yaml index 036f620e..d780e56d 100644 --- a/.github/workflows/validate-gradle-wrapper.yaml +++ b/.github/workflows/validate-gradle-wrapper.yaml @@ -15,4 +15,4 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: gradle/wrapper-validation-action@27152f6fa06a6b8062ef7195c795692e51fc2c81 # v2.0.0 + - uses: gradle/wrapper-validation-action@699bb18358f12c5b78b37bb0111d3a0e2276e0e2 # v2.1.1 diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml index 9bbfb9fa..fcdf5ffd 100644 --- a/.github/workflows/yamllint.yaml +++ b/.github/workflows/yamllint.yaml @@ -18,7 +18,7 @@ jobs: yamllint: runs-on: ubuntu-22.04 # contains yamllint - container: ghcr.io/chgl/kube-powertools:v2.2.32@sha256:f2d27b59839cec4dd73da763e354d6515a7a297aeebffa8f07fac4c977123f26 + container: ghcr.io/chgl/kube-powertools:v2.2.45@sha256:d0302d4c420535422c51c8eb8ab4005b17a3892dfad8580e91b2c23bf16927f3 steps: - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1