From 88ab076fcab2a15a4fad5c3e9ff3eee95c304638 Mon Sep 17 00:00:00 2001 From: "cluster-stack-bot[bot]" <143188378+cluster-stack-bot[bot]@users.noreply.github.com> Date: Wed, 5 Nov 2025 11:15:45 +0000 Subject: [PATCH] :seedling: Update github-actions group | datasource | package | from | to | | --------------- | ------------------------- | ------- | ------- | | github-tags | actions/cache | v4.2.0 | v4.3.0 | | github-tags | actions/checkout | v4.2.2 | v4.3.0 | | github-tags | actions/setup-go | v5.3.0 | v5.5.0 | | github-tags | docker/build-push-action | v6.13.0 | v6.18.0 | | github-tags | docker/login-action | v3.3.0 | v3.6.0 | | github-tags | docker/metadata-action | v5.6.1 | v5.9.0 | | github-releases | actions/go-versions | 1.22.12 | 1.25.3 | | github-tags | sigstore/cosign-installer | v3.7.0 | v3.10.1 | --- .github/actions/metadata/action.yaml | 2 +- .github/actions/setup-go/action.yaml | 8 ++++---- .github/workflows/build.yaml | 18 +++++++++--------- .../workflows/kubebuilder-markers-checker.yaml | 2 +- .github/workflows/pr-lint.yaml | 2 +- .github/workflows/pr-verify.yaml | 6 +++--- .github/workflows/release.yaml | 16 ++++++++-------- .github/workflows/report-bin-size.yaml | 4 ++-- .../schedule-cache-cleaner-cspo-image.yaml | 2 +- .github/workflows/schedule-scan-image.yaml | 2 +- .github/workflows/schedule-update-bot.yaml | 6 +++--- .github/workflows/test.yaml | 2 +- 12 files changed, 35 insertions(+), 35 deletions(-) diff --git a/.github/actions/metadata/action.yaml b/.github/actions/metadata/action.yaml index bf951c4e..fadc4e87 100644 --- a/.github/actions/metadata/action.yaml +++ b/.github/actions/metadata/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: Docker manager metadata id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: ${{ inputs.metadata_flavor }} diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index 0527d4f9..a3b1ec34 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -4,9 +4,9 @@ runs: using: "composite" steps: - name: Install go - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "1.22" + go-version: "1.25" go-version-file: "go.mod" cache: true cache-dependency-path: go.sum @@ -16,14 +16,14 @@ runs: echo "go-build=$(go env GOCACHE)" >> $GITHUB_OUTPUT echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT - name: Go Mod Cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-mod- - name: Go Build Cache - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8cee49d9..f614793d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -28,16 +28,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - name: Setup Go uses: ./.github/actions/setup-go - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Generate metadata cspo id: metacspo @@ -49,14 +49,14 @@ jobs: metadata_tags: ${{ env.metadata_tags }} - name: Login to ghcr.io for CI - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install Bom shell: bash @@ -73,7 +73,7 @@ jobs: # Load Golang cache build from GitHub - name: Load cspo Golang cache build from GitHub - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 id: cache with: path: /tmp/.cache/cspo @@ -91,7 +91,7 @@ jobs: # Import GitHub's cache build to docker cache - name: Copy cspo Golang cache to docker cache - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: provenance: false context: /tmp/.cache/cspo @@ -101,7 +101,7 @@ jobs: target: import-cache - name: Build and push cspo image - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 id: docker_build_release_cspo with: provenance: false @@ -154,7 +154,7 @@ jobs: # Store docker's golang's cache build locally only on the main branch - name: Store cspo Golang cache build locally if: ${{ steps.cache.outputs.cache-hit != 'true' }} - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: provenance: false context: . diff --git a/.github/workflows/kubebuilder-markers-checker.yaml b/.github/workflows/kubebuilder-markers-checker.yaml index 93cfd72e..fa256b6c 100644 --- a/.github/workflows/kubebuilder-markers-checker.yaml +++ b/.github/workflows/kubebuilder-markers-checker.yaml @@ -14,7 +14,7 @@ jobs: name: check for kubebuilder markers runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 # go is required for building controller-gen - name: Setup Go diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 13f7c10d..e04026e1 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -29,7 +29,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/pr-verify.yaml b/.github/workflows/pr-verify.yaml index d56b8ffd..875078f1 100644 --- a/.github/workflows/pr-verify.yaml +++ b/.github/workflows/pr-verify.yaml @@ -16,7 +16,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ github.event.pull_request.head.sha }} @@ -29,7 +29,7 @@ jobs: - name: Verify Starlark run: make verify-starlark - - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "18" - name: Install renovate @@ -42,7 +42,7 @@ jobs: done - name: Generate Token - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: generate-token with: app-id: ${{ secrets.SCS_APP_ID }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index def4c18b..e5a4a306 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -18,14 +18,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - uses: ./.github/actions/setup-go - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Generate metadata cspo id: metacspo @@ -37,14 +37,14 @@ jobs: metadata_tags: ${{ env.metadata_tags }} - name: Login to ghcr.io for CI - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + uses: sigstore/cosign-installer@7e8b541eb2e61bf99390e1afd4be13a184e9ebc5 # v3.10.1 - name: Install Bom shell: bash @@ -60,7 +60,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Build and push cspo image - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 id: docker_build_release_cspo with: provenance: false @@ -134,7 +134,7 @@ jobs: run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV - name: checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 @@ -154,7 +154,7 @@ jobs: make release-notes - name: Release - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2 + uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2 with: draft: true files: out/* diff --git a/.github/workflows/report-bin-size.yaml b/.github/workflows/report-bin-size.yaml index 3f3b496b..6f7e00a9 100644 --- a/.github/workflows/report-bin-size.yaml +++ b/.github/workflows/report-bin-size.yaml @@ -9,14 +9,14 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Install go - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: go-version-file: "go.mod" cache: true diff --git a/.github/workflows/schedule-cache-cleaner-cspo-image.yaml b/.github/workflows/schedule-cache-cleaner-cspo-image.yaml index 04798cd4..932530b3 100644 --- a/.github/workflows/schedule-cache-cleaner-cspo-image.yaml +++ b/.github/workflows/schedule-cache-cleaner-cspo-image.yaml @@ -15,7 +15,7 @@ jobs: steps: # Load Golang cache build from GitHub - name: Load cspo Golang cache build from GitHub - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 id: cache with: path: /tmp/.cache/cspo diff --git a/.github/workflows/schedule-scan-image.yaml b/.github/workflows/schedule-scan-image.yaml index baa36176..ec56a74f 100644 --- a/.github/workflows/schedule-scan-image.yaml +++ b/.github/workflows/schedule-scan-image.yaml @@ -15,7 +15,7 @@ jobs: password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml index 1f8448af..9357c50c 100644 --- a/.github/workflows/schedule-update-bot.yaml +++ b/.github/workflows/schedule-update-bot.yaml @@ -30,15 +30,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # qemu is not required as of now because we don't build images for arm64 # use docker/setup-qemu-action@v3 if you want to have arm64 images. - name: Set up Docker Buildx # required for building image - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - name: Generate Token - uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 id: generate-token with: app-id: ${{ secrets.SCS_APP_ID }} diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ea4b30fc..02babef5 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -30,7 +30,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Coverage result name id: name run: |