From 4f20be427e5bb394f59c68aa8cf0d8a0812aac57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 08:52:20 +0000 Subject: [PATCH] build(deps): bump the ci group with 3 updates Bumps the ci group with 3 updates: [korthout/backport-action](https://github.com/korthout/backport-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `korthout/backport-action` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/korthout/backport-action/releases) - [Commits](https://github.com/korthout/backport-action/compare/b982d297e31f500652b2246cf26714796312bd23...addffea45a2f0b5682f1d5ba0506f45bc18bf174) Updates `actions/upload-artifact` from 3.1.3 to 4.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/a8a3f3ad30e3422c9c7b888a15615d19a852ae32...c7d193f32edcb7bfad88892161225aeda64e9392) Updates `sigstore/cosign-installer` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/1fc5bd396d372bee37d608f955b336615edf79c8...9614fae9e5c5eddabb09f90a270fcb487c9f7149) --- updated-dependencies: - dependency-name: korthout/backport-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/backport.yaml | 2 +- .github/workflows/ossf.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml index d584e25fbf..54bd068219 100644 --- a/.github/workflows/backport.yaml +++ b/.github/workflows/backport.yaml @@ -17,7 +17,7 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - name: Create backport PRs - uses: korthout/backport-action@b982d297e31f500652b2246cf26714796312bd23 # v2.2.0 + uses: korthout/backport-action@addffea45a2f0b5682f1d5ba0506f45bc18bf174 # v2.3.0 # xref: https://github.com/korthout/backport-action#inputs with: # Use token to allow workflows to be triggered for the created PR diff --git a/.github/workflows/ossf.yaml b/.github/workflows/ossf.yaml index 1b343b7a91..d1b80c1ac5 100644 --- a/.github/workflows/ossf.yaml +++ b/.github/workflows/ossf.yaml @@ -28,7 +28,7 @@ jobs: repo_token: ${{ secrets.GITHUB_TOKEN }} publish_results: true - name: Upload artifact - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e936fc03cb..987ecb818b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -36,7 +36,7 @@ jobs: - name: Setup Syft uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1 - name: Setup Cosign - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 + uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 - name: Setup Kustomize uses: fluxcd/pkg/actions/kustomize@main - name: Login to GitHub Container Registry @@ -155,7 +155,7 @@ jobs: --path="./flux-system" \ --source=${{ github.repositoryUrl }} \ --revision="${{ github.ref_name }}@sha1:${{ github.sha }}" - - uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0 + - uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0 - name: Sign manifests env: COSIGN_EXPERIMENTAL: 1