Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #369

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update github-actions #369

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 24, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/cache action minor v4.1.1 -> v4.2.0
actions/checkout action patch v4.2.1 -> v4.2.2
actions/setup-java action minor v4.4.0 -> v4.5.0
actions/setup-python action minor v5.2.0 -> v5.3.0
aquasecurity/trivy-action action minor 0.28.0 -> 0.29.0
docker/build-push-action action minor v6.9.0 -> v6.10.0
docker/metadata-action action minor v5.5.1 -> v5.6.1
ghcr.io/chgl/kube-powertools container patch v2.3.27 -> v2.3.34
ghcr.io/miracum/ig-build-tools container patch v2.1.6 -> v2.1.10
github/codeql-action action minor v3.26.13 -> v3.27.9
gradle/actions action minor v4.1.0 -> v4.2.1
lycheeverse/lychee-action action minor v2.0.2 -> v2.1.0
oxsecurity/megalinter action minor v8.1.0 -> v8.3.0
softprops/action-gh-release action minor v2.0.8 -> v2.2.0
yogeshlonkar/trivy-cache-action action patch v0.1.8 -> v0.1.10

Release Notes

actions/cache (actions/cache)

v4.2.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

Full Changelog: actions/cache@v4...v4.2.0

v4.1.2

Compare Source

What's Changed
New Contributors

Full Changelog: actions/cache@v4...v4.1.2

actions/checkout (actions/checkout)

v4.2.2

Compare Source

actions/setup-java (actions/setup-java)

v4.5.0

Compare Source

What's Changed

Bug fixes:
New Contributors:

Full Changelog: actions/setup-java@v4...v4.5.0

actions/setup-python (actions/setup-python)

v5.3.0

Compare Source

What's Changed
Bug Fixes:
Enhancements:
New Contributors

Full Changelog: actions/setup-python@v5...v5.3.0

aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.29.0

Compare Source

What's Changed
New Contributors

Full Changelog: aquasecurity/trivy-action@0.28.0...0.29.0

docker/build-push-action (docker/build-push-action)

v6.10.0

Compare Source

Full Changelog: docker/build-push-action@v6.9.0...v6.10.0

docker/metadata-action (docker/metadata-action)

v5.6.1

Compare Source

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

Compare Source

Full Changelog: docker/metadata-action@v5.5.1...v5.6.0

chgl/kube-powertools (ghcr.io/chgl/kube-powertools)

v2.3.34

Compare Source

Bug Fixes
  • use app token for releases (4151c33)

v2.3.30

Compare Source

Miscellaneous Chores
  • deps: update all non-major dependencies (fb7c564)

v2.3.29

Compare Source

Miscellaneous Chores
  • deps: update docker.io/nginxinc/nginx-unprivileged:1.27.2 docker digest to 1492491 (#​481) (60c87ae)
  • deps: update lycheeverse/lychee-action action to v2 (#​484) (9a9ffd5)

v2.3.28

Compare Source

Miscellaneous Chores
  • deps: update all non-major dependencies (8dead52)
  • deps: update github-actions (bf35c66)
miracum/ig-build-tools (ghcr.io/miracum/ig-build-tools)

v2.1.10

Compare Source

Bug Fixes

v2.1.9

Compare Source

Miscellaneous Chores

v2.1.8

Compare Source

Miscellaneous Chores

v2.1.7

Compare Source

Miscellaneous Chores
  • deps: update all non-major dependencies (8d9e829)
  • deps: update all non-major dependencies (8f475c6)
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to 22639ff (18913e9)
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to a271604 (994236f)
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to cc5855a (338ac43)
  • deps: update github-actions (8ed9c79)
  • deps: update github-actions (5504b9f)
  • deps: update github-actions (6f502c3)
  • deps: updated node, java, fhir terminal and re-ordered Dockerfile (#​195) (4436296)
github/codeql-action (github/codeql-action)

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

v3.27.6

Compare Source

v3.27.5

Compare Source

v3.27.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024
  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #​2590

See the full CHANGELOG.md for more information.

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024
  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
  • Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

gradle/actions (gradle/actions)

v4.2.1

Compare Source

This patch release fixes some issues with Develocity and Build Scan integration:

  • Build scan links not captured in project using plugin com.gradle.enteprise:3.18.2 (#​449)
  • Enabling build-scan-publish causes some Develocity injection parameters to be ignored (#​447)
  • Setting develocity-ccud-plugin-version parameter is ignored (#​446)
What's Changed
New Contributors

Full Changelog: gradle/actions@v4.2.0...v4.2.1

v4.2.0

Compare Source

This release fixes a bug that prevents cache-cleanup from working with Gradle 8.11.
A number of improvements to cache reporting are also included.

What's Changed

Full Changelog: gradle/actions@v4.1.0...v4.2.0

lycheeverse/lychee-action (lycheeverse/lychee-action)

v2.1.0: Version 2.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: lycheeverse/lychee-action@v2...v2.1.0

oxsecurity/megalinter (oxsecurity/megalinter)

v8.3.0

Compare Source

  • Core

    • Display command log (truncated to 250 chars) even when LOG_LEVEL is not DEBUG
    • Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise)
    • Fix handling of git submodule paths

  • Fixes

    • trivy: retry in case of BLOB_UNKNOWN while downloading vulnerability list

  • Reporters

    • Fix UpdatedSourcesReporter when APPLY_FIXES is list (array)
    • Fix AzureCommentReporter when the repo is not found: fallback using BUILD_REPOSITORY_ID. (+ disable space replacement in repo name with AZURE_COMMENT_REPORTER_REPLACE_WITH_SPACES: false)

  • CI

    • Fix Docker mirroring job for release context
    • Remove max parallel jobs for release linters workflow

  • Linter versions upgrades (13)

v8.2.0

Compare Source

  • Media

  • Linters enhancements

    • detekt Enable SARIF output + count errors
    • lintr: Support files in subdirectories, fix unit tests
    • phpcs: Activate APPLY_FIXES
    • Salesforce linters: Add SF_CLI_DISABLE_AUTOUPDATE for SF CLI JIT plugins
    • trivy: handle retry if failed to download Java DB is detected
    • tsqllint Re-enabled after .net 8 and security updates

  • Fixes

    • Add message in PR comment if FAIL_IF_UPDATED_SOURCES is triggered
    • Fix linting errors in GitHub Actions template

  • Reporters

    • UpdatedSourcesReporter will git commit & push fixed files to source branch if APPLY_FIXES is set
    • Fix AzureCommentReporter not adding comments to PR
    • Fix AzureCommentReporter fails when target repo contains spaces

  • Doc

    • Updated documentation with Azure central pipeline use case
    • Update DevSkim documentation to show a valid exclusion config file
    • Note about risky rules and how to fix rule violations with PHP-CS-Fixer

  • CI

    • Also prune volumes before pulling and pushing to docker hub
    • Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
    • Squash docker images to have less layers and size
    • Comment jobs related to GitHub Worker images, as CodeTotal is not actively maintained
    • Make gitpod workflow not blocking until uv install is fixed
    • Update stale comment
    • Try several times to embed trivy db during Docker build, as a workaround to the random failures
    • Wait 10 secondes instead of 1 before retrying a failing test method, to avoid race conditions

  • Linter versions upgrades (104)

softprops/action-gh-release (softprops/action-gh-release)

v2.2.0

Compare Source

What's Changed
Exciting New Features 🎉
Bug fixes 🐛
Other Changes 🔄
New Contributors

Full Changelog: softprops/action-gh-release@v2.1.0...v2.2.0

v2.1.0

Compare Source

What's Changed

Exciting New Features 🎉
Other Changes 🔄

New Contributors

Full Changelog: softprops/action-gh-release@v2...v2.1.0

v2.0.9

Compare Source

What's Changed

  • maintenance release with updated dependencies

New Contributors

Full Changelog: softprops/action-gh-release@v2...v2.0.9

yogeshlonkar/trivy-cache-action (yogeshlonkar/trivy-cache-action)

v0.1.10

Compare Source

What's Changed

Full Changelog: yogeshlonkar/trivy-cache-action@v0.1.9...v0.1.10

v0.1.9

Compare Source

What's Changed

Full Changelog: yogeshlonkar/trivy-cache-action@v0.1.8...v0.1.9

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 24, 2024
edited
Loading

🦙 MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 18 0 0.22s
✅ BASH bash-exec 5 0 0.03s
✅ BASH shellcheck 2 0 0.11s
⚠️ BASH shfmt 5 1 0.01s
⚠️ CSHARP csharpier 1 1 1.35s
⚠️ CSHARP dotnet-format yes 1 0.91s
✅ CSHARP roslynator 1 0 17.7s
✅ CSS stylelint 1 0 1.67s
✅ DOCKERFILE hadolint 4 0 0.22s
✅ EDITORCONFIG editorconfig-checker 379 0 4.29s
✅ ENV dotenv-linter 1 0 0.0s
✅ GROOVY npm-groovy-lint 7 0 13.32s
✅ HTML djlint 2 0 1.39s
✅ HTML htmlhint 2 0 0.36s
✅ JAVA checkstyle 59 0 7.31s
✅ JSON jsonlint 31 0 0.28s
⚠️ JSON prettier 31 1 4.8s
✅ JSON v8r 31 0 85.29s
⚠️ MARKDOWN markdownlint 22 190 1.61s
✅ PYTHON bandit 1 0 2.13s
✅ PYTHON black 1 0 1.61s
✅ PYTHON flake8 1 0 0.72s
✅ PYTHON isort 1 0 0.39s
✅ PYTHON mypy 1 0 9.88s
✅ PYTHON ruff 1 0 0.02s
✅ REPOSITORY checkov yes no 25.54s
✅ REPOSITORY gitleaks yes no 2.07s
✅ REPOSITORY git_diff yes no 0.14s
✅ REPOSITORY kics yes no 57.45s
✅ REPOSITORY secretlint yes no 2.24s
✅ REPOSITORY syft yes no 3.53s
❌ REPOSITORY trivy yes 1 20.53s
✅ REPOSITORY trivy-sbom yes no 2.15s
✅ REPOSITORY trufflehog yes no 7.2s
✅ XML xmllint 3 0 0.01s
✅ YAML prettier 111 0 2.71s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/github-actions branch from 097caf3 to 9aee785 Compare October 24, 2024 16:59
@renovate renovate bot force-pushed the renovate/github-actions branch 6 times, most recently from ca541c6 to 2ae5589 Compare November 7, 2024 15:28
@renovate renovate bot force-pushed the renovate/github-actions branch 6 times, most recently from 38d1f3f to 29ea524 Compare November 14, 2024 14:43
@renovate renovate bot force-pushed the renovate/github-actions branch 8 times, most recently from 7c153b6 to 290ee56 Compare November 23, 2024 11:20
@renovate renovate bot force-pushed the renovate/github-actions branch 8 times, most recently from e746fb5 to 5a599ad Compare December 3, 2024 12:34
@renovate renovate bot force-pushed the renovate/github-actions branch 3 times, most recently from 92582cd to d6314c5 Compare December 11, 2024 04:21
@renovate renovate bot force-pushed the renovate/github-actions branch from d6314c5 to 22083e6 Compare December 12, 2024 22:34
@renovate renovate bot force-pushed the renovate/github-actions branch from 22083e6 to e9e4e12 Compare December 13, 2024 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants