Bump the actions group with 2 updates (#2982)

dependabot[bot] · web-flow · commit c5163b20117c · 2026-02-17T16:30:41.000-05:00
Bumps the actions group with 2 updates: [chainguard-dev/actions](https://github.com/chainguard-dev/actions) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `chainguard-dev/actions` from 1.5.16 to 1.6.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chainguard-dev/actions/releases">chainguard-dev/actions's releases</a>.</em></p> <blockquote> <h2>v1.6.1</h2> <h2>What's Changed</h2> <ul> <li>[StepSecurity] Apply security best practices by <a href="https://github.com/stepsecurity-app"><code>@​stepsecurity-app</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/743">chainguard-dev/actions#743</a></li> <li>Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /melange-build by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/741">chainguard-dev/actions#741</a></li> <li>Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /wolfi-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/742">chainguard-dev/actions#742</a></li> <li>Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /inky-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/740">chainguard-dev/actions#740</a></li> <li>Bump chainguard-dev/actions from 1.5.16 to 1.6.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/737">chainguard-dev/actions#737</a></li> <li>Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /goimports by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/739">chainguard-dev/actions#739</a></li> <li>Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /gofmt by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/738">chainguard-dev/actions#738</a></li> <li>ensure OTEL_RESOURCE_ATTRIBUTES is set and surface more attributes by <a href="https://github.com/joshrwolf"><code>@​joshrwolf</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/744">chainguard-dev/actions#744</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/actions/compare/v1.6.0...v1.6.1">https://github.com/chainguard-dev/actions/compare/v1.6.0...v1.6.1</a></p> <h2>v1.6.0</h2> <h2>What's Changed</h2> <ul> <li>Bump chainguard-dev/actions from 1.5.15 to 1.5.16 in /melange-build by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/733">chainguard-dev/actions#733</a></li> <li>Bump chainguard-dev/actions from 1.5.15 to 1.5.16 in /wolfi-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/734">chainguard-dev/actions#734</a></li> <li>Bump chainguard-dev/actions from 1.5.15 to 1.5.16 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/728">chainguard-dev/actions#728</a></li> <li>Bump step-security/harden-runner from 2.14.1 to 2.14.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/729">chainguard-dev/actions#729</a></li> <li>Bump chainguard-dev/actions from 1.5.15 to 1.5.16 in /gofmt by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/730">chainguard-dev/actions#730</a></li> <li>Bump chainguard-dev/actions from 1.5.15 to 1.5.16 in /goimports by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/731">chainguard-dev/actions#731</a></li> <li>Bump chainguard-dev/actions from 1.5.15 to 1.5.16 in /inky-build-pkg by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/chainguard-dev/actions/pull/732">chainguard-dev/actions#732</a></li> <li>Add chainguard-install action. by <a href="https://github.com/wlynch"><code>@​wlynch</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/736">chainguard-dev/actions#736</a></li> <li>add otel-export action by <a href="https://github.com/joshrwolf"><code>@​joshrwolf</code></a> in <a href="https://redirect.github.com/chainguard-dev/actions/pull/735">chainguard-dev/actions#735</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chainguard-dev/actions/compare/v1.5.16...v1.6.0">https://github.com/chainguard-dev/actions/compare/v1.5.16...v1.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chainguard-dev/actions/commit/0cf1221da92242205c2d9f8a63add344ebd6b304"><code>0cf1221</code></a> ensure OTEL_RESOURCE_ATTRIBUTES is set and surface more attributes (<a href="https://redirect.github.com/chainguard-dev/actions/issues/744">#744</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/88f70f8cd86f2ab5e0dc1b40f94df0a56ba29db5"><code>88f70f8</code></a> Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /gofmt (<a href="https://redirect.github.com/chainguard-dev/actions/issues/738">#738</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/05114f41bc9d2bff2c77f6b126674cc21dc229b5"><code>05114f4</code></a> Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /goimports (<a href="https://redirect.github.com/chainguard-dev/actions/issues/739">#739</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/9e44dcc0d4dca08e7ffd6290f3db5240c00a34e0"><code>9e44dcc</code></a> Bump chainguard-dev/actions from 1.5.16 to 1.6.0 (<a href="https://redirect.github.com/chainguard-dev/actions/issues/737">#737</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/3937b8973b0c6dd6cabbbea6ed6e8ccd59d34223"><code>3937b89</code></a> Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /inky-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/740">#740</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/e32ca539a4ed284fa7c861282461f25440d939e5"><code>e32ca53</code></a> Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /melange-build (<a href="https://redirect.github.com/chainguard-dev/actions/issues/741">#741</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/514e021cb0d60c6bf01daa21dd107daf88d7fc3f"><code>514e021</code></a> Bump chainguard-dev/actions from 1.5.16 to 1.6.0 in /wolfi-build-pkg (<a href="https://redirect.github.com/chainguard-dev/actions/issues/742">#742</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/01b5b83ab9a9299979afc1c5e79c982ca7e60ea3"><code>01b5b83</code></a> [StepSecurity] Apply security best practices (<a href="https://redirect.github.com/chainguard-dev/actions/issues/743">#743</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/081e79ee578199ef583d4ca74edc376b50b9409c"><code>081e79e</code></a> add otel-export action (<a href="https://redirect.github.com/chainguard-dev/actions/issues/735">#735</a>)</li> <li><a href="https://github.com/chainguard-dev/actions/commit/c0f4465115618a6bcf812d037c97388c09cb9684"><code>c0f4465</code></a> Add chainguard-install action. (<a href="https://redirect.github.com/chainguard-dev/actions/issues/736">#736</a>)</li> <li>Additional commits viewable in <a href="https://github.com/chainguard-dev/actions/compare/eba358c567c5b091e34187d905258baebdd2a4ec...0cf1221da92242205c2d9f8a63add344ebd6b304">compare view</a></li> </ul> </details> <br /> Updates `docker/build-push-action` from 6.18.0 to 6.19.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v6.19.2</h2> <ul> <li>Preserve port in <code>GIT_AUTH_TOKEN</code> host by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1458">docker/build-push-action#1458</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.19.1...v6.19.2">https://github.com/docker/build-push-action/compare/v6.19.1...v6.19.2</a></p> <h2>v6.19.1</h2> <ul> <li>Derive <code>GIT_AUTH_TOKEN</code> host from GitHub server URL by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1456">docker/build-push-action#1456</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.19.0...v6.19.1">https://github.com/docker/build-push-action/compare/v6.19.0...v6.19.1</a></p> <h2>v6.19.0</h2> <ul> <li>Scope default git auth token to <code>github.com</code> by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1451">docker/build-push-action#1451</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/build-push-action/pull/1396">docker/build-push-action#1396</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/build-push-action/pull/1391">docker/build-push-action#1391</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/build-push-action/pull/1429">docker/build-push-action#1429</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/build-push-action/pull/1446">docker/build-push-action#1446</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/build-push-action/pull/1398">docker/build-push-action#1398</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1397">docker/build-push-action#1397</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.18.0...v6.19.0">https://github.com/docker/build-push-action/compare/v6.18.0...v6.19.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/10e90e3645eae34f1e60eeb005ba3a3d33f178e8"><code>10e90e3</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1458">#1458</a> from crazy-max/git-auth-port</li> <li><a href="https://github.com/docker/build-push-action/commit/5262538458b1dbba30c9bd737bd974c879110196"><code>5262538</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/cd130e45cb5599aef419bf8afd66b57ed9e6ef72"><code>cd130e4</code></a> preserve port in GIT_AUTH_TOKEN host</li> <li><a href="https://github.com/docker/build-push-action/commit/806c75105a1251cac8905df5dd4723b33174552c"><code>806c751</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1452">#1452</a> from crazy-max/update-yarn</li> <li><a href="https://github.com/docker/build-push-action/commit/601a80b39c9405e50806ae38af30926f9d957c47"><code>601a80b</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1456">#1456</a> from crazy-max/auth-token-dyn-host</li> <li><a href="https://github.com/docker/build-push-action/commit/8f7fd7c8c7c3eb0de00d0ddff2fc40be6ec64bf1"><code>8f7fd7c</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/710e33547432c0d28271c6786a7c5d06b2d47adc"><code>710e335</code></a> derive GIT_AUTH_TOKEN host from GitHub server URL</li> <li><a href="https://github.com/docker/build-push-action/commit/c4ca8486a6a47db97a23379a9c7a9c0e86a954c1"><code>c4ca848</code></a> update yarn to 4.9.2</li> <li><a href="https://github.com/docker/build-push-action/commit/ee4ca427a2f43b6a16632044ca514c076267da23"><code>ee4ca42</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1398">#1398</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li><a href="https://github.com/docker/build-push-action/commit/f1b3bb51af7f5b69b537668d0e140572a5e992d0"><code>f1b3bb5</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/263435318d21b8e681c14492fe198d362a7d2c83...10e90e3645eae34f1e60eeb005ba3a3d33f178e8">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/autodocs-platform.yaml b/.github/workflows/autodocs-platform.yaml
@@ -30,7 +30,7 @@ jobs:
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: 'Setup gitsign'
-      uses: chainguard-dev/actions/setup-gitsign@eba358c567c5b091e34187d905258baebdd2a4ec # v1.5.16
+      uses: chainguard-dev/actions/setup-gitsign@0cf1221da92242205c2d9f8a63add344ebd6b304 # v1.6.1
 
     - name: Authenticate to Google Cloud
       id: auth
diff --git a/.github/workflows/cloud-run.yaml b/.github/workflows/cloud-run.yaml
@@ -69,7 +69,7 @@ jobs:
         registry: '${{ secrets.REGISTRY_URL }}'
 
     - name: Build and push
-      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
       with:
         context: .
         push: true
