Skip to content

chore(deps): bump mockall from 0.13.1 to 0.14.0 (#50) #127

chore(deps): bump mockall from 0.13.1 to 0.14.0 (#50)

chore(deps): bump mockall from 0.13.1 to 0.14.0 (#50) #127

Triggered via push May 3, 2026 11:19
Status Success
Total duration 12m 27s
Artifacts 20

build.yaml

on: push
🔐 Verify Signed Commits
7s
🔐 Verify Signed Commits
⚖️ Verify SPDX License Headers
5s
⚖️ Verify SPDX License Headers
🧾 Validate VEX Statements
0s
🧾 Validate VEX Statements
🛡️ Security Vulnerability Scan
21s
🛡️ Security Vulnerability Scan
🏗️ IaC Security Scan (Trivy config)
25s
🏗️ IaC Security Scan (Trivy config)
🧪 cargo-deny (License + Advisory + Sources)
20s
🧪 cargo-deny (License + Advisory + Sources)
🏷️ Extract Version Information
5s
🏷️ Extract Version Information
🎨 Check Formatting
0s
🎨 Check Formatting
Matrix: build
📦 Package Deployment Manifests
0s
📦 Package Deployment Manifests
📎 Clippy
0s
📎 Clippy
Matrix: ✍️ Sign Binary Artifacts
🔬 Generate SLSA Provenance Subjects
3s
🔬 Generate SLSA Provenance Subjects
Matrix: docker
🏛️ Generate SLSA Provenance  /  detect-env
4s
🏛️ Generate SLSA Provenance / detect-env
Matrix: grype-triage
Matrix: attest
🏛️ Generate SLSA Provenance  /  generator
18s
🏛️ Generate SLSA Provenance / generator
🤖 Auto-VEX (reachability)
2m 33s
🤖 Auto-VEX (reachability)
🤖 Auto-VEX (presence)
2m 14s
🤖 Auto-VEX (presence)
🏛️ Generate SLSA Provenance  /  upload-assets
🏛️ Generate SLSA Provenance / upload-assets
🧾 Assemble OpenVEX
17s
🧾 Assemble OpenVEX
🏛️ Generate SLSA Provenance  /  final
3s
🏛️ Generate SLSA Provenance / final
Matrix: grype
🚀 Upload Release Assets
0s
🚀 Upload Release Assets
Fit to window
Zoom out
Zoom in

Annotations

16 warnings
🛡️ Security Vulnerability Scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux ARM64
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🦀 Build - Linux x86_64
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🏛️ Generate SLSA Provenance / detect-env
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: slsa-framework/slsa-github-generator/.github/actions/detect-workflow-js@v2.1.0. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🏛️ Generate SLSA Provenance / generator
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: ./__BUILDER_CHECKOUT_DIR__/.github/actions/compute-sha256, ./__BUILDER_CHECKOUT_DIR__/.github/actions/privacy-check, actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683, actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34, actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🏛️ Generate SLSA Provenance / generator
Restore cache failed: Dependencies file is not found in /home/runner/work/5-spot/5-spot. Supported file pattern: go.sum
🧪 Test
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Distroless
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🐳 Build and Push Docker Image - Chainguard
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093, docker/login-action@v3, docker/setup-buildx-action@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Variables should be defined before their use: Dockerfile.chainguard#L40
UndefinedVar: Usage of undefined variable '$BASE_IMAGE' More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
🔏 Attest Docker Image - Chainguard
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Chainguard
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record
🔏 Attest Docker Image - Distroless
Please check that the "artifact-metadata:write" permission has been included
🔏 Attest Docker Image - Distroless
Failed to create storage record: Error: Failed to persist storage record: no artifacts found - https://docs.github.com/rest/orgs/artifact-metadata#create-artifact-metadata-storage-record
🤖 Auto-VEX (presence)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
🤖 Auto-VEX (reachability)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Artifacts

Produced during runtime
Name Size Digest
0.0.0-main.2026-05-03.127.intoto.jsonl Expired
10.8 KB
sha256:ad3bb10998ded2cffd3897cfb69f8cd47aca5b3f6b56901d592c1cbbd5960e05
5spot-linux-amd64 Expired
4.9 MB
sha256:ef51c58bbf6425e5ef18da731a6687f6062c678cec965262cdab65a1b74a7fe4
5spot-linux-amd64-signed
4.74 MB
sha256:07f8d2fca2b8fd67a056df70d072320de64c139294aa9adb9af36cd300ea8647
5spot-linux-arm64 Expired
4.73 MB
sha256:c6d45964668b0a689a854e6f53c59518a60702e658d687da24fdc6d848065332
5spot-linux-arm64-signed
4.49 MB
sha256:ac921b2c60d406c8a5e480d877cffc96833fbeece36ceabf8f071643d2167aa5
cargo-audit-report
416 Bytes
sha256:d841399eebf44ecf217192ceda690aaac6fe00498f76863f9dcf358d84467b84
docker-sbom-Chainguard
8.18 KB
sha256:de2e3c5fc812ce073c82233be42e18be5574677567175ba74a2da5797c69ed2f
docker-sbom-Distroless
106 KB
sha256:ae8f2aeea47b6d96e587ec3e1fe2c9ab57b5df77ba91dc4b32a40aa7c6eabbde
finos-5-spot_main-2026-05-03-distroless.cyclonedx.json
106 KB
sha256:a2f87971fd5104080fdc4e1b99a5e02a1362a068126bcddc3535b966b1ac3da6
finos-5-spot_main-2026-05-03.cyclonedx.json
8.21 KB
sha256:54aa462bd15c61dc97a00476e3197804f797c8e69838798b9ffcd68561b04bfa
finos~5-spot~LUHC6D.dockerbuild
72.2 KB
sha256:66a365554775d00227ba263e48ca92b422f017f9457d302c2ff0a4e3a2046a0e
finos~5-spot~QZSFAO.dockerbuild
107 KB
sha256:1a46118e080243c7c32666a6dab0a474aedb1fff332ef1dc4876831736d44585
grype-push-Chainguard-127
369 Bytes
sha256:2b586de04cdb1bf60e911d34be798e399119eacede1f065e21775ee34abe7eb9
grype-push-Distroless-127
3.71 KB
sha256:c9e53ba0a132777979427fd4f184f3cbf0b988be0a578d2f362709891197e0cd
grype-triage-Chainguard
4.7 KB
sha256:9bc1f25a99c0c940725f6c255f3bbff0bf431d2c70bd7c89939093a11226d01e
grype-triage-Distroless
12.5 KB
sha256:e7a9f3dfdb28bb966caeb2a401df017efef22290ef24da64d4b41fd07ec71f1e
openvex
1.41 KB
sha256:1f642935a100c57a01fc4b48f42f14674fca03994a55d06f96045f54a64caac5
vex-auto-presence
332 Bytes
sha256:a481fea6bc0cf938bc738a634018f8ae7fbf7f2fd59e38a875ae227a7184adc1
vex-auto-reachability
722 Bytes
sha256:fd0a06aa10d9fddb63ea3746a9e27c62eba57091e1f087e99090f4e73667fa99
vex-auto-reachability-evidence
1.2 KB
sha256:ca8fab3bf44e657570923994f782a91939e12b2ac88f7da4589dd273b80925d6