Skip to content

Commit 7746084

Browse files
ci(deps): bump the actions-routine group across 1 directory with 6 updates
Bumps the actions-routine group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.1.0` | `6.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `4.1.0` | `4.1.1` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` | Updates `docker/metadata-action` from 6.1.0 to 6.2.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@80c7e94...dc80280) Updates `docker/build-push-action` from 7.2.0 to 7.3.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@f9f3042...53b7df9) Updates `docker/login-action` from 4.2.0 to 4.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@650006c...af1e73f) Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@a2bbfa2...0f67c3f) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) Updates `actions/cache` from 5.0.5 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@27d5ce7...55cc834) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: docker/build-push-action dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: docker/login-action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: actions/attest-build-provenance dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-routine - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-routine ... Signed-off-by: dependabot[bot] <support@github.com>
1 parent 49d87bb commit 7746084

2 files changed

Lines changed: 14 additions & 14 deletions

File tree

.github/workflows/build.yaml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -383,7 +383,7 @@ jobs:
383383
- name: Extract metadata (PR)
384384
id: meta-pr
385385
if: github.event_name == 'pull_request'
386-
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
386+
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0
387387
with:
388388
images: ghcr.io/${{ matrix.variant.image-repository }}
389389
tags: |
@@ -395,7 +395,7 @@ jobs:
395395
- name: Extract metadata (push to main)
396396
id: meta-main
397397
if: github.event_name == 'push'
398-
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
398+
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0
399399
with:
400400
images: ghcr.io/${{ matrix.variant.image-repository }}
401401
tags: |
@@ -409,7 +409,7 @@ jobs:
409409
- name: Extract metadata (release)
410410
id: meta-release
411411
if: github.event_name == 'release'
412-
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
412+
uses: docker/metadata-action@dc802804100637a589fabce1cb79ff13a1411302 # v6.2.0
413413
with:
414414
images: ghcr.io/${{ matrix.variant.image-repository }}
415415
tags: |
@@ -424,7 +424,7 @@ jobs:
424424
425425
- name: Build and push Docker image (${{ matrix.variant.name }})
426426
id: docker_build
427-
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
427+
uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0
428428
with:
429429
context: .
430430
file: ${{ matrix.variant.dockerfile }}
@@ -510,14 +510,14 @@ jobs:
510510
digest: ${{ needs.docker.outputs.digest-distroless }}
511511
steps:
512512
- name: Log in to GHCR
513-
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
513+
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
514514
with:
515515
registry: ghcr.io
516516
username: ${{ github.actor }}
517517
password: ${{ secrets.GITHUB_TOKEN }}
518518

519519
- name: Attest ${{ matrix.variant.name }} image provenance
520-
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
520+
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
521521
with:
522522
subject-name: ghcr.io/${{ matrix.variant.image-repository }}
523523
subject-digest: ${{ matrix.variant.digest }}
@@ -553,7 +553,7 @@ jobs:
553553
image-repository: ${{ needs.extract-version.outputs.image-repository-distroless }}
554554
steps:
555555
- name: Log in to GHCR
556-
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
556+
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
557557
with:
558558
registry: ghcr.io
559559
username: ${{ github.actor }}
@@ -910,7 +910,7 @@ jobs:
910910
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
911911

912912
- name: Log in to GHCR (for cosign attest)
913-
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
913+
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
914914
with:
915915
registry: ghcr.io
916916
username: ${{ github.actor }}
@@ -939,7 +939,7 @@ jobs:
939939
# the attestation links to the release tag.
940940
- name: Attest OpenVEX build provenance
941941
if: github.event_name == 'release'
942-
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
942+
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
943943
id: attest-vex
944944
with:
945945
subject-path: vex.openvex.json
@@ -1102,7 +1102,7 @@ jobs:
11021102
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
11031103

11041104
- name: Log in to GHCR
1105-
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
1105+
uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
11061106
with:
11071107
registry: ghcr.io
11081108
username: ${{ github.actor }}
@@ -1212,7 +1212,7 @@ jobs:
12121212
artifact-path: artifacts/${{ matrix.platform.artifact_name }}/${{ matrix.platform.artifact_name }}.tar.gz
12131213

12141214
- name: Attest binary tarball provenance
1215-
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
1215+
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373 # v4.1.1
12161216
with:
12171217
subject-path: artifacts/${{ matrix.platform.artifact_name }}/${{ matrix.platform.artifact_name }}.tar.gz
12181218

.github/workflows/docs.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ jobs:
112112
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable (moving ref — re-pin quarterly)
113113

114114
- name: Set up Python
115-
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
115+
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
116116
with:
117117
python-version: '3.11'
118118

@@ -133,7 +133,7 @@ jobs:
133133
poetry config virtualenvs.in-project true
134134
135135
- name: Cache Poetry dependencies
136-
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
136+
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
137137
with:
138138
path: docs/.venv
139139
key: ${{ runner.os }}-poetry-${{ hashFiles('docs/pyproject.toml') }}
@@ -146,7 +146,7 @@ jobs:
146146
poetry install --no-interaction --no-ansi
147147
148148
- name: Cache cargo build
149-
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
149+
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
150150
with:
151151
path: |
152152
~/.cargo/registry

0 commit comments

Comments
 (0)