Skip to content

Commit 7fc5959

Browse files
ci(deps): bump the actions-routine group across 1 directory with 4 updates (#69)
Bumps the actions-routine group with 4 updates in the / directory: [docker/metadata-action](https://github.com/docker/metadata-action), [docker/build-push-action](https://github.com/docker/build-push-action), [docker/login-action](https://github.com/docker/login-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@bcafcac...f9f3042) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) Updates `github/codeql-action` from 4.35.5 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@9e0d7b8...7211b7c) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-routine ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 7a1451b commit 7fc5959

4 files changed

Lines changed: 14 additions & 14 deletions

File tree

.github/workflows/build.yaml

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -347,7 +347,7 @@ jobs:
347347
- name: Extract metadata (PR)
348348
id: meta-pr
349349
if: github.event_name == 'pull_request'
350-
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
350+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
351351
with:
352352
images: ghcr.io/${{ matrix.variant.image-repository }}
353353
tags: |
@@ -359,7 +359,7 @@ jobs:
359359
- name: Extract metadata (push to main)
360360
id: meta-main
361361
if: github.event_name == 'push'
362-
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
362+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
363363
with:
364364
images: ghcr.io/${{ matrix.variant.image-repository }}
365365
tags: |
@@ -373,7 +373,7 @@ jobs:
373373
- name: Extract metadata (release)
374374
id: meta-release
375375
if: github.event_name == 'release'
376-
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
376+
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
377377
with:
378378
images: ghcr.io/${{ matrix.variant.image-repository }}
379379
tags: |
@@ -388,7 +388,7 @@ jobs:
388388
389389
- name: Build and push Docker image (${{ matrix.variant.name }})
390390
id: docker_build
391-
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
391+
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
392392
with:
393393
context: .
394394
file: ${{ matrix.variant.dockerfile }}
@@ -474,7 +474,7 @@ jobs:
474474
digest: ${{ needs.docker.outputs.digest-distroless }}
475475
steps:
476476
- name: Log in to GHCR
477-
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
477+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
478478
with:
479479
registry: ghcr.io
480480
username: ${{ github.actor }}
@@ -517,7 +517,7 @@ jobs:
517517
image-repository: ${{ needs.extract-version.outputs.image-repository-distroless }}
518518
steps:
519519
- name: Log in to GHCR
520-
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
520+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
521521
with:
522522
registry: ghcr.io
523523
username: ${{ github.actor }}
@@ -874,7 +874,7 @@ jobs:
874874
uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
875875

876876
- name: Log in to GHCR (for cosign attest)
877-
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
877+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
878878
with:
879879
registry: ghcr.io
880880
username: ${{ github.actor }}
@@ -995,7 +995,7 @@ jobs:
995995
trivyignores: ./.trivyignore
996996

997997
- name: Upload Trivy IaC SARIF to Code Scanning
998-
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
998+
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
999999
with:
10001000
sarif_file: trivy-iac.sarif
10011001
category: trivy-iac
@@ -1066,7 +1066,7 @@ jobs:
10661066
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
10671067

10681068
- name: Log in to GHCR
1069-
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
1069+
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
10701070
with:
10711071
registry: ghcr.io
10721072
username: ${{ github.actor }}
@@ -1119,7 +1119,7 @@ jobs:
11191119
11201120
- name: Upload Grype SARIF to Code Scanning
11211121
if: always()
1122-
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
1122+
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
11231123
with:
11241124
sarif_file: grype-${{ github.event_name }}-${{ matrix.variant.name }}.sarif
11251125
category: grype-${{ github.event_name }}-${{ matrix.variant.name }}

.github/workflows/codeql.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,7 +72,7 @@ jobs:
7272
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
7373

7474
- name: Initialize CodeQL
75-
uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
75+
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
7676
with:
7777
languages: ${{ matrix.language }}
7878
build-mode: ${{ matrix.build-mode }}
@@ -81,6 +81,6 @@ jobs:
8181
config-file: ./.github/codeql/codeql-config.yml
8282

8383
- name: Perform CodeQL analysis
84-
uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
84+
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
8585
with:
8686
category: "/language:${{ matrix.language }}"

.github/workflows/sast.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ jobs:
4949
--error || true
5050
5151
- name: Upload Semgrep SARIF to Code Scanning
52-
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
52+
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
5353
with:
5454
sarif_file: semgrep.sarif
5555
category: semgrep

.github/workflows/scorecard.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,6 @@ jobs:
7676
# Upload the results to GitHub's code scanning dashboard (optional).
7777
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
7878
- name: "Upload to code-scanning"
79-
uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
79+
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
8080
with:
8181
sarif_file: results.sarif

0 commit comments

Comments
 (0)