From d07d01e5311a31319c63df716b84e9da77c2ff66 Mon Sep 17 00:00:00 2001 From: "cluster-stack-bot[bot]" <143188378+cluster-stack-bot[bot]@users.noreply.github.com> Date: Sat, 13 Sep 2025 11:17:13 +0000 Subject: [PATCH] :seedling: Update github-actions group | datasource | package | from | to | | --------------- | ------------------------- | ------ | ------- | | github-tags | actions/checkout | v4.2.2 | v4.3.0 | | github-tags | docker/login-action | v3.4.0 | v3.5.0 | | github-tags | docker/metadata-action | v5.7.0 | v5.8.0 | | github-releases | actions/go-versions | 1.24.7 | 1.25.1 | | github-tags | sigstore/cosign-installer | v3.9.1 | v3.10.0 | --- .builder-image-version.txt | 2 +- .github/actions/metadata/action.yaml | 2 +- .github/actions/setup-go/action.yaml | 6 +++--- .github/workflows/build.yml | 6 +++--- .github/workflows/kubebuilder-markers-checker.yml | 2 +- .github/workflows/pr-lint.yml | 4 ++-- .github/workflows/pr-verify.yml | 2 +- .github/workflows/release.yml | 10 +++++----- .github/workflows/schedule-scan-image.yml | 4 ++-- .github/workflows/schedule-update-bot.yaml | 4 ++-- .github/workflows/test.yml | 2 +- 11 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.builder-image-version.txt b/.builder-image-version.txt index c5676407..73a29c94 100644 --- a/.builder-image-version.txt +++ b/.builder-image-version.txt @@ -1 +1 @@ -1.1.33 +1.1.34 diff --git a/.github/actions/metadata/action.yaml b/.github/actions/metadata/action.yaml index bac9663e..d2bc52a0 100644 --- a/.github/actions/metadata/action.yaml +++ b/.github/actions/metadata/action.yaml @@ -22,7 +22,7 @@ runs: steps: - name: Docker manager metadata id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} flavor: ${{ inputs.metadata_flavor }} diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index 8ce055b4..50b79f46 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -6,7 +6,7 @@ runs: - name: Install go uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 with: - go-version: "1.24" + go-version: "1.25" go-version-file: "go.mod" cache: true cache-dependency-path: go.sum @@ -16,14 +16,14 @@ runs: echo "::set-output name=go-build::$(go env GOCACHE)" echo "::set-output name=go-mod::$(go env GOMODCACHE)" - name: Go Mod Cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-mod }} key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go-mod- - name: Go Build Cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4 with: path: ${{ steps.go-cache-paths.outputs.go-build }} key: ${{ runner.os }}-go-build-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b7ed9ccd..a4937d56 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - uses: ./.github/actions/setup-go @@ -47,14 +47,14 @@ jobs: metadata_tags: ${{ env.metadata_tags }} - name: Login to ghcr.io for CI - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Setup Env run: | diff --git a/.github/workflows/kubebuilder-markers-checker.yml b/.github/workflows/kubebuilder-markers-checker.yml index 6ee3fb76..0239b71b 100644 --- a/.github/workflows/kubebuilder-markers-checker.yml +++ b/.github/workflows/kubebuilder-markers-checker.yml @@ -16,7 +16,7 @@ jobs: name: check for kubebuilder markers runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 # go is required for building controller-gen - uses: ./.github/actions/setup-go diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml index 78a016a0..e62fbc02 100644 --- a/.github/workflows/pr-lint.yml +++ b/.github/workflows/pr-lint.yml @@ -21,13 +21,13 @@ jobs: if: github.event_name != 'pull_request' || !github.event.pull_request.draft runs-on: ubuntu-latest container: - image: ghcr.io/sovereigncloudstack/cso-builder:1.1.33 + image: ghcr.io/sovereigncloudstack/cso-builder:1.1.34 credentials: username: ${{ github.actor }} password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index b1d706b9..0b6d3284 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -16,7 +16,7 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index acd57fb9..fea7bc43 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 - uses: ./.github/actions/setup-go @@ -37,14 +37,14 @@ jobs: metadata_tags: ${{ env.metadata_tags }} - name: Login to ghcr.io for CI - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Cosign - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1 + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: Install Bom shell: bash @@ -135,7 +135,7 @@ jobs: run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV - name: checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4 with: fetch-depth: 0 @@ -155,7 +155,7 @@ jobs: make release-notes - name: Release - uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2 + uses: softprops/action-gh-release@6cbd405e2c4e67a21c47fa9e383d020e4e28b836 # v2 with: draft: true files: out/* diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml index 2c86f3af..386428ac 100644 --- a/.github/workflows/schedule-scan-image.yml +++ b/.github/workflows/schedule-scan-image.yml @@ -9,13 +9,13 @@ jobs: name: Trivy runs-on: ubuntu-latest container: - image: ghcr.io/sovereigncloudstack/cso-builder:1.1.33 + image: ghcr.io/sovereigncloudstack/cso-builder:1.1.34 credentials: username: ${{ github.actor }} password: ${{ secrets.github_token }} steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fixup git permissions # https://github.com/actions/checkout/issues/766 shell: bash diff --git a/.github/workflows/schedule-update-bot.yaml b/.github/workflows/schedule-update-bot.yaml index 285a9738..749fe991 100644 --- a/.github/workflows/schedule-update-bot.yaml +++ b/.github/workflows/schedule-update-bot.yaml @@ -30,10 +30,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Generate Token - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2 id: generate-token with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2fa0e80e..a43eb5fe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: timeout-minutes: 10 steps: - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Coverage result name id: name run: |