From c3c7b0b9160b1f5082a17f3d6124166204fd5267 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 1 Mar 2025 02:00:56 +0000 Subject: [PATCH] chore(deps): update github actions monthly minor/patch --- .github/workflows/athenapdf-service-image.yaml | 12 ++++++------ .github/workflows/database-tools-image.yaml | 12 ++++++------ .github/workflows/docker-host-image.yaml | 12 ++++++------ .github/workflows/drush-alias-image.yaml | 12 ++++++------ .github/workflows/insights-scanner-image.yaml | 12 ++++++------ .github/workflows/logs-concentrator-image.yaml | 12 ++++++------ .github/workflows/logs-dispatcher-image.yaml | 12 ++++++------ .github/workflows/ossf-analysis.yaml | 4 ++-- 8 files changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/workflows/athenapdf-service-image.yaml b/.github/workflows/athenapdf-service-image.yaml index 186e82d..0c4f6d8 100644 --- a/.github/workflows/athenapdf-service-image.yaml +++ b/.github/workflows/athenapdf-service-image.yaml @@ -67,7 +67,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -87,10 +87,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -106,7 +106,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: athenapdf-service @@ -115,13 +115,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/athenapdf-service push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/athenapdf-service diff --git a/.github/workflows/database-tools-image.yaml b/.github/workflows/database-tools-image.yaml index e3e6471..2dd2e11 100644 --- a/.github/workflows/database-tools-image.yaml +++ b/.github/workflows/database-tools-image.yaml @@ -66,7 +66,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -86,10 +86,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: database-tools @@ -114,13 +114,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/database-tools push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/database-tools diff --git a/.github/workflows/docker-host-image.yaml b/.github/workflows/docker-host-image.yaml index f02a326..90d7190 100644 --- a/.github/workflows/docker-host-image.yaml +++ b/.github/workflows/docker-host-image.yaml @@ -66,7 +66,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -86,10 +86,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: docker-host @@ -114,13 +114,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/docker-host push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/docker-host diff --git a/.github/workflows/drush-alias-image.yaml b/.github/workflows/drush-alias-image.yaml index b37a369..0a09476 100644 --- a/.github/workflows/drush-alias-image.yaml +++ b/.github/workflows/drush-alias-image.yaml @@ -66,7 +66,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -86,10 +86,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: drush-alias @@ -114,13 +114,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/drush-alias push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/drush-alias diff --git a/.github/workflows/insights-scanner-image.yaml b/.github/workflows/insights-scanner-image.yaml index ef27f97..d6ce104 100644 --- a/.github/workflows/insights-scanner-image.yaml +++ b/.github/workflows/insights-scanner-image.yaml @@ -66,7 +66,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -86,10 +86,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: insights-scanner @@ -114,13 +114,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/insights-scanner push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/insights-scanner diff --git a/.github/workflows/logs-concentrator-image.yaml b/.github/workflows/logs-concentrator-image.yaml index 806d143..d35b6aa 100644 --- a/.github/workflows/logs-concentrator-image.yaml +++ b/.github/workflows/logs-concentrator-image.yaml @@ -66,7 +66,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -86,10 +86,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: logs-concentrator @@ -114,13 +114,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/logs-concentrator push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/logs-concentrator diff --git a/.github/workflows/logs-dispatcher-image.yaml b/.github/workflows/logs-dispatcher-image.yaml index bc3bae1..b62aff5 100644 --- a/.github/workflows/logs-dispatcher-image.yaml +++ b/.github/workflows/logs-dispatcher-image.yaml @@ -66,7 +66,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 with: # list of Docker images to use as base name for tags images: | @@ -86,10 +86,10 @@ jobs: type=ref,event=branch - name: Set up QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3 + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Login to DockerHub uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 @@ -105,7 +105,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 id: build-and-push with: context: logs-dispatcher @@ -114,13 +114,13 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - name: Attest dockerhub image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: index.docker.io/${{ github.repository_owner }}/logs-dispatcher push-to-registry: true - name: Attest ghcr image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-digest: ${{steps.build-and-push.outputs.digest}} subject-name: ghcr.io/${{ github.repository_owner }}/logs-dispatcher diff --git a/.github/workflows/ossf-analysis.yaml b/.github/workflows/ossf-analysis.yaml index 76e04b3..1225a1a 100644 --- a/.github/workflows/ossf-analysis.yaml +++ b/.github/workflows/ossf-analysis.yaml @@ -16,7 +16,7 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run analysis - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 with: results_file: results.sarif results_format: sarif @@ -26,6 +26,6 @@ jobs: # of the value entered here. publish_results: true - name: Upload SARIF results to code scanning - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10 with: sarif_file: results.sarif