From 73746ad88514e13c5754cb7a142261a53cb70210 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 25 Apr 2025 08:20:16 +0200 Subject: [PATCH] chore(deps): update all-ci-updates (#1418) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/coverage.yml | 2 +- .github/workflows/docker-publish.yml | 2 +- .github/workflows/helm-publish.yml | 2 +- .github/workflows/releaser.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index dca16a13..6ba0a043 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -77,7 +77,7 @@ jobs: value: ${{ secrets.CODECOV_TOKEN }} - name: Upload Report to Codecov if: ${{ steps.checksecret.outputs.result == 'true' }} - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0 + uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 with: token: ${{ secrets.CODECOV_TOKEN }} slug: projectcapsule/capsule diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index aa49dc86..a966d100 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -36,7 +36,7 @@ jobs: output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' - name: Install Cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 - name: Publish Capsule id: publish-capsule uses: peak-scale/github-actions/make-ko-publish@a441cca016861c546ab7e065277e40ce41a3eb84 # v0.2.0 diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index d8c7b335..826f330b 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -46,7 +46,7 @@ jobs: chart-digest: ${{ steps.helm_publish.outputs.digest }} steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + - uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 - name: "Extract Version" id: extract_version run: | diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 00f7f557..b4b5c4da 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -66,9 +66,9 @@ jobs: - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0 - uses: anchore/sbom-action/download-syft@5aeee89178a395035617e72a70928596d7ad2a85 - name: Install Cosign - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 + uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2 - name: download artifact - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 with: name: capsule-seccomp path: ./capsule-seccomp.json diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 53a8086a..030dcaa9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,6 +37,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: sarif_file: results.sarif