From bc980e2547cd7f1708cc74168fbf24fbdd31fd9a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Mar 2026 17:43:55 +0000 Subject: [PATCH] chore(deps): update all-ci-updates --- .github/actions/setup-caches/action.yaml | 4 ++-- .github/workflows/check-actions.yml | 2 +- .github/workflows/coverage.yml | 12 ++++++------ .github/workflows/docker-build.yml | 2 +- .github/workflows/docker-publish.yml | 4 ++-- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm-publish.yml | 2 +- .github/workflows/lint.yml | 4 ++-- .github/workflows/releaser.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- hack/distro/argocd/release.flux.yaml | 2 +- hack/distro/cert-manager/release.flux.yaml | 2 +- .../kube-prometheus-stack/release.flux.yaml | 2 +- hack/distro/monitoring/pyroscope/release.flux.yaml | 2 +- 14 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/actions/setup-caches/action.yaml b/.github/actions/setup-caches/action.yaml index 56c05e50..6620ebe6 100644 --- a/.github/actions/setup-caches/action.yaml +++ b/.github/actions/setup-caches/action.yaml @@ -9,11 +9,11 @@ inputs: runs: using: composite steps: - - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 with: path: ~/go/pkg/mod key: ${{ runner.os }}-go-pkg-mod-${{ hashFiles('**/go.sum') }}-${{ hashFiles('Makefile') }} - - uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 if: ${{ inputs.build-cache-key }} with: path: ~/.cache/go-build diff --git a/.github/workflows/check-actions.yml b/.github/workflows/check-actions.yml index 72819be5..d877b020 100644 --- a/.github/workflows/check-actions.yml +++ b/.github/workflows/check-actions.yml @@ -17,7 +17,7 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Ensure SHA pinned actions - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@d5d20e15f2736816ee0e001ba8b24b54d9ffcff4 # v5.0.0 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ca46236c6ce584ae24bc6283ba8dcf4b3ec8a066 # v5.0.4 with: # slsa-github-generator requires using a semver tag for reusable workflows. # See: https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 2441df08..bf85e44b 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -27,12 +27,12 @@ jobs: value: ${{ secrets.FOSSA_API_KEY }} - name: "Run FOSSA Scan" if: steps.checksecret.outputs.result == 'true' - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 + uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0 with: api-key: ${{ secrets.FOSSA_API_KEY }} - name: "Run FOSSA Test" if: steps.checksecret.outputs.result == 'true' - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 + uses: fossas/fossa-action@c414b9ad82eaad041e47a7cf62a4f02411f427a0 # v1.8.0 with: api-key: ${{ secrets.FOSSA_API_KEY }} run-tests: true @@ -48,11 +48,11 @@ jobs: steps: - name: Checkout Source uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' - name: Run Gosec Security Scanner - uses: securego/gosec@424fc4cd9c82ea0fd6bee9cd49c2db2c3cc0c93f # v2.22.11 + uses: securego/gosec@223e19b8856e00f02cc67804499a83f77e208f3c # v2.25.0 with: args: '-no-fail -fmt sarif -out gosec.sarif ./...' - name: Upload SARIF file @@ -65,7 +65,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' - name: Unit Test @@ -77,7 +77,7 @@ jobs: value: ${{ secrets.CODECOV_TOKEN }} - name: Upload Report to Codecov if: ${{ steps.checksecret.outputs.result == 'true' }} - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 + uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4 with: token: ${{ secrets.CODECOV_TOKEN }} slug: projectcapsule/capsule diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 1fa5f25d..a02bf315 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -28,7 +28,7 @@ jobs: - name: ko build run: VERSION=${{ github.sha }} make ko-build-all - name: Trivy Scan Image - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index cd6bbe60..bb18ea6c 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -28,7 +28,7 @@ jobs: with: build-cache-key: publish-images - name: Run Trivy vulnerability (Repo) - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1 + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 with: scan-type: 'fs' ignore-unfixed: true @@ -36,7 +36,7 @@ jobs: output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' - name: Install Cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: Publish Capsule id: publish-capsule uses: peak-scale/github-actions/make-ko-publish@a441cca016861c546ab7e065277e40ce41a3eb84 # v0.2.0 diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 6e31b432..822ae401 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -31,7 +31,7 @@ jobs: with: fetch-depth: 0 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' @@ -57,7 +57,7 @@ jobs: repository: ${{ github.event.client_payload.repo }} ref: ${{ github.event.client_payload.sha }} - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml index f0a87284..c4e28042 100644 --- a/.github/workflows/helm-publish.yml +++ b/.github/workflows/helm-publish.yml @@ -46,7 +46,7 @@ jobs: chart-digest: ${{ steps.helm_publish.outputs.digest }} steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: "Extract Version" id: extract_version run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7b97a05a..e5b2173b 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' - name: Generate manifests @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' - name: Run golangci-lint diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 54dd08ed..8339ce84 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -22,7 +22,7 @@ jobs: with: fetch-depth: 0 - name: Install Go - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version-file: 'go.mod' - name: Setup caches @@ -32,7 +32,7 @@ jobs: - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0 - uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 - name: Install Cosign - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: Run GoReleaser uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a2ff1a48..c6e1e392 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,6 +37,6 @@ jobs: path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@6bc82e05fd0ea64601dd4b465378bbcf57de0314 # v4.32.1 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: results.sarif diff --git a/hack/distro/argocd/release.flux.yaml b/hack/distro/argocd/release.flux.yaml index c96c4558..409d424f 100644 --- a/hack/distro/argocd/release.flux.yaml +++ b/hack/distro/argocd/release.flux.yaml @@ -13,7 +13,7 @@ spec: chart: spec: chart: argo-cd - version: "9.3.7" + version: "9.4.17" sourceRef: kind: HelmRepository name: argocd diff --git a/hack/distro/cert-manager/release.flux.yaml b/hack/distro/cert-manager/release.flux.yaml index e6630d25..7e61941d 100644 --- a/hack/distro/cert-manager/release.flux.yaml +++ b/hack/distro/cert-manager/release.flux.yaml @@ -13,7 +13,7 @@ spec: chart: spec: chart: cert-manager - version: "v1.19.3" + version: "v1.20.1" sourceRef: kind: HelmRepository name: cert-manager diff --git a/hack/distro/monitoring/kube-prometheus-stack/release.flux.yaml b/hack/distro/monitoring/kube-prometheus-stack/release.flux.yaml index 0ad78aa9..f108b14f 100644 --- a/hack/distro/monitoring/kube-prometheus-stack/release.flux.yaml +++ b/hack/distro/monitoring/kube-prometheus-stack/release.flux.yaml @@ -13,7 +13,7 @@ spec: chart: spec: chart: kube-prometheus-stack - version: "81.4.2" + version: "81.6.9" sourceRef: kind: HelmRepository name: kube-prometheus-stack diff --git a/hack/distro/monitoring/pyroscope/release.flux.yaml b/hack/distro/monitoring/pyroscope/release.flux.yaml index fd0a7504..a763c0c0 100644 --- a/hack/distro/monitoring/pyroscope/release.flux.yaml +++ b/hack/distro/monitoring/pyroscope/release.flux.yaml @@ -13,7 +13,7 @@ spec: chart: spec: chart: pyroscope - version: "1.18.1" + version: "1.19.2" sourceRef: kind: HelmRepository name: pyroscope