🌱 Bump the github-actions group with 8 updates (#407)

Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.0` | `4.3.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.2.4` | `3.24.10` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `2` | `3` | | [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools) | `0.3.0` | `0.4.3` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `1` | `2` | | [actions/stale](https://github.com/actions/stale) | `8` | `9` | Updates `actions/upload-artifact` from 3.1.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](3cea537223...5d5d22a312) Updates `github/codeql-action` from 2.2.4 to 3.24.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](17573ee1cc...4355270be1) Updates `codecov/codecov-action` from 3 to 4 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3...v4) Updates `peter-evans/repository-dispatch` from 2 to 3 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/v2...v3) Updates `kubernetes-sigs/kubebuilder-release-tools` from 0.3.0 to 0.4.3 - [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases) - [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/kubebuilder-release-tools/compare/v0.3.0...v0.4.3) Updates `actions/setup-python` from 4 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4...v5) Updates `softprops/action-gh-release` from 1 to 2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2) Updates `actions/stale` from 8 to 9 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v8...v9) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/repository-dispatch dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: kubernetes-sigs/kubebuilder-release-tools dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-14 18:09:57 +00:00 · 2024-04-08 10:30:27 +00:00
parent 6204f8f633
commit 4f8ef10542
6 changed files with 9 additions and 9 deletions
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -59,7 +59,7 @@ jobs:
      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
      # format to the repository Actions tab.
      - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
        with:
          name: SARIF file
          path: results.sarif
@@ -67,6 +67,6 @@ jobs:

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
        with:
          sarif_file: results.sarif
--- a/.github/workflows/post.yml
+++ b/.github/workflows/post.yml
@@ -33,7 +33,7 @@ jobs:
      - name: unit
        run: make test
      - name: report coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
        with:
          files: ./coverage.out
          flags: unit
@@ -139,7 +139,7 @@ jobs:
    name: trigger clusteradm e2e
    runs-on: ubuntu-latest
    steps:
-      - uses: peter-evans/repository-dispatch@v2
+      - uses: peter-evans/repository-dispatch@v3
        with:
          token: ${{ secrets.OCM_BOT_PAT }}
          repository: open-cluster-management-io/clusteradm
--- a/.github/workflows/pr-verify.yml
+++ b/.github/workflows/pr-verify.yml
@@ -21,6 +21,6 @@ jobs:
    steps:
      - name: Verifier action
        id: verifier
-        uses: kubernetes-sigs/kubebuilder-release-tools@v0.3.0
+        uses: kubernetes-sigs/kubebuilder-release-tools@v0.4.3
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/pre.yml
+++ b/.github/workflows/pre.yml
@@ -63,7 +63,7 @@ jobs:
      - name: unit
        run: make test
      - name: report coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
        with:
          files: ./coverage.out
          flags: unit
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -50,7 +50,7 @@ jobs:
          fetch-depth: 1
          path: go/src/open-cluster-management.io/ocm
      - name: Set up Python 3.x
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
        with:
          # Semantic version range syntax or exact version of a Python version
          python-version: '3.x'
@@ -64,7 +64,7 @@ jobs:
          cat /home/runner/work/changelog.txt
      - name: publish release
        if: github.event_name != 'pull_request'
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
--- a/.github/workflows/stable.yaml
+++ b/.github/workflows/stable.yaml
@@ -15,7 +15,7 @@ jobs:
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v8
+      - uses: actions/stale@v9
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. After 14 days of inactivity, it will be closed. Remove the `stable` label to prevent this issue from being closed.'