Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update github-actions #142

Merged
merged 2 commits into from
Oct 7, 2023
Merged

chore(deps): update github-actions #142

merged 2 commits into from
Oct 7, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 1, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/cache action patch v3.3.1 -> v3.3.2
actions/checkout action minor v3.5.2 -> v3.6.0
actions/checkout action digest 8e5e7e5 -> f43a0e5
actions/setup-java action digest 5ffc13f -> cd89f46
actions/setup-python action minor v4.6.1 -> v4.7.1
actions/upload-artifact action patch v3.1.2 -> v3.1.3
amannn/action-semantic-pull-request action minor v5.2.0 -> v5.3.0
aquasecurity/trivy-action action minor 0.10.0 -> 0.12.0
docker/build-push-action action minor v4.0.0 -> v4.2.1
docker/login-action action digest f4ef78c -> 465a078
docker/metadata-action action digest c4ee3ad -> 818d4b7
docker/setup-buildx-action action minor v2.5.0 -> v2.10.0
ghcr.io/chgl/kube-powertools container minor v2.1.28 -> v2.2.7
ghcr.io/miracum/ig-build-tools container patch v2.0.4 -> v2.0.9
github/codeql-action action minor v2.3.6 -> v2.22.0
github/codeql-action action digest 83f0fe6 -> 2cb752a
google-github-actions/release-please-action action patch v3.7.9 -> v3.7.12
gradle/wrapper-validation-action action minor v1.0.6 -> v1.1.0
helm/kind-action action minor v1.7.0 -> v1.8.0
ossf/scorecard-action action minor v2.2.0 -> v2.3.0
sigstore/cosign-installer action minor v3.0.5 -> v3.1.2
slsa-framework/slsa-github-generator action minor v1.6.0 -> v1.9.0

Release Notes

actions/cache (actions/cache)

v3.3.2

Compare Source

What's Changed
New Contributors

Full Changelog: actions/cache@v3...v3.3.2

actions/checkout (actions/checkout)

v3.6.0

Compare Source

v3.5.3

Compare Source

actions/setup-python (actions/setup-python)

v4.7.1

Compare Source

What's Changed

Full Changelog: actions/setup-python@v4...v4.7.1

v4.7.0

Compare Source

In scope of this release, the support for reading python version from pyproject.toml was added (https://github.com/actions/setup-python/pull/669).

      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version-file: pyproject.toml
Besides, it includes such changes as:

New Contributors

Full Changelog: actions/setup-python@v4...v4.7.0

actions/upload-artifact (actions/upload-artifact)

v3.1.3

Compare Source

What's Changed

Full Changelog: actions/upload-artifact@v3...v3.1.3

amannn/action-semantic-pull-request (amannn/action-semantic-pull-request)

v5.3.0

Compare Source

Features
aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.12.0

Compare Source

What's Changed
New Contributors

Full Changelog: aquasecurity/trivy-action@0.11.2...0.12.0

v0.11.2

Compare Source

Full Changelog: aquasecurity/trivy-action@0.11.1...0.11.2

v0.11.1

Compare Source

What's Changed

Full Changelog: aquasecurity/trivy-action@0.11.0...0.11.1

v0.11.0

Compare Source

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@0.10.0...0.11.0

docker/build-push-action (docker/build-push-action)

v4.2.1

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

v4.1.1

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v4.1.0...v4.1.1

v4.1.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v4.0.0...v4.1.0

docker/setup-buildx-action (docker/setup-buildx-action)

v2.10.0

Compare Source

What's Changed

Full Changelog: docker/setup-buildx-action@v2.9.1...v2.10.0

v2.9.1

Compare Source

Full Changelog: docker/setup-buildx-action@v2.9.0...v2.9.1

v2.9.0

Compare Source

Full Changelog: docker/setup-buildx-action@v2.8.0...v2.9.0

v2.8.0

Compare Source

Full Changelog: docker/setup-buildx-action@v2.7.0...v2.8.0

v2.7.0

Compare Source

Full Changelog: docker/setup-buildx-action@v2.6.0...v2.7.0

v2.6.0

Compare Source

Full Changelog: docker/setup-buildx-action@v2.5.0...v2.6.0

chgl/kube-powertools (ghcr.io/chgl/kube-powertools)

v2.2.7

Compare Source

Miscellaneous Chores
  • deps: update all non-major dependencies (1d65299)

v2.2.6

Compare Source

Miscellaneous Chores
  • deps: update docker.io/nginxinc/nginx-unprivileged:1.25.2 docker digest to fe07657 (a37be67)

v2.2.5

Compare Source

Miscellaneous Chores
  • deps: update github/codeql-action action to v2.21.9 (9a68e0d)

v2.2.4

Compare Source

Miscellaneous Chores

v2.2.3

Compare Source

Miscellaneous Chores
  • deps: update docker.io/nginxinc/nginx-unprivileged:1.25.2 docker digest to 436017b (5823d58)

v2.2.2

Compare Source

Bug Fixes
  • changelog generation breaks if no annotations are defined (#​351) (a67e1e7)

v2.2.1

Compare Source

Miscellaneous Chores

v2.2.0

Compare Source

Features

v2.1.33

Compare Source

Miscellaneous Chores

v2.1.32

Compare Source

Miscellaneous Chores
  • deps: update docker.io/nginxinc/nginx-unprivileged:1.25.2 docker digest to acdde1b (bdc0fed)

v2.1.31

Compare Source

Miscellaneous Chores

v2.1.30

Compare Source

Miscellaneous Chores
  • deps: update all non-major dependencies (cb687f1)

v2.1.29

Compare Source

Miscellaneous Chores
  • deps: update docker.io/nginxinc/nginx-unprivileged:1.25.2 docker digest to 23f009b (ccb8beb)
miracum/ig-build-tools (ghcr.io/miracum/ig-build-tools)

v2.0.9

Compare Source

Miscellaneous Chores
  • deps: update dependency hl7/fhir-ig-publisher to v1.4.2 (963733e)

v2.0.8

Compare Source

Miscellaneous Chores
  • deps: update github-actions (dd82fc4)

v2.0.7

Compare Source

CI/CD
  • fix tag for semantic release (94eff77)
Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to fa8625d (9b0d4a4)

v2.0.6

Compare Source

Miscellaneous Chores
  • deps: update github-actions (f3d1d61)

v2.0.5

Compare Source

Miscellaneous Chores
  • deps: update docker.io/library/eclipse-temurin:11-jre docker digest to 996b126 (102fbed)
github/codeql-action (github/codeql-action)

v2.22.0

Compare Source

v2.21.9

Compare Source

v2.21.8

Compare Source

v2.21.7

Compare Source

v2.21.6

Compare Source

v2.21.5

Compare Source

v2.21.4

Compare Source

v2.21.3

Compare Source

v2.21.2

Compare Source

v2.21.1

Compare Source

v2.21.0

Compare Source

v2.20.4

Compare Source

v2.20.3

Compare Source

v2.20.2

Compare Source

v2.20.1

Compare Source

v2.20.0

Compare Source

google-github-actions/release-please-action (google-github-actions/release-please-action)

v3.7.12

Compare Source

Bug Fixes

v3.7.11

Compare Source

Bug Fixes

v3.7.10

Compare Source

Bug Fixes
gradle/wrapper-validation-action (gradle/wrapper-validation-action)

v1.1.0

Compare Source

The action now adds the path of the failed wrapper Jar as a failed-wrapper Step output parameter.
This makes the value available for reporting in later Steps/Jobs.

helm/kind-action (helm/kind-action)

v1.8.0

Compare Source

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1.7.0...v1.8.0

ossf/scorecard-action (ossf/scorecard-action)

v2.3.0

Compare Source

sigstore/cosign-installer (sigstore/cosign-installer)

v3.1.2

Compare Source

What's Changed

New Contributors

Full Changelog: sigstore/cosign-installer@v3...v3.1.2

v3.1.1

Compare Source

What's Changed

Full Changelog: sigstore/cosign-installer@v3.1.0...v3.1.1

v3.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: sigstore/cosign-installer@v3.0.5...v3.1.0

slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)

v1.9.0

Compare Source

Release [v1.9.0] includes bug fixes and new features.

See the full change list.

v1.9.0: BYOB framework (beta)
  • New: A new framework to turn GitHub Actions into SLSA compliant builders.
v1.9.0: Maven builder (beta)
  • New: A Maven builder to build Java projects and publish to Maven central.
v1.9.0: Gradle builder (beta)
  • New: A Gradle builder to build Java projects and publish to Maven central.
v1.9.0: JReleaser builder

v1.8.0

Compare Source

Release [v1.8.0] includes bug fixes and new features.

See the full change list.

v1.8.0: Generic Generator
v1.8.0: Node.js Builder (beta)
  • Fixed: Publishing for non-scoped packages was fixed (See
    #​2359)
  • Fixed: Documentation was updated to clarify that the GitHub Actions
    deployment event is not supported.
  • Changed: The file extension for the generated provenance file was changed
    from .sigstore to .build.slsa in order to make it easier to identify
    provenance files regardless of file format.
  • Fixed: The publish action was fixed to address an issue with the package
    name when using Node 16.

v1.7.0

Compare Source

This release includes the first beta release of the
Container-based builder.
The Container-based builder provides a GitHub Actions reusable workflow that can
be used to invoke a container image with a user-specified command to generate an
artifact and SLSA Build L3 compliant provenance.

v1.7.0: Go builder
  • Added: A new
    go-version-file
    input was added. This allows you to specify a go.mod file in order to track
    which version of Go is used for your project.

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions
Copy link

github-actions bot commented Oct 1, 2023
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ ACTION actionlint 18 0 0.54s
✅ BASH bash-exec 4 0 0.06s
✅ BASH shellcheck 1 0 0.04s
✅ BASH shfmt 4 0 0.04s
⚠️ CSHARP csharpier 1 1 0.48s
⚠️ CSHARP dotnet-format 1 1 1.69s
✅ CSS stylelint 1 0 2.15s
✅ DOCKERFILE hadolint 4 0 0.2s
✅ EDITORCONFIG editorconfig-checker 374 0 3.21s
✅ ENV dotenv-linter 1 0 0.02s
✅ GROOVY npm-groovy-lint 7 0 12.4s
✅ HTML djlint 2 0 1.48s
✅ HTML htmlhint 2 0 0.56s
✅ JAVA checkstyle 59 0 7.6s
✅ JSON eslint-plugin-jsonc 29 0 7.47s
✅ JSON jsonlint 29 0 0.31s
✅ JSON prettier 29 0 4.27s
✅ JSON v8r 29 0 42.76s
⚠️ MARKDOWN markdownlint 22 117 1.61s
✅ PYTHON bandit 1 0 1.59s
✅ PYTHON black 1 0 1.0s
✅ PYTHON flake8 1 0 0.8s
✅ PYTHON isort 1 0 0.37s
✅ PYTHON mypy 1 0 7.48s
✅ PYTHON ruff 1 0 0.1s
✅ REPOSITORY checkov yes no 30.0s
✅ REPOSITORY gitleaks yes no 1.29s
✅ REPOSITORY git_diff yes no 0.13s
✅ REPOSITORY grype yes no 13.71s
✅ REPOSITORY kics yes no 78.66s
✅ REPOSITORY secretlint yes no 3.16s
✅ REPOSITORY syft yes no 1.3s
✅ REPOSITORY trivy yes no 24.57s
✅ REPOSITORY trivy-sbom yes no 2.01s
✅ REPOSITORY trufflehog yes no 11.96s
✅ SQL sql-lint 2 0 1.07s
✅ XML xmllint 3 0 0.01s
✅ YAML prettier 109 0 2.91s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

MegaLinter is graciously provided by OX Security

@renovate renovate bot force-pushed the renovate/github-actions branch 6 times, most recently from 3a335cc to c900bbf Compare October 6, 2023 22:10
@renovate renovate bot force-pushed the renovate/github-actions branch from c900bbf to facc8e4 Compare October 7, 2023 09:19
@chgl chgl force-pushed the renovate/github-actions branch from 7e97464 to 4fe90f8 Compare October 7, 2023 11:48
@renovate
Copy link
Contributor Author

renovate bot commented Oct 7, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@chgl chgl merged commit 64d574b into master Oct 7, 2023
25 checks passed
@miracum-bot miracum-bot mentioned this pull request Oct 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@chgl