build(deps): bump the ci group across 1 directory with 7 updates

Bumps the ci group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [korthout/backport-action](https://github.com/korthout/backport-action) | `3.1.0` | `3.2.0` | | [replicatedhq/replicated-actions](https://github.com/replicatedhq/replicated-actions) | `1.17.0` | `1.18.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.9` | `3.28.10` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.0` | `3.8.1` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.1.0` | `6.2.1` | Updates `korthout/backport-action` from 3.1.0 to 3.2.0 - [Release notes](https://github.com/korthout/backport-action/releases) - [Commits](be567af183...436145e922) Updates `replicatedhq/replicated-actions` from 1.17.0 to 1.18.0 - [Release notes](https://github.com/replicatedhq/replicated-actions/releases) - [Commits](c98ab3b979...01d922786d) Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](62b2cac7ed...f49aabe0b5) Updates `actions/upload-artifact` from 4.6.0 to 4.6.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](65c4c4a1dd...4cec3d8aa0) Updates `github/codeql-action` from 3.28.9 to 3.28.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](9e8d0789d4...b56ba49b26) Updates `sigstore/cosign-installer` from 3.8.0 to 3.8.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](c56c2d3e59...d7d6bc7722) Updates `goreleaser/goreleaser-action` from 6.1.0 to 6.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](9ed2f89a66...90a3faa9d0) --- updated-dependencies: - dependency-name: korthout/backport-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: replicatedhq/replicated-actions dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>
2 months ago · c6cab8028a
parent f0e8e84ee0
commit c6cab8028a
5 changed files with 15 additions and 15 deletions
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@ -20,7 +20,7 @@ jobs:
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Create backport PRs
-        uses: korthout/backport-action@be567af183754f6a5d831ae90f648954763f17f5 # v3.1.0
+        uses: korthout/backport-action@436145e922f9561fc5ea157ff406f21af2d6b363 # v3.2.0
        # xref: https://github.com/korthout/backport-action#inputs
        with:
          # Use token to allow workflows to be triggered for the created PR
--- a/.github/workflows/conformance.yaml
+++ b/.github/workflows/conformance.yaml
@ -107,7 +107,7 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
      - name: Create cluster
        id: create-cluster
-        uses: replicatedhq/replicated-actions/create-cluster@c98ab3b97925af5db9faf3f9676df7a9c6736985 # v1.17.0
+        uses: replicatedhq/replicated-actions/create-cluster@01d922786dc3bdda32cf190adab14b34065c28b4 # v1.18.0
        with:
          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
          kubernetes-distribution: "k3s"
@ -151,7 +151,7 @@ jobs:
          kubectl delete ns flux-system --wait
      - name: Delete cluster
        if: ${{ always() }}
-        uses: replicatedhq/replicated-actions/remove-cluster@c98ab3b97925af5db9faf3f9676df7a9c6736985 # v1.17.0
+        uses: replicatedhq/replicated-actions/remove-cluster@01d922786dc3bdda32cf190adab14b34065c28b4 # v1.18.0
        continue-on-error: true
        with:
          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
@ -200,7 +200,7 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITPROVIDER_BOT_TOKEN }}
      - name: Create cluster
        id: create-cluster
-        uses: replicatedhq/replicated-actions/create-cluster@c98ab3b97925af5db9faf3f9676df7a9c6736985 # v1.17.0
+        uses: replicatedhq/replicated-actions/create-cluster@01d922786dc3bdda32cf190adab14b34065c28b4 # v1.18.0
        with:
          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
          kubernetes-distribution: "openshift"
@ -242,7 +242,7 @@ jobs:
          kubectl delete ns flux-system --wait
      - name: Delete cluster
        if: ${{ always() }}
-        uses: replicatedhq/replicated-actions/remove-cluster@c98ab3b97925af5db9faf3f9676df7a9c6736985 # v1.17.0
+        uses: replicatedhq/replicated-actions/remove-cluster@01d922786dc3bdda32cf190adab14b34065c28b4 # v1.18.0
        continue-on-error: true
        with:
          api-token: ${{ secrets.REPLICATED_API_TOKEN }}
--- a/.github/workflows/ossf.yaml
+++ b/.github/workflows/ossf.yaml
@ -21,19 +21,19 @@ jobs:
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Run analysis
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
        with:
          results_file: results.sarif
          results_format: sarif
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          publish_results: true
      - name: Upload artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
        with:
          name: SARIF file
          path: results.sarif
          retention-days: 5
      - name: Upload SARIF results
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
        with:
          sarif_file: results.sarif
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -36,7 +36,7 @@ jobs:
      - name: Setup Syft
        uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
      - name: Setup Cosign
-        uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
+        uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
      - name: Setup Kustomize
        uses: fluxcd/pkg/actions/kustomize@c964ce7b91949ff4b5e3959db4f1d7bb2e029a49 # main
      - name: Login to GitHub Container Registry
@ -79,7 +79,7 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Run GoReleaser
        id: run-goreleaser
-        uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
+        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
        with:
          version: latest
          args: release --release-notes=output/notes.md --skip=validate
@ -155,7 +155,7 @@ jobs:
          --path="./flux-system" \
          --source=${{ github.repositoryUrl }} \
          --revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
-      - uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e # v3.8.0
+      - uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
      - name: Sign manifests
        env:
          COSIGN_EXPERIMENTAL: 1
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@ -54,7 +54,7 @@ jobs:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      - name: Upload result to GitHub Code Scanning
        continue-on-error: true
-        uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
        with:
          sarif_file: snyk.sarif

@ -74,13 +74,13 @@ jobs:
            **/go.sum
            **/go.mod
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
        with:
          languages: go
          # xref: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
          # xref: https://codeql.github.com/codeql-query-help/go/
          queries: security-and-quality
      - name: Autobuild
-        uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
+        uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10