From a3d364705b2d49559a24394abd59380299b8425e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 11:26:46 +0000 Subject: [PATCH] build(deps): bump the github-actions group with 8 updates Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.2.0` | `6.4.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.1` | `4.1.2` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.0` | `5.0.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `7.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.17` | `4.35.5` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/setup-go` from 5.2.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `sigstore/cosign-installer` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003...6f9f17788090df1f26f669e9d70d6ae9567deba6) Updates `azure/setup-helm` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/v4.3.0...v5.0.0) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...4eaacf0543bb3f2c246792bd56e8cdeffafb205a) Updates `actions/upload-artifact` from 4.6.1 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `github/codeql-action` from 3.28.17 to 4.35.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/60168efe1c415ce0f5521ea06d5c2062adbeed1b...9e0d7b8d25671d64c341c19c0152d693099fb5ba) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/57a97c7e7821a5776cebc9bb87c984fa69cba8f1...ed142fd0673e97e23eac54620cfb913e5ce36c25) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: azure/setup-helm dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-push-common.yaml | 6 ++-- .github/workflows/helm-publish.yaml | 4 +-- .github/workflows/scorecard.yml | 8 ++--- .github/workflows/validate-common.yaml | 42 ++++++++++++------------ .github/workflows/validate-e2e.yaml | 4 +-- 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build-push-common.yaml b/.github/workflows/build-push-common.yaml index 4f2a565..c9ff99f 100644 --- a/.github/workflows/build-push-common.yaml +++ b/.github/workflows/build-push-common.yaml @@ -20,10 +20,10 @@ jobs: name: Publish Operator image runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true @@ -52,7 +52,7 @@ jobs: echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${REGISTRY}/${PROJECT}/intel-gpu-base-operator:${{ steps.gentag.outputs.TAG }})" >> $GITHUB_OUTPUT - name: Install cosign if: ${{ steps.gentag.outputs.TAG != 'devel' }} - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 #v4.1.1 + uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 #v4.1.2 - name: Keyless image sign if: ${{ steps.gentag.outputs.TAG != 'devel' }} run: | diff --git a/.github/workflows/helm-publish.yaml b/.github/workflows/helm-publish.yaml index db13cd3..2623f05 100644 --- a/.github/workflows/helm-publish.yaml +++ b/.github/workflows/helm-publish.yaml @@ -26,11 +26,11 @@ jobs: steps: - name: Git checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-tags: true - - uses: azure/setup-helm@v4.3.0 + - uses: azure/setup-helm@v5.0.0 - name: Log in to the Container registry uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 if: inputs.runner != 'self-hosted' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index aed7bba..0dd1485 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,25 +25,25 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 + uses: github/codeql-action/upload-sarif@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5 with: sarif_file: results.sarif diff --git a/.github/workflows/validate-common.yaml b/.github/workflows/validate-common.yaml index 6a1ffd0..f3c5020 100644 --- a/.github/workflows/validate-common.yaml +++ b/.github/workflows/validate-common.yaml @@ -18,10 +18,10 @@ jobs: name: Check generated files are in sync runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true @@ -32,10 +32,10 @@ jobs: name: Run lint runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true @@ -46,10 +46,10 @@ jobs: name: Build all runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true @@ -57,7 +57,7 @@ jobs: - run: make build - run: make docker-build - name: Run Trivy for operator image (json) - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 with: scan-type: image scan-ref: ghcr.io/intel/intel-gpu-base-operator:devel @@ -66,7 +66,7 @@ jobs: exit-code: 1 output: operator-image-vulnerabilities.json - name: Run Trivy for go.mod (json) - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 with: scan-type: fs scan-ref: go.mod @@ -78,7 +78,7 @@ jobs: - run: | cp .trivyignore.yaml trivyignore.yaml - name: Store image reports as artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: trivy-vulnerabilities path: | @@ -91,10 +91,10 @@ jobs: name: Run tests runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true @@ -107,10 +107,10 @@ jobs: name: Run golang verify runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true @@ -123,11 +123,11 @@ jobs: name: Run trivy dockerfile runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - name: Run Trivy for dockerfiles - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 with: scan-type: config scan-ref: build/ @@ -137,7 +137,7 @@ jobs: severity: CRITICAL,HIGH,MEDIUM - name: Run Trivy for dockerfiles (json) - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 if: always() with: scan-type: config @@ -150,7 +150,7 @@ jobs: - run: | cp .trivyignore.yaml trivyignore.yaml - name: Store dockerfile analysis report as artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: trivy-dockerfiles-json @@ -163,11 +163,11 @@ jobs: name: Run trivy deployments runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - name: Run Trivy for deployments - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 with: scan-type: config scan-ref: config/deployments @@ -176,7 +176,7 @@ jobs: exit-code: 1 severity: CRITICAL,HIGH,MEDIUM - name: Run Trivy for deployments (json) - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 if: always() with: scan-type: config @@ -189,7 +189,7 @@ jobs: - run: | cp .trivyignore.yaml trivyignore.yaml - name: Store vulnerability report as artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 if: always() with: name: trivy-deployments-json diff --git a/.github/workflows/validate-e2e.yaml b/.github/workflows/validate-e2e.yaml index 222717f..9823257 100644 --- a/.github/workflows/validate-e2e.yaml +++ b/.github/workflows/validate-e2e.yaml @@ -20,10 +20,10 @@ jobs: name: Run e2e with GPU HW runs-on: ${{ inputs.runner }} steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4 with: clean: true - - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5 with: go-version-file: go.mod check-latest: true